[Filebeat] Sort array fields in generated data

[legoguy1000]

What does this PR do?

Currently the array fields in generated data don't have any sorting or consistent ordering. This PR sorts any field that is a list/array when the generated data files are created.

Why is it important?

Whenever data files are generated, there are a large number of changes in the commit due to array fields changing order of the items even when the contents didn't actually change. This makes it very difficult to actually find what changed, if anything.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

• [ ]

How to test this PR locally

cd beats/filebeat
GENERATE=true TESTING_FILEBEAT_MODULES=<any module> mage -v pythonIntegTest

The generated data above should always come out the same and the list orders shouldn't change

Related issues

Use cases

Screenshots

Logs

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Build Cause: Pull request #25320 updated

• Start Time: 2021-05-13T00:09:56.302+0000

• Duration: 137 min 51 sec

• Commit: a018262

Test stats 🧪

Test	Results
Failed	0
Passed	13713
Skipped	2285
Total	15998

Trends 🧪

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test	Results
Failed	0
Passed	13713
Skipped	2285
Total	15998

[leehinman]

Thanks, this will make things more consistent.

[leehinman]

I'm a little worried about the last check to see if the first element is a dict, if any of the items in the list can't be compared to one another with "<" we will get a runtime error. What about switching to:

if isinstance(objects[k][key], list):
    objects[k][key].sort(key=str)

That will force string comparison for everything.

What do you think?

[legoguy1000]

I never thought about forcing everything to a string. That's a really interesting idea. I'll try that tomorrow.

[legoguy1000]

It seems to be working, but I'm running into an issue that I had before. When running the test against all the modules GENERATE=true mage -v pythonIntegTest, I end up with some errors below. Any thoughts?

[legoguy1000]

Things work fine when I do modules individually

[leehinman]

Weird. I'm not seeing those errors when I run your PR locally.

anything in the build/system-tests/run/<failed test name> directory? It looks like some documents got left in elasticsearch expected event.module=kafka but got redis.

Might need to clean out docker images and re-run the test.

[legoguy1000]

Ok, I'll schwack them and start clean

[legoguy1000]

still got the same error. This is what shows in the output.log file under build/system-tests/run/<failed test name>

2021-05-04T21:36:37.226-0200	INFO	instance/beat.go:651	Home path: [/go/src/github.com/elastic/beats/filebeat] Config path: [/go/src/github.com/elastic/beats/filebeat] Data path: [/go/src/github.com/elastic/beats/filebeat/data] Logs path: [/go/src/github.com/elastic/beats/filebeat/logs]
2021-05-04T21:36:37.237-0200	DEBUG	[beat]	instance/beat.go:704	Beat metadata path: /go/src/github.com/elastic/beats/filebeat/data/meta.json
2021-05-04T21:36:37.237-0200	INFO	instance/beat.go:659	Beat ID: 32ac6545-bf91-437e-8aa3-a64e3359883a
2021-05-04T21:36:37.238-0200	INFO	instance/beat.go:407	filebeat stopped.
2021-05-04T21:36:37.238-0200	ERROR	instance/beat.go:963	Exiting: data path already locked by another beat. Please make sure that multiple beats are not sharing the same data path (path.data).
Exiting: data path already locked by another beat. Please make sure that multiple beats are not sharing the same data path (path.data).
/go/src/github.com/elastic/beats/filebeat/filebeat.test -systemTest -e -d * -once -c /go/src/github.com/elastic/beats/filebeat/build/system-tests/run/test_modules.Test.test_fileset_file_076_elasticsearch/filebeat.yml -E setup.ilm.enabled=false -modules=elasticsearch -M elasticsearch.*.enabled=false -M elasticsearch.gc.enabled=true -M elasticsearch.gc.var.input=file -M elasticsearch.gc.var.paths=[/go/src/github.com/elastic/beats/filebeat/module/elasticsearch/gc/test/test.log] -M *.*.input.close_eof=true

[leehinman]

That looks like filebeat didn't exit before the next test of a module started.

I'm going to approve and see if we get the same errors with CI.

[legoguy1000]

ok, I still would like to have the generated data files updated so follow on PRs don't have to worry about the unrelated changes to the data files. So if you're able to run all the modules together and update the files, can you push those changes to the branch??

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b sort-generated-data-lists upstream/sort-generated-data-lists
git merge upstream/master
git push upstream sort-generated-data-lists

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b sort-generated-data-lists upstream/sort-generated-data-lists
git merge upstream/master
git push upstream sort-generated-data-lists

[legoguy1000]

@leehinman I was able to run all the filebeat modules successfully. Ready for CI tests.

[legoguy1000]

I ran it multiple times and no change in order of array fields.