-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
websocket: new generic integration #9926
base: main
Are you sure you want to change the base?
Conversation
1. This makes the Filebeat Websocket input available as an integration package.
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
```yaml | ||
- type: websocket | ||
url: "ws://websocket-server.example.com/stream" | ||
headers: | ||
Cookie: "session_id=abcdef1234567890" | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not what the user will do AFAICS. I suggest that if you are using examples, use screen shots of the UI with values filled in. Though I think the standard textual approach should be fine so long as the relevant UI elements are described.
Also, this should show that the user will need to provide a CEL program to handle the messages. A minimal program that just passes the message unaltered to the output seems appropriate.
|
||
The WebSocket input will consume messages from the server as they are transmitted. These messages are expected to be in a format that Filebeat can process, such as JSON. If the message format is different, you may need to define a processor to parse and structure the data before it is sent to Elasticsearch. | ||
|
||
**NOTE**: The websocket input as of now does not support XML messages. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
**NOTE**: The websocket input as of now does not support XML messages. | |
**NOTE**: The websocket input does not support XML messages. |
Do we plan to change this? @ShourieG I don't see any reason in principle why we can't.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@efd6, yes we definitely want to support XML in future but need to establish how popular XLM over ws is. I have seen very few instances of this. So this is definitely possible but need to figure out an use case where such a model would come in use.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please go fmt
this code.
bytes(state.response).decode_json().as(inner_body,{ | ||
"events": inner_body, | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bytes(state.response).decode_json().as(inner_body,{ | |
"events": inner_body, | |
}) | |
bytes(state.response).decode_json().as(body, { | |
"events": body, | |
}) |
/test |
💔 Build Failed
Failed CI StepsHistory |
service: websocket-mock-service | ||
vars: | ||
url: ws://{{Hostname}}:{{Port}} | ||
program: | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we also add a more robust test scenario that demonstrates more CEL usage ?
@@ -0,0 +1,83 @@ | |||
format_version: 3.0.2 | |||
name: websocket | |||
title: Custom input using Websocket |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we adjust the title to ensure it aligns with our other custom packages. Title should be Custom Websocket logs
url: {{url}} | ||
|
||
program: {{escape_string program}} | ||
|
||
{{#if pipeline}} | ||
pipeline: {{pipeline}} | ||
{{/if}} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAICS not all configuration options supported by the input such as state
, redact.*
, regexp
, auth.*
are added. It would be nice to add all options to allow user to configure.
@@ -0,0 +1,34 @@ | |||
# WebSocket Input Integration |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# WebSocket Input Integration | |
# Custom WebSocket Input |
This is how we've been naming for other custom integrations.
Proposed commit message
This makes the Filebeat Websocket input available as an integration package.
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots