Default Edge Delta Configuration
3 minute read
Overview
When you create a new Fleet, it includes a default pipeline configuration based on the options you select and the sources detected. This is an example of a default pipeline in a Kubernetes environment.
Nodes and Links
Inputs
ed_k8s_metrics
This node scrapes Kubernetes metrics. For more information, see the Kubernetes Metrics node.
k8s_traffic
This node ingests Kubernetes traffic metrics via eBPF. For more information, see the Kubernetes Traffic node.
k8s_event
This node is configured to ingest Kubernetes events from the cluster when there is a state change in a cluster resource. Events have the item.type=event attribute. It is connected to the Edge Delta Destination node which makes the events available in the Search tab on the Logs page with the search string: @item.type:event.
This form creates the following YAML configuration:
- name: k8s_event
type: k8s_event_input
report_interval: 1m0s
For more information, see the Kubernetes Event node documentation.
k8s_trace
The k8s_trace input node ingests eBPF traces for specific resources from the Linux kernel. See Kubernetes Trace Source for more information.
kubernetes_input
The Kubernetes input node allows you to specify which Kubernetes pods and namespaces the agent should monitor. This node is configured to include logs from all namespaces (k8s.namespace.name=.*) while excluding logs from pods named edgedelta (k8s.pod.name=edgedelta).
This form creates the following YAML configuration:
- name: kubernetes_input
type: kubernetes_input
include:
- k8s.namespace.name=.*
exclude:
- k8s.pod.name=edgedelta
For more information on configuring Kubernetes input nodes, see the Kubernetes Source Documentation. It is connected to the mask node using a link.
Diagnostic Inputs
There are multiple diagnostic nodes present in the default configuration but they are hidden by default. These are used predominantly to enable Edge Delta functionality.
ed_source_detection
This node autodetects your sources in the environment when the Fleet is deployed.
ed_component_health
The Component Health source node enables ingestion of health data of the components in the agent. It collects health data and it feeds the Edge Delta Destination node to enable agent diagnostics in the Edge Delta SaaS. It can also send this data to other destinations. See Component Health source node for more information.
ed_self_telemetry
The Self Telemetry source node enables ingestion of incoming and outgoing stats for pipelines. It is also connected to Edge Delta Destination, which populates data on the pipeline status page.
ed_system_stats
The System Statistics source node produces metrics based on the stats collected from the system at the core level. It feeds the Edge Delta Destination node, which sends systems metrics to the Edge Delta SaaS, and which are available in the Metrics Explorer page.
Processors
Log to Pattern
A log to pattern node named log_to_patterns is connected downstream to the mask_ssn node in the default configuration. It reports every minute to the edgedelta destination node with any patterns and samples detected on the edge.
Patterns and samples detected by this node on the edge, as well as any detected in post-processing on the backend, can be explored on the Patterns tab of the Logs page.
See Log to Pattern node for more information.
Outputs
The default configuration sends data to Edge Delta outputs:
Edge Delta Destination
The Edge Delta Destination node is used to send all pipeline data to the Edge Delta back end to power various functionalities including Log Search, metrics explorer, and pattern detection.