[streaming] - Made namespace consistent in logging & put a null check to stop paincs on shutdown #42315
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
botelastic
bot
added
the
needs_team
|
This pull request does not have a backport label.
To fixup this pull request, you need to add the backport labels for the needed
|
|
|
mergify
bot
added
the
backport-8.x
ShourieG
added
Team:Security-Service Integrations
botelastic
bot
removed
the
needs_team
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
ShourieG
added
needs_team
mergify
bot
added
the
backport-8.x
botelastic
bot
removed
the
needs_team
ShourieG
added
needs_team
botelastic
bot
removed
the
needs_team
ShourieG
added
needs_team
botelastic
bot
removed
the
needs_team
ShourieG
added
needs_team
botelastic
bot
removed
the
needs_team
ShourieG
changed the title
chemamartinez
approved these changes
Jan 15, 2025
andrewkroh
reviewed
Jan 15, 2025
| @@ -217,7 +219,7 @@ func (s *websocketStream) FollowStream(ctx context.Context) error { | |||
| } | |||
| s.metrics.receivedBytesTotal.Add(uint64(len(message))) | |||
| state["response"] = message | |||
| s.log.Debugw("received websocket message", logp.Namespace("websocket"), "msg", string(message)) | |||
| s.log.Debugw("received websocket message", "msg", string(message)) | |||
There was a problem hiding this comment.
There was nothing wrong with this version of the line. Checking the history, the problem was already addressed via 2ea4a2b which has become part of v8.16.2.
There was a problem hiding this comment.
Ok, but is the namespace call required though? We are already mentioning websocket in the error description, and none of the other local debug logs are using namespace. Should we still keep it around at this place ?
There was a problem hiding this comment.
Some context data is namespaced (and some isn't).
If anything I would ensure that it uses the namespace consistently, rather than removing it. The other calls depend on ns variable. And in one case, rather than using a custom namespaced field there is a perfectly good ECS field for the job -- http.response.body.content.
diff --git a/x-pack/filebeat/input/streaming/crowdstrike.go b/x-pack/filebeat/input/streaming/crowdstrike.go
index eb1797d2f6..7d062ce827 100644
--- a/x-pack/filebeat/input/streaming/crowdstrike.go
+++ b/x-pack/filebeat/input/streaming/crowdstrike.go
@@ -156,7 +156,7 @@ func (s *falconHoseStream) followSession(ctx context.Context, cli *http.Client,
if err != nil {
return state, Warning{fmt.Errorf("failed to decode discover body: %w", err)}
}
- s.log.Debugw("stream discover metadata", "meta", mapstr.M(body.Meta))
+ s.log.Debugw("stream discover metadata", logp.Namespace(s.ns), "meta", mapstr.M(body.Meta))
var offset int
if cursor, ok := state["cursor"].(map[string]any); ok {
@@ -241,7 +241,7 @@ func (s *falconHoseStream) followSession(ctx context.Context, cli *http.Client,
}
s.metrics.receivedBytesTotal.Add(uint64(len(msg)))
state["response"] = []byte(msg)
- s.log.Debugw("received firehose message", logp.Namespace("falcon_hose"), "msg", debugMsg(msg))
+ s.log.Debugw("received firehose message", logp.Namespace(s.ns), "msg", debugMsg(msg))
err = s.process(ctx, state, s.cursor, s.now().In(time.UTC))
if err != nil {
s.log.Errorw("failed to process and publish data", "error", err)
diff --git a/x-pack/filebeat/input/streaming/websocket.go b/x-pack/filebeat/input/streaming/websocket.go
index eeb89ad5c9..8377c29e37 100644
--- a/x-pack/filebeat/input/streaming/websocket.go
+++ b/x-pack/filebeat/input/streaming/websocket.go
@@ -217,7 +217,7 @@ func (s *websocketStream) FollowStream(ctx context.Context) error {
}
s.metrics.receivedBytesTotal.Add(uint64(len(message)))
state["response"] = message
- s.log.Debugw("received websocket message", logp.Namespace("websocket"), "msg", string(message))
+ s.log.Debugw("received websocket message", logp.Namespace(s.ns), "msg", string(message))
err = s.process(ctx, state, s.cursor, s.now().In(time.UTC))
if err != nil {
s.metrics.errorsTotal.Inc()
@@ -294,7 +294,7 @@ func handleConnectionResponse(resp *http.Response, metrics *inputMetrics, log *l
buf.WriteString("... truncated")
}
- log.Debugw("websocket connection response", "body", &buf)
+ log.Debugw("websocket connection response", "http.response.body.content", &buf)
}
}
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
andrewkroh
requested changes
Jan 15, 2025
|
Context for reviewers This is the panic being addressed. It occurred under v8.16.1. (via OCR so it contains some wonky text) |
ShourieG
changed the title
|
@andrewkroh, I've made the suggested changes |
andrewkroh
approved these changes
Jan 16, 2025
CHANGELOG.next.asciidoc
Outdated
| @@ -206,6 +206,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] | |||
| - The `_id` generation process for S3 events has been updated to incorporate the LastModified field. This enhancement ensures that the `_id` is unique. {pull}42078[42078] | |||
| - Fix Netflow Template Sharing configuration handling. {pull}42080[42080] | |||
| - Updated websocket retry error code list to allow more scenarios to be retried which could have been missed previously. {pull}42218[42218] | |||
| - In the streaming input made namespace consistent in logs & put a null check to stop paincs on shutdown. {pull}42315[42315] | |||
There was a problem hiding this comment.
Suggested change
| - In the streaming input made namespace consistent in logs & put a null check to stop paincs on shutdown. {pull}42315[42315] | |
| - In the `streaming` input, prevent panics on shutdown with a null check and apply a consistent namespace to contextual data in debug logs. {pull}42315[42315] |
This was referenced Jan 17, 2025
ShourieG
added a commit
that referenced
this pull request
Jan 17, 2025
… to stop paincs on shutdown (#42315) (#42336) * made namespace consistent in logging & put a null check to stop paincs on shutdown (cherry picked from commit ef3bd69) Co-authored-by: Shourie Ganguly <[email protected]>
ShourieG
added a commit
that referenced
this pull request
Jan 17, 2025
… to stop paincs on shutdown (#42315) (#42337) * made namespace consistent in logging & put a null check to stop paincs on shutdown (cherry picked from commit ef3bd69) Co-authored-by: Shourie Ganguly <[email protected]>
ShourieG
pushed a commit
that referenced
this pull request
Jan 18, 2025
…gging & put a null check to stop paincs on shutdown (#42338)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of change
Proposed commit message
Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Disruptive User Impact
Author's Checklist
How to test this PR locally
Related issues
Use cases
Screenshots
Logs