Agent v0.1.19

Enhancements and bug fixes; review the noteworthy updates.

  4 minute read  

March 21, 2022

While this agent release contains many enhancements and bug fixes, review the following noteworthy updates:

New Streaming Destination - GCP Cloud Monitoring In the Edge Delta App, GCP Cloud Monitoring is now a supported streaming output.

The GCP Cloud Monitoring output will stream custom Google Cloud metrics to a Cloud project.

In the app, you can use the visual editor or YAML file to add GCP Cloud Monitoring to an agent configuration.

GCP Cloud Monitoring was previously known as GCP Stackdriver.

New Flush Mode In the Edge Delta App, you can use the newly created custom_local_per_group flush mode to specify custom groups that should flush together if one of the groups triggers an alert.

In other words, if you set up multiple inputs, and one input triggers an alert, then all (or selected) inputs will flush.

agent_settings:
  tag: sett_test_custom
  log:
    level: debug
  capture_flush_mode: custom_local_per_group
  capture_flush_custom:
    label_grouping:
      group1:
        * file1
        * file2
      group2:
        * file1
        * file3

inputs:
  files:
    * labels: "file1"
      path: "test1.log"
    * labels: "file2"
      path: "test2.log"
    * labels: "file3"
      path: "test3.log"
    * labels: "file4"
      path: "test4.log"
outputs:
  streams:
    * name: sumo
      type: sumologic
      endpoint: "https://endpoint4.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV1ozOeONNQ8LuYTYUj7SaKgr6dt1ueSTOc6mMS2pQz9BM169sb8_UQs5IRaqaRcbpKdI4Tms9S5La9ZFRTL_bf-Ptf_I5ICXcQz2WEQg0fNfA=="
      features: alert
processors:
  regexes:
    * name: "error-regex"
      pattern: "error|ERROR|problem|ERR|Err|POST|hostname|GET"
      interval: 10s
      retention: 1h
      trigger_thresholds:
        upper_limit_per_interval: 3
workflows:
  error-anomaly-workflow:
    input_labels:
      * file1
      * file2
      * file3
      * file4
    processors:
      * error-regex
    destinations:
      * sumo

The following actions will take place:

If an alert is triggered for test1.log, then the file1, file2, and file3 sources will be flushed together. If an alert is triggered for test2.log, then the file1 and file2 sources will be flushed together. If an alert is triggered for test3.log, then the file1 and file3 sources will be flushed together. If an alert is triggered for test4.log, then the file4 source will be flushed. Since file4 was not specified in any group and a fallback_mode was not provided, the agent will use the default fallback_mode local_per_source and only flush file4. When fallback_mode: local_all is added, and alert is triggered for test4.log, then all sources will be flushed. To learn more about filters, see Agent Settings.

New Filter / Processor Type In the Edge Delta App, you can use the newly created buffered-elastic-apm filter / processor to process Elastic APM logs.

  * name: elastic_apm_trace_filter
    type: buffered-elastic-apm-processor

To learn more about processors, see Processors.

New Filter Type - base64 decoder In the Edge Delta App, you can use the newly created base64 decoder filter type to decode base64 encoding.

This update helps to support a base64 encoded input on Edge Delta’s hosted collector. In other words, you can attach this filter to a source to display logs that are base64 encoded.

  * name: base64_decoder
    type: base64-decode

To learn more about filters, see Filters.

New Monitor Types You can use the new Pattern Alert and Skyline Alert monitors to trigger an alert for negative patterns.

If an alert is triggered, then the monitor will create a finding.

To learn more, see Patterns.

New feature - Suppress Notifications In the Edge Delta App, you can use the newly created Finding Status option to suppress notifications for a specific finding.

When you suppress a finding, the finding will no longer be displayed in the Insights page. Additionally, any future detection of the finding will not be displayed.

To learn more, see Patterns.

New Filter Type - APM In the Edge Delta App, you can use the newly created APM filter to process Elastic APM logs.

This filter type samples failed and high-latency traces with successful traces and a sampling probability.


  * name: elastic_apm_trace_filter
    type: buffered-elastic-apm-processor
    payload_separator: "-----------------"
    enabled_types: "transaction,span,error,metricset"
    optimize_types: "transaction,span"
    trace_deadline: 1m
    should_filter_traces: true
    failure_path: "transaction.result"
    failure_value_pattern: "HTTP (4|5)xx"
    transaction_latency_path: "transaction.duration"
    span_latency_path: "span.duration"
    latency_threshold: 35.5
    success_sample_rate: 0.2

To learn more, see Filters.

March 24, 2022 - New Organizations Feature

In the Edge Delta App, you can now create and join different organizations for you and your users.

At a high level, organizations can be considered as different environments, platforms, or sub-accounts that live within your main Edge Delta account.

You can create and belong to multiple organizations, as well as invite users to join various organizations.

Additionally, you can switch between organizations without the need to log off and log back into the app.

To learn more, see Invite Users, Manage Permissions, Access Organizations.