[Filebeat] change multiline configuration in awss3 input to parsers #25873
Conversation
leehinman
added
Filebeat
botelastic
bot
added
needs_team
leehinman
force-pushed
the
25249_awss3_add_parsers
branch
from
ab5e9c8
to
901b2cb
Compare
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
leehinman
force-pushed
the
25249_awss3_add_parsers
branch
3 times, most recently
from
3381e44
to
8bf160f
Compare
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
| lineTerminator readfile.LineTerminator | ||
| } | ||
|
|
||
| func newParsers(in reader.Reader, pCfg parserConfig, c []common.ConfigNamespace) (parser, error) { |
There was a problem hiding this comment.
@kvch this looks like we have to duplicate parser setup from the filestream input here. This is somewhat unfortunate, especially if we want to add similar functionality to other inputs. How about providing a common package for parser setup?
Inputs that want to make use of parsers should be able to do it more or less like this:
type Config struct {
...
Parser inpparser.Settings
...
}
...
parser, err := config.Parser.Create(reader)
...
|
This pull request is now in conflicts. Could you fix it? 🙏 |
|
Just noting that if this doesn't merge for 7.14 that it will need to be updated to reflect that this is a breaking config change since the |
|
needs to be rebased onto #26541 when that is merged |
- switches multiline configuration to parsers - JSON parsing is independent Closes elastic#25249
leehinman
force-pushed
the
25249_awss3_add_parsers
branch
from
8bf160f
to
8c88824
Compare
* master: (25 commits) fix: Force PLATFORMS environment variable when we build Elastic Agent dependencies on arm64 (elastic#26415) macos for metricbeat to run in the extended meta-stage (elastic#26573) Packaging: add arm7 platform in the main pipeline (elastic#26575) [Heartbeat] Skip flakey timer queue test (elastic#26592) Update to "read_pipeline" permission (elastic#26465) (elastic#26580) API keys do not reflect the need for read_pipeline (elastic#26466) (elastic#26582) Add Fleet agent.id to Agent monitoring data (elastic#26548) Add kinesis metricset (elastic#25989) Refactor of system/memory metricset (elastic#26334) Introduce httpcommon package in libbeat (add support for Proxy) (elastic#25219) [Filebeat] change multiline configuration in awss3 input to parsers (elastic#25873) docs: Hint for the error "Error extracting container id" (elastic#25824) [Docs] Fixed metricbeat redis exported field CPU descriptions (elastic#25846) (elastic#26496) Update urllib to 1.26.5. (elastic#26380) Update golang.org/x/crypto (elastic#26448) [Filebeat] Update Fortinet Ingest Pipeline (elastic#24816) Move parsers outside of filestream input so others can use them as well (elastic#26541) [Filebeat] Fix `threatintel.indicator.url.full` field not populating (elastic#26508) [Filebeat] Add network direction processor to Zeek and Suricata modules (elastic#24620) Logging code cleanup related to Nomad auto-discovery (elastic#26498) ...
| match: after | ||
| ---- | ||
|
|
||
| See the available parser settings in detail below. |
There was a problem hiding this comment.
@kvch would it be possible/make sense to have a shared asciidoc that can be included in all the inputs with parsers?
What does this PR do?
Changes configuration of multiline in awss3 input to parsers to match multiline configuration in
filestreaminput.Why is it important?
This is the new paradigm for configuring multiline and we want consistency between inputs.
Checklist
- [ ] I have made corresponding change to the default configuration filesCHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.How to test this PR locally
go test --tags=integration,awsRelated issues