x-pack/filebeat/module/mysqlenterprise: fix handling of streaming data sent as partial array object #35160
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
efd6
added
Filebeat
botelastic
bot
added
needs_team
efd6
force-pushed
the
35158-mysqlenterprise
branch
from
3d57ab9 to
070ee04
Compare
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
💚 Flaky test reportTests succeeded. 🤖 GitHub commentsExpand to view the GitHub comments
To re-run your PR in the CI, just comment with:
|
andrewkroh
approved these changes
Apr 20, 2023
|
This pull request is now in conflicts. Could you fix it? 🙏 |
…a sent as partial array object MySQL send its audit logs as parts of an infinitely long JSON array and so separates each line of the logs with a comma. We don't know that we are in an array since the first line of the log may not have been sent to us, so remove the trailing comma to treat each element of the partial array object as an object in a JSON stream.
efd6
force-pushed
the
35158-mysqlenterprise
branch
from
070ee04 to
60dae35
Compare
mergify bot
pushed a commit
that referenced
this pull request
Apr 21, 2023
…a sent as partial array object (#35160) MySQL send its audit logs as parts of an infinitely long JSON array and so separates each line of the logs with a comma. We don't know that we are in an array since the first line of the log may not have been sent to us, so remove the trailing comma to treat each element of the partial array object as an object in a JSON stream. (cherry picked from commit 9e83729)
efd6
added a commit
that referenced
this pull request
Apr 21, 2023
…ndling of streaming data sent as partial array object (#35162) * x-pack/filebeat/module/mysqlenterprise: fix handling of streaming data sent as partial array object (#35160) MySQL send its audit logs as parts of an infinitely long JSON array and so separates each line of the logs with a comma. We don't know that we are in an array since the first line of the log may not have been sent to us, so remove the trailing comma to treat each element of the partial array object as an object in a JSON stream. (cherry picked from commit 9e83729) * Update CHANGELOG.next.asciidoc --------- Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com>
chrisberkhout
pushed a commit
that referenced
this pull request
Jun 1, 2023
…a sent as partial array object (#35160) MySQL send its audit logs as parts of an infinitely long JSON array and so separates each line of the logs with a comma. We don't know that we are in an array since the first line of the log may not have been sent to us, so remove the trailing comma to treat each element of the partial array object as an object in a JSON stream.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
MySQL send its audit logs as parts of an infinitely long JSON array and so separates each line of the logs with a comma. We don't know that we are in an array since the first line of the log may not have been sent to us, so remove the trailing comma to treat each element of the partial array object as an object in a JSON stream.
Why is it important?
Strict parsing has broken audit log ingest
Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Author's Checklist
How to test this PR locally
Related issues
Use cases
Screenshots
Logs