change event_log to log but not index entries by default

.github/CODEOWNERS

@@ -78,6 +78,7 @@
 /packages/kbn-analytics/ @elastic/kibana-stack-services
 /src/legacy/core_plugins/ui_metric/ @elastic/kibana-stack-services
 /src/plugins/usage_collection/ @elastic/kibana-stack-services
+/x-pack/plugins/event_log @elastic/kibana-stack-services
 /x-pack/legacy/plugins/telemetry @elastic/kibana-stack-services
 /x-pack/legacy/plugins/alerting @elastic/kibana-stack-services
 /x-pack/legacy/plugins/actions @elastic/kibana-stack-services

x-pack/plugins/event_log/server/event_log_service.ts

@@ -10,36 +10,44 @@ import { ClusterClient } from 'src/core/server';
 
 import { Plugin } from './plugin';
 import { EsContext } from './es';
-import { IEvent, IEventLogger, IEventLogService } from './types';
+import { IEvent, IEventLogger, IEventLogService, IEventLogConfig } from './types';
 import { EventLogger } from './event_logger';
 export type PluginClusterClient = Pick<ClusterClient, 'callAsInternalUser' | 'asScoped'>;
 export type AdminClusterClient$ = Observable<PluginClusterClient>;
 
 type SystemLogger = Plugin['systemLogger'];
 
 interface EventLogServiceCtorParams {
-  enabled: boolean;
+  config: IEventLogConfig;
   esContext: EsContext;
   esBaseName: string;
   systemLogger: SystemLogger;
 }
 
 // note that clusterClient may be null, indicating we can't write to ES
 export class EventLogService implements IEventLogService {
+  private config: IEventLogConfig;
   private systemLogger: SystemLogger;
-  private enabled: boolean;
   private esContext: EsContext;
   private registeredProviderActions: Map<string, Set<string>>;
 
-  constructor({ enabled, esBaseName, systemLogger, esContext }: EventLogServiceCtorParams) {
-    this.enabled = enabled;
+  constructor({ config, esBaseName, systemLogger, esContext }: EventLogServiceCtorParams) {
+    this.config = config;
     this.esContext = esContext;
     this.systemLogger = systemLogger;
     this.registeredProviderActions = new Map<string, Set<string>>();
   }
 
-  isEnabled(): boolean {
-    return this.enabled;
+  public get isEnabled(): boolean {
+    return this.config.enabled;
+  }
+
+  public get isLoggingEntries(): boolean {
+    return this.isEnabled && this.config.logEntries;
+  }
+
+  public get isIndexingEntries(): boolean {
+    return this.isEnabled && this.config.indexEntries;
   }
 
   registerProviderActions(provider: string, actions: string[]): void {

x-pack/plugins/event_log/server/event_logger.ts

@@ -5,13 +5,20 @@
  */
 
 import { schema } from '@kbn/config-schema';
+import { Logger } from 'src/core/server';
 import { merge } from 'lodash';
+
 import { IEvent, IEventLogger, IEventLogService, ECS_VERSION, EventSchema } from './types';
 import { Plugin } from './plugin';
 import { EsContext } from './es';
 
 type SystemLogger = Plugin['systemLogger'];
 
+interface Doc {
+  index: string;
+  body: Partial<IEvent>;
+}
+
 interface IEventLoggerCtorParams {
   esContext: EsContext;
   eventLogService: IEventLogService;
@@ -50,6 +57,8 @@ export class EventLogger implements IEventLogger {
 
   // non-blocking, but spawns an async task to do the work
   logEvent(eventProperties: Partial<IEvent>): void {
+    if (!this.eventLogService.isEnabled) return;
+
     const event: Partial<IEvent> = {};
 
     // merge the initial properties and event properties
@@ -72,21 +81,26 @@ export class EventLogger implements IEventLogger {
       return;
     }
 
-    const doc = {
+    const doc: Doc = {
       index: this.esContext.esNames.alias,
       body: validatedEvent,
     };
 
-    writeLogEvent(this.esContext, doc);
+    if (this.eventLogService.isIndexingEntries) {
+      indexLogEvent(this.esContext, doc);
+    }
+
+    if (this.eventLogService.isLoggingEntries) {
+      logLogEvent(this.systemLogger, doc);
+    }
   }
 }
 
 // return the epoch millis of the start date, or null; may be NaN if garbage
 function getEventStart(event: Partial<IEvent>): number | null {
-  if (event.event == null) return null;
+  if (event.event == null || event.event.start == null) return null;
   if (Array.isArray(event.event.start)) return Date.parse(event.event.start[0]);
-  if (typeof event.event.start === 'string') return Date.parse(event.event.start);
-  return null;
+  return Date.parse(event.event.start);
 }
 
 const RequiredEventSchema = schema.object({
@@ -118,7 +132,13 @@ function validateEvent(eventLogService: IEventLogService, event: Partial<IEvent>
   return event;
 }
 
-function writeLogEvent(esContext: EsContext, doc: any): void {
+function logLogEvent(logger: Logger, doc: Doc): void {
+  setImmediate(() => {
+    logger.info(`event logged ${JSON.stringify(doc.body)}`);
+  });
+}
+
+function indexLogEvent(esContext: EsContext, doc: Doc): void {
   // TODO:
   // the setImmediate() on an async function is a little overkill, but,
   // setImmediate() may be tweakable via node params, whereas async
@@ -129,7 +149,7 @@ function writeLogEvent(esContext: EsContext, doc: any): void {
   // already verified this.clusterClient isn't null above
   setImmediate(async () => {
     try {
-      await writeLogEventDoc(esContext, doc);
+      await indexLogEventDoc(esContext, doc);
     } catch (err) {
       esContext.logger.warn(`error writing event doc: ${err.message}`);
       writeLogEventDocOnError(esContext, doc);
@@ -138,7 +158,7 @@ function writeLogEvent(esContext: EsContext, doc: any): void {
 }
 
 // whew, the thing that actually writes the event log document!
-async function writeLogEventDoc(esContext: EsContext, doc: any) {
+async function indexLogEventDoc(esContext: EsContext, doc: any) {
   esContext.logger.debug(`writing to event log: ${JSON.stringify(doc)}`);
   await esContext.waitTillReady();
   await esContext.callEs('index', doc);

x-pack/plugins/event_log/server/index.ts

@@ -5,9 +5,9 @@
  */
 
 import { PluginInitializerContext } from 'src/core/server';
-import { configSchema } from './config_schema';
+import { ConfigSchema } from './types';
 import { Plugin } from './plugin';
 
 export * from './types';
-export const config = { schema: configSchema };
+export const config = { schema: ConfigSchema };
 export const plugin = (context: PluginInitializerContext) => new Plugin(context);

x-pack/plugins/event_log/server/plugin.ts

@@ -4,7 +4,6 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { Observable } from 'rxjs';
 import { first } from 'rxjs/operators';
 import {
   CoreSetup,
@@ -15,7 +14,7 @@ import {
   ClusterClient,
 } from 'src/core/server';
 
-import { EventLogConfigType, IEventLogService, IEventLogger } from './types';
+import { IEventLogConfig, IEventLogService, IEventLogger, IEventLogConfig$ } from './types';
 import { EventLogService } from './event_log_service';
 import { createEsContext, EsContext } from './es';
 import { addRoutes } from './routes';
@@ -33,22 +32,21 @@ const ACTIONS = {
 };
 
 export class Plugin implements CorePlugin<IEventLogService> {
-  private readonly config$: Observable<EventLogConfigType>;
+  private readonly config$: IEventLogConfig$;
   private systemLogger: Logger;
+  private eventLogService?: IEventLogService;
   private esContext?: EsContext;
   private eventLogger?: IEventLogger;
-  private enabled?: boolean;
 
   constructor(private readonly context: PluginInitializerContext) {
     this.systemLogger = this.context.logger.get();
-    this.config$ = this.context.config.create<EventLogConfigType>();
+    this.config$ = this.context.config.create<IEventLogConfig>();
   }
 
   async setup(core: CoreSetup): Promise<IEventLogService> {
     this.systemLogger.debug('setting up plugin');
 
     const config = await this.config$.pipe(first()).toPromise();
-    this.enabled = config.enabled;
 
     this.esContext = createEsContext({
       logger: this.systemLogger,
@@ -57,8 +55,8 @@ export class Plugin implements CorePlugin<IEventLogService> {
       clusterClient$: core.elasticsearch.adminClient$,
     });
 
-    const eventLogService = new EventLogService({
-      enabled: this.enabled,
+    this.eventLogService = new EventLogService({
+      config,
       esContext: this.esContext,
       esBaseName: ES_BASE_NAME,
       systemLogger: this.systemLogger,
@@ -67,23 +65,25 @@ export class Plugin implements CorePlugin<IEventLogService> {
     addRoutes({
       router: core.http.createRouter(),
       esContext: this.esContext,
-      eventLogService,
+      eventLogService: this.eventLogService,
     });
 
-    eventLogService.registerProviderActions(PROVIDER, Object.values(ACTIONS));
+    this.eventLogService.registerProviderActions(PROVIDER, Object.values(ACTIONS));
 
-    this.eventLogger = eventLogService.getLogger({
+    this.eventLogger = this.eventLogService.getLogger({
       event: { provider: PROVIDER },
     });
 
-    return eventLogService;
+    return this.eventLogService;
   }
 
   async start(core: CoreStart) {
     this.systemLogger.debug('starting plugin');
 
     // launches initialization async
-    this.esContext!.initialize();
+    if (this.eventLogService!.isIndexingEntries) {
+      this.esContext!.initialize();
+    }
 
     // will log the event after initialization
     this.eventLogger!.logEvent({

x-pack/plugins/event_log/server/types.ts

@@ -4,19 +4,29 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { TypeOf } from '@kbn/config-schema';
-import { configSchema } from './config_schema';
+import { Observable } from 'rxjs';
+import { schema, TypeOf } from '@kbn/config-schema';
 
 import { IEventGenerated, EventSchemaGenerated, ECS_VERSION_GENERATED } from '../generated/schemas';
 
+export const ConfigSchema = schema.object({
+  enabled: schema.boolean({ defaultValue: true }),
+  logEntries: schema.boolean({ defaultValue: true }),
+  indexEntries: schema.boolean({ defaultValue: false }),
+});
+
+export type IEventLogConfig = TypeOf<typeof ConfigSchema>;
+export type IEventLogConfig$ = Observable<Readonly<IEventLogConfig>>;
+
 export type IEvent = IEventGenerated;
 export const ECS_VERSION = ECS_VERSION_GENERATED;
 export const EventSchema = EventSchemaGenerated;
-export type EventLogConfigType = TypeOf<typeof configSchema>;
 
 // the object exposed by plugin.setup()
 export interface IEventLogService {
-  isEnabled(): boolean;
+  isEnabled: boolean;
+  isLoggingEntries: boolean;
+  isIndexingEntries: boolean;
   registerProviderActions(provider: string, actions: string[]): void;
   isProviderActionRegistered(provider: string, action: string): boolean;
   getProviderActions(): Map<string, Set<string>>;