beats
beats copied to clipboard
elastic
[Filebeat] AWS S3 input split JSON arrays into multiple events
What does this PR do?
Mirror the feature of the Azure Event Hub input that if the message is a JSON array of objects, split it into multiple events
Why is it important?
Checklist
- [X] My code follows the style guidelines of this project
- [X] I have commented my code, particularly in hard-to-understand areas
- [X] I have made corresponding changes to the documentation
- [X] I have made corresponding change to the default configuration files
- [X] I have added tests that prove my fix is effective or that my feature works
- [X] I have added an entry in
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.
Author's Checklist
- [ ]
How to test this PR locally
Related issues
- Relates #29951
Use cases
Screenshots
Logs
:grey_exclamation: Build Aborted
The PR is not allowed to run in the CI yet
the below badges are clickable and redirect to their specific view in the CI or DOCS
Expand to view the summary
Build stats
-
Start Time: 2022-06-14T20:40:32.141+0000
-
Duration: 4 min 29 sec
Steps errors 
Expand to view the steps failures
Error signal
- Took 0 min 0 sec . View more details here
- Description:
githubApiCall: The REST API call https://api.github.com/orgs/elastic/members/legoguy1000 return the message : java.lang.Exception: httpRequest: Failure connecting to the service https://api.github.com/orgs/elastic/members/legoguy1000 : httpRequest: Failure connecting to the service https://api.github.com/orgs/elastic/members/legoguy1000 : Code: 404Error: {"message":"User does not exist or is not a member of the organization","documentation_url":"https://docs.github.com/rest/reference/orgs#check-organization-membership-for-a-user"}
:robot: GitHub comments
To re-run your PR in the CI, just comment with:
-
/test: Re-trigger the build. -
/package: Generate the packages and run the E2E tests. -
/beats-tester: Run the installation tests with beats-tester. -
runelasticsearch-ci/docs: Re-trigger the docs validation. (use unformatted text in the comment!)
@legoguy1000 , this would be a breaking change as it is :)
my personal opinion is that it should be a feature behind a config flag in order to enable it
@kaiyan-sheng , @andrewkroh what do you think?
As I was adding the change log I had an inclination that it could be a breaking change. I don't really care about how it's implemented, I care about parity between inputs. Event hub splits arrays and expands a sub key, AWS only expands a sub key, file stream can do neither.... That is what drove my other related PR to create a split module, now a parser.
I do think an explicit configuration is needed to avoid a breaking change. How about requiring this to split an array of objects (inspired by jq):
expand_event_list_from_field: .[]
I do think an explicit configuration is needed to avoid a breaking change
yes, as long as the behaviour does not apply automatically, it's not needed.
your proposal with expand_event_list_from_field: .[] is fine for me
Agree on the expand_event_list_from_field parameter! @legoguy1000 Thank you so much for adding this!
This pull request is now in conflicts. Could you fix it? 🙏 To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/
git fetch upstream
git checkout -b awss3-json-array upstream/awss3-json-array
git merge upstream/main
git push upstream awss3-json-array
![mergify[bot] avatar](https://avatars.githubusercontent.com/in/10562?v=4 "Published by a pub.dev verified publisher"){kind=small}
This pull request does not have a backport label. If this is a bug or security fix, could you label this PR @legoguy1000? 🙏. For such, you'll need to label your PR with:
- The upcoming major version of the Elastic Stack
- The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change) To fixup this pull request, you need to add the backport labels for the needed branches, such as:
backport-v8./d.0is the label to automatically backport to the8./dbranch./dis the digit
This pull request is now in conflicts. Could you fix it? 🙏 To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/
git fetch upstream
git checkout -b awss3-json-array upstream/awss3-json-array
git merge upstream/main
git push upstream awss3-json-array
This pull request is now in conflicts. Could you fix it? 🙏 To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/
git fetch upstream
git checkout -b awss3-json-array upstream/awss3-json-array
git merge upstream/main
git push upstream awss3-json-array
This pull request is now in conflicts. Could you fix it? 🙏 To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/
git fetch upstream
git checkout -b awss3-json-array upstream/awss3-json-array
git merge upstream/main
git push upstream awss3-json-array
Closing because https://github.com/elastic/beats/pull/35475 implemented this.
This pull request is now in conflicts. Could you fix it? 🙏 To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/
git fetch upstream
git checkout -b awss3-json-array upstream/awss3-json-array
git merge upstream/main
git push upstream awss3-json-array
This pull request does not have a backport label. If this is a bug or security fix, could you label this PR @legoguy1000? 🙏. For such, you'll need to label your PR with:
- The upcoming major version of the Elastic Stack
- The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)
To fixup this pull request, you need to add the backport labels for the needed branches, such as:
backport-v8./d.0is the label to automatically backport to the8./dbranch./dis the digit
