Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cel: new generic integration #5539

Merged
merged 5 commits into from
Apr 14, 2023
Merged

cel: new generic integration #5539

merged 5 commits into from
Apr 14, 2023

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Mar 15, 2023
edited by andrewkroh
Loading

What does this PR do?

This makes the Filebeat CEL input available as an integration package.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • Fix regexp docs - ref
  • Resolve mechanism to get program source though kibana/agent - ref

How to test this PR locally

Related issues

Screenshots

Screenshot 2023-03-15 at 14 03 16

Screenshot 2023-03-15 at 14 05 29

@efd6 efd6 self-assigned this Mar 15, 2023
@elasticmachine
Copy link

elasticmachine commented Mar 15, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-04-02T21:51:13.995+0000

  • Duration: 15 min 1 sec

Test stats 🧪

Test Results
Failed 0
Passed 4
Skipped 0
Total 4

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

efd6
efd6 commented Mar 15, 2023
View reviewed changes
packages/cel/data_stream/generic/manifest.yml Outdated Show resolved Hide resolved
packages/cel/data_stream/generic/manifest.yml Outdated Show resolved Hide resolved
packages/cel/data_stream/generic/manifest.yml Outdated Show resolved Hide resolved
@efd6 efd6 changed the title cel: new input cel: new generic integration Mar 15, 2023
@elasticmachine
Copy link

elasticmachine commented Mar 15, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (0/0) 💚
Files 100.0% (0/0) 💚
Classes 100.0% (0/0) 💚
Methods 100.0% (3/3) 💚
Lines 100.0% (0/0) 💚
Conditionals 100.0% (0/0) 💚

@efd6 efd6 requested a review from a team March 15, 2023 03:49
@efd6 efd6 marked this pull request as ready for review March 15, 2023 03:49
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@efd6
cel: new generic integration
d168462 
This makes the Filebeat CEL input available as an integration package.
andrewkroh
andrewkroh reviewed Mar 20, 2023
View reviewed changes
packages/cel/data_stream/generic/agent/stream/cel.yml.hbs Outdated Show resolved Hide resolved
packages/cel/data_stream/generic/agent/stream/cel.yml.hbs Outdated Show resolved Hide resolved
packages/cel/data_stream/generic/fields/base-fields.yml Outdated
- name: event.dataset
type: constant_keyword
description: Event dataset
value: cel.generic
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With custom inputs I think having a static event.dataset is problematic because users can customize the data stream.dataset value. When they choose a value different than cel.generic then data cannot be indexed due to the document not matching what is found in the mapping. So I think if you remove the value so that it's like the data_stream.dataset on line 4 it will be good.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of our issues for event.dataset and data_stream.dataset (there are several other issues here as well like component templates) are all resolved if we move the package to be of type input, as it has custom UI elements specifically for data_stream. Maybe we should look at that?

This comment was marked as outdated.

Sign in to view

packages/cel/data_stream/generic/manifest.yml Outdated Show resolved Hide resolved
@efd6 efd6 mentioned this pull request Mar 20, 2023
Merged
6 tasks
@P1llus
Copy link
Member

P1llus commented Mar 23, 2023

Just in case, please do not merge it yet, I am trying to find some time this week at least to do a full review, since this is our first input type package, we should ensure it is in top shape, so we can use this as a template for future work 👍

@efd6
Copy link
Contributor Author

efd6 commented Mar 23, 2023

No worries, merging this is blocked on a resolution to #5539 (comment) anyway.

efd6 added 2 commits March 24, 2023 08:49
@efd6
use textarea input and escape_string for program input
b7e60da
@efd6
add option for request tracing
58bc8c8 
Option naming reflect that used in HTTPJSON (request instead of
resource) for clarity and because we are tracing only requests, not all
resource interactions.
andrewkroh
andrewkroh approved these changes Apr 11, 2023
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@efd6
Copy link
Contributor Author

efd6 commented Apr 14, 2023

This needs to be updated to make use of trace input ID substitution implemented as exists in HTTPJSON.

@efd6
Copy link
Contributor Author

efd6 commented Apr 14, 2023

Actually, the ID replacement functionality is not there yet. What would be your preference, merge this as is and change them both together, or change HTTPJSON to use the id-sub functionality and do the change for CEL here?

@andrewkroh
Copy link
Member

IMO it can be merged without the ID replacement. We can push that update later and users shouldn't notice (except there will be a higher stack version requirement).

@efd6 efd6 merged commit a7d9678 into elastic:main Apr 14, 2023
@elasticmachine
Copy link

Package cel - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=cel

@andrewkroh andrewkroh added Integration:cel Custom API using Common Expression Language New Integration Issue or pull request for creating a new integration package. labels Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@P1llus P1llus P1llus left review comments

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

@efd6 efd6

Labels
enhancement New feature or request Integration:cel Custom API using Common Expression Language New Integration Issue or pull request for creating a new integration package.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@efd6 @elasticmachine @P1llus @andrewkroh