x-pack/filebeat/input/httpjson: add httpjson-to-cel Redirector#49614
x-pack/filebeat/input/httpjson: add httpjson-to-cel Redirector#49614efd6 wants to merge 4 commits intoelastic:mainfrom
Conversation
efd6
added
enhancement
Filebeat
botelastic
bot
added
needs_team
🤖 GitHub commentsJust comment with:
|
Vale Linting ResultsSummary: 2 suggestions found 💡 Suggestions (2)
The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale. |
🔍 Preview links for changed docs |
efd6
force-pushed
the
id6318-director-httpjson
branch
from
4cbe48d to
78c339c
Compare
|
re: vale linter
|
efd6
force-pushed
the
id6318-director-httpjson
branch
from
78c339c to
118dc97
Compare
efd6
force-pushed
the
id6318-director-httpjson
branch
from
118dc97 to
cdb29b4
Compare
efd6
force-pushed
the
id6318-director-httpjson
branch
from
cdb29b4 to
f7641f4
Compare
efd6
force-pushed
the
id6318-director-httpjson
branch
from
f7641f4 to
d2a44e8
Compare
Implement the Redirector interface on httpjson's InputManager so that when run_as_cel is true and cel.program is present, the Loader redirects to the cel input with a translated config. convertHttpjsonToCel maps the full set of shared fields between the two inputs: interval, auth, request.url to resource.url, retry, redirect, keep_alive, tracer, and inline transport settings (ssl, timeout, proxy_url, proxy_headers, proxy_disable, idle_connection_timeout). cel-namespaced fields (program, state, regexp, xsd, max_executions, redact) are extracted to their top-level equivalents. Fields specific to httpjson's declarative config (method, body, transforms, response, cursor, chain) are excluded since the CEL program handles them directly. max_executions uses Int/SetInt to match its *int type in the cel config rather than round-tripping through strings.
Read the httpjson cursor from the persistent store during Redirect and inject it into the translated cel config's state.cursor field. The cel input uses config.State["cursor"] as the initial value when no stored cursor exists, so the first run after redirect continues from where httpjson left off. Subsequent runs use the cel-stored cursor and ignore the injected value. Direct store writes are not viable because the Loader calls Init on all plugin managers (loading the cel cursor manager's in-memory table) before any Configure call where Redirect runs. A cel:: key written to the persistent store during Configure would not appear in the in-memory table, and findOrCreate would overwrite it with an empty resource on first flush. The httpjson store entry is preserved for rollback safety.
Add reference documentation for the run_as_cel option and the cel.program, cel.state, cel.max_executions, cel.regexp, cel.xsd, and cel.redact configuration fields. Includes a field mapping table, a note on cursor state migration, and a worked example.
efd6
force-pushed
the
id6318-director-httpjson
branch
from
d2a44e8 to
f5b8809
Compare
|
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane) |
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughAdds a redirect mechanism that converts httpjson inputs into cel inputs when ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
| } | ||
| } | ||
| if err := dst.SetChild("state.cursor", -1, cursorCfg); err != nil { | ||
| m.cursor.Logger.Warnw("cursor migration: cannot inject cursor into config", "error", err) |
There was a problem hiding this comment.
Since these are warnings and not erros, they wouldn't DEGRADE the input, correct?
So when this warnings occur, does it start with a default cursor with cel input, or previous cursor with httpjson?
There was a problem hiding this comment.
No, there is no degradation. The warnings use m.cursor.Logger.Warnw, not UpdateStatus(status.Degraded, …), so the input health stays healthy.
If cursor migration fails, the cel input falls back to config.State["cursor"] which is whatever the user put in cel.state.cursor (the bootstrap default). It doesn't fall back to the httpjson cursor, but starts fresh from the config default. This is safe because blocking startup would be worse than a re-fetch.
There was a problem hiding this comment.
This is safe because blocking startup would be worse than a re-fetch.
Got it. In the worst case scenario if a re-fetch is attempted, we may have duplicates. Do you think we should make it mandatory to have fingerprint processors inside the ingest pipeline for all run_as_cel: true cases?
Parse the URL through url.Parse before constructing the cursor store key so that the key matches source.Name() normalization. Without this, URL round-tripping through net/url could cause a mismatch between the key we look up and the key the input wrote. Add input.Name() assertion to TestRedirect_EndToEnd to verify the Loader actually redirected to the cel plugin.
4 participants
Proposed commit message
Note
Best reviewed commitwise.
Checklist
stresstest.shscript to run them under stress conditions and race detector to verify their stability../changelog/fragmentsusing the changelog tool.Disruptive User Impact
Author's Checklist
How to test this PR locally
Related issues
Use cases
Screenshots
Logs