Skip to content

feat(filebeat/cel): Allow OTLP explicit bucket histograms via env var#48731

Merged
andrewkroh merged 3 commits intoelastic:mainfrom
andrewkroh:cel-otel-histogram-aggregation
Feb 10, 2026
Merged

feat(filebeat/cel): Allow OTLP explicit bucket histograms via env var#48731
andrewkroh merged 3 commits intoelastic:mainfrom
andrewkroh:cel-otel-histogram-aggregation

Conversation

@andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Feb 6, 2026
edited
Loading

Proposed commit message

Currently, the CEL input forces OTLP exponential histograms, which are not
supported by all backends (e.g., APM Server).

This change allows users to configure the histogram aggregation using the
OTEL_EXPORTER_OTLP_METRICS_DEFAULT_HISTOGRAM_AGGREGATION environment variable.
Setting this to "explicit_bucket_histogram" will disable the forced
exponential histogram view, allowing the SDK to use explicit bucket histograms.

Closes #48730

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works. Where relevant, I have used the stresstest.sh script to run them under stress conditions and race detector to verify their stability.
  • I have added an entry in ./changelog/fragments using the changelog tool.

How to test this PR locally

Set the following environment variables when running Filebeat with a CEL input:

OTEL_METRICS_EXPORTER=console
OTEL_EXPORTER_OTLP_METRICS_DEFAULT_HISTOGRAM_AGGREGATION=explicit_bucket_histogram

Verify that the output histograms use explicit buckets (look for "BucketCounts" and "ExplicitBounds") instead of exponential buckets ("Scale", "PositiveBucket").

Related issues

Use cases

To be able to route histograms through APM server until such time we can migrate to mOTLP.

Screenshots

Logs
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Feb 6, 2026
@andrewkroh andrewkroh added backport-9.3 Automated backport to the 9.3 branch and removed needs_team Indicates that the issue/PR needs a Team:* label labels Feb 6, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 6, 2026

🤖 GitHub comments

Just comment with:

  • run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Feb 6, 2026
@andrewkroh andrewkroh added Filebeat Filebeat Team:Security-Service Integrations Security Service Integrations Team and removed needs_team Indicates that the issue/PR needs a Team:* label labels Feb 6, 2026
@andrewkroh andrewkroh marked this pull request as ready for review February 6, 2026 15:21
@andrewkroh andrewkroh requested a review from a team as a code owner February 6, 2026 15:21
@elasticmachine
Copy link
Contributor

elasticmachine commented Feb 6, 2026

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
@andrewkroh
filebeat: Allow OTLP explicit bucket histograms via env var
f3d5560 
Currently, the CEL input forces OTLP exponential histograms, which are not
supported by all backends (e.g., APM Server).

This change allows users to configure the histogram aggregation using the
OTEL_EXPORTER_OTLP_METRICS_DEFAULT_HISTOGRAM_AGGREGATION environment variable.
Setting this to "explicit_bucket_histogram" will disable the forced
exponential histogram view, allowing the SDK to use explicit bucket histograms.

Closes elastic#48730

Testing:

Set the following environment variables when running Filebeat with a CEL input:
OTEL_METRICS_EXPORTER=console
OTEL_EXPORTER_OTLP_METRICS_DEFAULT_HISTOGRAM_AGGREGATION=explicit_bucket_histogram

Verify that the output histograms use explicit buckets (look for "BucketCounts"
and "ExplicitBounds") instead of exponential buckets ("Scale", "PositiveBucket").
@andrewkroh andrewkroh force-pushed the cel-otel-histogram-aggregation branch from aad77a1 to f3d5560 Compare February 6, 2026 15:28
@andrewkroh andrewkroh changed the title feat(filebeat CEL): Allow OTLP explicit bucket histograms via env var Feb 6, 2026
efd6
efd6 reviewed Feb 8, 2026
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there somewhere that we can put user-facing documentation for this?
andrewkroh and others added 2 commits February 9, 2026 18:01
@andrewkroh @efd6
Apply efd6 suggestions from code review
96279df 
Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>
@andrewkroh
doc.go: document env var
cc594ac
@andrewkroh
Copy link
Member Author

andrewkroh commented Feb 9, 2026

Is there somewhere that we can put user-facing documentation for this?

I've documented the usage of the env var in the doc.go where the otel metrics are described.
@andrewkroh andrewkroh merged commit 648345c into elastic:main Feb 10, 2026
15 of 17 checks passed
mergify bot pushed a commit that referenced this pull request Feb 10, 2026
@andrewkroh @mergify
feat(filebeat/cel): Allow OTLP explicit bucket histograms via env var (
2d23c56 
…#48731)

Currently, the CEL input forces OTLP exponential histograms, which are not
supported by all backends (e.g., APM Server).

This change allows users to configure the histogram aggregation using the
OTEL_EXPORTER_OTLP_METRICS_DEFAULT_HISTOGRAM_AGGREGATION environment variable.
Setting this to "explicit_bucket_histogram" will disable the forced
exponential histogram view, allowing the SDK to use explicit bucket histograms.

Closes #48730

(cherry picked from commit 648345c)
@mergify mergify bot mentioned this pull request Feb 10, 2026
Merged
6 tasks
andrewkroh added a commit that referenced this pull request Feb 10, 2026
@mergify @andrewkroh
feat(filebeat/cel): Allow OTLP explicit bucket histograms via env var (
8a84937 
…#48731) (#48753)

Currently, the CEL input forces OTLP exponential histograms, which are not
supported by all backends (e.g., APM Server).

This change allows users to configure the histogram aggregation using the
OTEL_EXPORTER_OTLP_METRICS_DEFAULT_HISTOGRAM_AGGREGATION environment variable.
Setting this to "explicit_bucket_histogram" will disable the forced
exponential histogram view, allowing the SDK to use explicit bucket histograms.

Closes #48730

(cherry picked from commit 648345c)

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
@github-actions github-actions bot mentioned this pull request Feb 28, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport-9.3 Automated backport to the 9.3 branch Filebeat Filebeat Team:Security-Service Integrations Security Service Integrations Team

3 participants

@andrewkroh @elasticmachine @efd6