Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[network_traffic] Fix to index events with memcached stats responses #6539

Merged
merged 4 commits into from
Jun 22, 2023
Merged

[network_traffic] Fix to index events with memcached stats responses #6539

merged 4 commits into from
Jun 22, 2023

Conversation

chrisberkhout
Copy link
Contributor

@chrisberkhout chrisberkhout commented Jun 12, 2023
edited
Loading

What does this PR do?

Fixes the Network Packet Capture integration to not drop events with memcached STATS response data, by using a flattened field to hold the stats data in a single object.

Details

The Network Packet Capture integration currently fails to index events with memcached STATS response data,
as described in issue #6230.

The stats data in the event is an array of objects with name and value keys:

{
  "memcache": {
    "response": {
      "stats": [
        {
          "name": "pid",
          "value": "1"
        },
        {
          "name": "uptime",
          "value": "183329"
        },
        ...
      ], ...
    }, ...
  }, ...
}

Many stat names are listed in the memcached documentation (93 general-purpose statistics, and over 100 others). However, actual responses may include fewer, or additional (undocumented) stats.

Since the purpose of the integration is to sniff network packets and dissect known protocols, rather than to support monitoring and operation of memcached clusters, I chose to index the stats data as a single flattened object, which makes the data readable although not easily queryable:

{
  "memcache": {
    "response": {
      "stats": {
        "pid": "1",
        "uptime": "183329",
        ...
      }, ...
    }, ...
  }, ...
}

Alternative representations could be more queryable, but at the cost of indexing many additional documents (nested), or mapping a large and changeable number of fields.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

@chrisberkhout chrisberkhout added bug Something isn't working, use only for issues Team:Security-External Integrations Integration:network_traffic Network Packet Capture labels Jun 12, 2023
@chrisberkhout chrisberkhout requested a review from a team as a code owner June 12, 2023 10:52
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@elasticmachine
Copy link

elasticmachine commented Jun 12, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-06-22T11:42:19.718+0000

  • Duration: 65 min 42 sec

Test stats 🧪

Test Results
Failed 0
Passed 154
Skipped 0
Total 154

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Jun 12, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (2/2) 💚
Classes 100.0% (2/2) 💚
Methods 98.276% (57/58) 👎 -1.724
Lines 88.356% (129/146) 👎 -5.235
Conditionals 100.0% (0/0) 💚

@chrisberkhout chrisberkhout force-pushed the network-traffic-memcache-stats-fix branch from a0646d7 to fce45d9 Compare June 12, 2023 13:23
@chrisberkhout chrisberkhout added bugfix Pull request that fixes a bug issue and removed bug Something isn't working, use only for issues labels Jun 12, 2023
@chrisberkhout chrisberkhout force-pushed the network-traffic-memcache-stats-fix branch from 5a51ed8 to 5a55088 Compare June 14, 2023 14:32
@elasticmachine
Copy link

💚 Build Succeeded

History

  • 💔 Build #30 failed 5a51ed8d9a276872c8bfe95df67176c57011fa94

@chrisberkhout chrisberkhout force-pushed the network-traffic-memcache-stats-fix branch from 5a55088 to 1a4c80a Compare June 22, 2023 11:41
taylor-swanson
taylor-swanson approved these changes Jun 22, 2023
View reviewed changes
Copy link
Contributor

@taylor-swanson taylor-swanson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@efd6 efd6 merged commit 19a37e6 into main Jun 22, 2023
@elasticmachine
Copy link

Package network_traffic - 1.19.1 containing this change is available at https://epr.elastic.co/search?package=network_traffic

@chrisberkhout chrisberkhout deleted the network-traffic-memcache-stats-fix branch June 23, 2023 09:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taylor-swanson taylor-swanson taylor-swanson approved these changes

@efd6 efd6 efd6 approved these changes

Assignees
No one assigned
Labels
bugfix Pull request that fixes a bug issue Integration:network_traffic Network Packet Capture
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[network_traffic] Event indexing failure in system test
4 participants
@chrisberkhout @elasticmachine @efd6 @taylor-swanson