Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] [HaProxy] Parse http and url fields #25480

Closed
SHolzhauer opened this issue May 1, 2021 · 3 comments · Fixed by #25482
Closed

[Filebeat] [HaProxy] Parse http and url fields #25480

SHolzhauer opened this issue May 1, 2021 · 3 comments · Fixed by #25482
Labels
needs_team Indicates that the issue/PR needs a Team:* label

Comments

@SHolzhauer
Copy link
Contributor

SHolzhauer commented May 1, 2021
edited
Loading

Describe the enhancement:
The current pipeline for HaProxy does not parse the haproxy.http.request.raw_request_line further into possible fields.
Example:

{
    "haproxy.http.request.raw_request_line": "POST /path/to/page HTTP/1.1"
}

Can be further parsed into:

{
    "haproxy": {
        "http": {
            "request": {
                "raw_request_line": "POST /path/to/page HTTP/1.1"
            }
        }
    },
    "http": {
        "request": {
            "method": "POST"
        ",
        "version": "1.1"
    },
    "url": {
        "path": "/path/to/page"
    }
}

I'm not entirely sure if HaProxy logs request parameters (query) but if so the path can be split into it ofcourse:

{
    "haproxy.http.request.raw_request_line": "POST /path/to/page?key=value HTTP/1.1"
}

Can be further parsed into:

{
    "haproxy": {
        "http": {
            "request": {
                "raw_request_line": "POST /path/to/page?key=value HTTP/1.1"
            }
        }
    },
    "http": {
        "request": {
            "method": "POST"
        ",
        "version": "1.1"
    },
    "url": {
        "path": "/path/to/page",
        "query": "key=value"
    }
}

Describe a specific use case for the enhancement or feature:
More complete parsing will allow for better monitoring in both observability (how often is page y opened) as well as security.
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 1, 2021
@botelastic
Copy link

botelastic bot commented May 1, 2021

This issue doesn't have a Team:<team> label.

@legoguy1000
Copy link
Contributor

I'll take a look at this.

@legoguy1000 legoguy1000 mentioned this issue May 1, 2021
Merged
6 tasks
legoguy1000 added a commit to legoguy1000/beats that referenced this issue May 1, 2021
@legoguy1000
elastic#25480: Additional parsing for `haproxy.http.request.raw_reque…
c59eabb 
…st_line`
@legoguy1000
Copy link
Contributor

@SHolzhauer Changes made and PR ready for review.

P1llus pushed a commit that referenced this issue May 3, 2021
@legoguy1000
#25480: Additional parsing for haproxy.http.request.raw_request_line (
5059faa 
#25482)
legoguy1000 added a commit to legoguy1000/beats that referenced this issue May 3, 2021
@legoguy1000
elastic#25480: Additional parsing for `haproxy.http.request.raw_reque…
153280f 
…st_line` (elastic#25482)

(cherry picked from commit 5059faa)
@legoguy1000 legoguy1000 mentioned this issue May 3, 2021
Closed
6 tasks
legoguy1000 added a commit to legoguy1000/beats that referenced this issue May 3, 2021
@legoguy1000
elastic#25480: Additional parsing for `haproxy.http.request.raw_reque…
5f0ba5a 
…st_line` (elastic#25482)

(cherry picked from commit 5059faa)
@legoguy1000 legoguy1000 mentioned this issue May 3, 2021
Merged
6 tasks
P1llus pushed a commit that referenced this issue May 3, 2021
@legoguy1000
#25480: Additional parsing for haproxy.http.request.raw_request_line (
8d792d1 
#25482) (#25496)

(cherry picked from commit 5059faa)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs_team Indicates that the issue/PR needs a Team:* label
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Filebeat] Additional parsing for haproxy.http.request.raw_request_line legoguy1000/beats
2 participants
@legoguy1000 @SHolzhauer