vector icon indicating copy to clipboard operation
vector copied to clipboard
verified publisher icon vectordotdev

feat(gcp_chronicle_udm sink): Add chronicle udm events sink

Open ChocPanda opened this issue 11 months ago • 6 comments

Summary

Add a new Google Chronicle log sink for UDM events. The log sink acts as a client for the Google Chronicle udmevents ingestion API. Forwarding udm data in a Json format. it is assumed that the events will already be compliant with the Google Chronicles UDM format

Change Type

  • [ ] Bug fix
  • [x] New feature
  • [ ] Non-functional (chore, refactoring, docs)
  • [ ] Performance

Is this a breaking change?

  • [ ] Yes
  • [x] No

How did you test this PR?

Added new integration tests Tested manually against a live Google Chronicle deployment

Does this PR include user facing changes?

  • [x] Yes. Please add a changelog fragment based on our guidelines.
  • [ ] No. A maintainer will apply the "no-changelog" label to this PR.

Checklist

  • [x] Please read our Vector contributor resources.
  • [ ] If this PR introduces changes Vector dependencies (modifies Cargo.lock), please run dd-rust-license-tool write to regenerate the license inventory and commit the changes (if any). More details here.

References

#16369

ChocPanda avatar Jan 10 '25 12:01 ChocPanda

Hey @pront, I just raised the PR because I like the github diff, I'm still testing the change and the integration tests on this branch don't work yet. If you have sometime to work with me on this your expertise would be greatly appreciated as I'm teaching myself rust while working on this but this PR is still very much a draft

ChocPanda avatar Jan 13 '25 18:01 ChocPanda

Hey @pront, I just raised the PR because I like the github diff, I'm still testing the change and the integration tests on this branch don't work yet.

Sounds good @ChocPanda 👍

If you have sometime to work with me on this your expertise would be greatly appreciated as I'm teaching myself rust while working on this but this PR is still very much a draft

Feel free to ping me, when you want a code review!

pront avatar Jan 13 '25 18:01 pront

Hey @pront, I've tested this manually and have the integration tests working. There's quite a bit of refactoring in here and I'm not sure the acknowledgements work properly so all feedback welcome.

ChocPanda avatar Jan 17 '25 11:01 ChocPanda

This PR includes the changes in https://github.com/vectordotdev/vector/pull/22033

ChocPanda avatar Jan 17 '25 11:01 ChocPanda

This PR includes the changes in #22033

Let's try to merge this https://github.com/vectordotdev/vector/pull/22033

pront avatar Jan 17 '25 19:01 pront

👋 Is this ready for review now?

pront avatar Jan 27 '25 19:01 pront