Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Metricbeat] Windows Module add wmi metricset #42017

Open
wants to merge 55 commits into
base: main
Choose a base branch
from

Conversation

herrBez
Copy link
Contributor

@herrBez herrBez commented Dec 12, 2024

Proposed commit message

[Metricbeat][Windows] Add experimental wmi metricset

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

This PR does not have impact to existing use-cases

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

As a windows user I want to leverage WMI (and in particular WQL, SQL for WMI) to extract detailed system information and metrics.

Screenshots

Logs

@herrBez herrBez self-assigned this Dec 12, 2024
@herrBez herrBez requested review from a team as code owners December 12, 2024 15:57
@herrBez herrBez requested review from faec and VihasMakwana December 12, 2024 15:57
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Dec 12, 2024
@botelastic
Copy link

botelastic bot commented Dec 12, 2024

This pull request doesn't have a Team:<team> label.

Copy link
Contributor

mergify bot commented Dec 12, 2024

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @herrBez? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-8./d is the label to automatically backport to the 8./d branch. /d is the digit

Copy link
Contributor

mergify bot commented Dec 12, 2024

backport-8.x has been added to help with the transition to the new branch 8.x.
If you don't need it please use backport-skip label and remove the backport-8.x label.

@mergify mergify bot added the backport-8.x Automated backport to the 8.x branch with mergify label Dec 12, 2024
@strawgate
Copy link
Contributor

One of the challenges with running arbitrary WMI queries is that WMI queries can be extremely slow and certain WMI queries can actually result in changes to the system -- have we considered whether or how we might provide timeout functionality for running WMI queries?

@herrBez
Copy link
Contributor Author

herrBez commented Dec 13, 2024

Hi, good points! Thank you for the comment :).

One of the challenges with running arbitrary WMI queries is that WMI queries can be extremely slow and certain WMI queries can actually result in changes to the system -- have we considered whether or how we might provide timeout functionality for running WMI queries?

About the timing issues: I don't see a parameter in the library to stop a query after X seconds (I would need to understand if the underlying library/WMI have a similar mechanism). Maybe by leveraging an ExecAsyncQuery (there is no "exposed" method for this) we can stop after a timeout. Similarly to what is done here: https://github.com/microsoft/wmi/blob/v0.25.0/pkg/wmiinstance/WmiEventSink_test.go#L66. Not sure it's actually stopping the underlying query after some time.

About the "can actually result in changes to the system": with the current implementation we can only build queries of type SELECT * FROM Class WHERE .... This should prevent changes to the system, right?

@herrBez herrBez requested a review from ishleenk17 December 24, 2024 15:22
@herrBez
Copy link
Contributor Author

herrBez commented Dec 24, 2024

Hi @ishleenk17, @tommyers-elastic , I implemented all changes we discussed offline and the dataset is ready for review.

I am having a very hard-time in making the CI/CD pipeline work. Could you help me shred some lights? In particular, I am not able to understand how to fix the error reported here https://github.com/elastic/beats/actions/runs/12483185235/job/34838540533?pr=42017.

@ishleenk17
Copy link
Contributor

@herrBez

  • To make this module part of the Agent, please add the module to agenbeat.spec.yml .
  • Please run make update BEATS=metricbeat in the beats directory.

@herrBez
Copy link
Contributor Author

herrBez commented Jan 2, 2025

Hi Ishleen, thank you for the help.

Please run make update BEATS=metricbeat in the beats directory.

I receive the error as part of the execution of the command and I don't understand how to fix it.

Copy link
Contributor

mergify bot commented Jan 2, 2025

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b wmi upstream/wmi
git merge upstream/main
git push upstream wmi

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport-8.x Automated backport to the 8.x branch with mergify needs_team Indicates that the issue/PR needs a Team:* label
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants