Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

enhancement(gcp_chronicle sink): Add default fallback logic if log_type template cannot be resolved fo… #22323

Merged
merged 7 commits into from
Jan 31, 2025
Merged

enhancement(gcp_chronicle sink): Add default fallback logic if log_type template cannot be resolved fo… #22323

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
032d957
add default fallback logic if log_type template cannot be resolved fo…
ArunPiduguDD Jan 29, 2025
280ee02
modify error message
ArunPiduguDD Jan 30, 2025
25f0f17
fix changelog
ArunPiduguDD Jan 30, 2025
0a1fe9c
format
ArunPiduguDD Jan 30, 2025
40e61b6
update docs
ArunPiduguDD Jan 30, 2025
6f3ded4
add suggested changes
ArunPiduguDD Jan 30, 2025
a294b3c
update docs again
ArunPiduguDD Jan 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions changelog.d/add_default_fallback_index_google_chronicle_sink.enhancement.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Add an option to Google Chronicle sink to set a fallback index if the provided template in the `log_type` field cannot be resolved

authors: ArunPiduguDD
6 changes: 6 additions & 0 deletions src/sinks/gcp_chronicle/chronicle_unstructured.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,10 @@ pub struct ChronicleUnstructuredConfig {
#[configurable(metadata(docs::examples = "WINDOWS_DNS", docs::examples = "{{ log_type }}"))]
pub log_type: Template,

/// The default `log_type` to attach to events if the template in `log_type` cannot be resolved.
#[configurable(metadata(docs::examples = "VECTOR_DEV"))]
pub fallback_log_type: Option<String>,

#[configurable(derived)]
#[serde(
default,
Expand All @@ -261,6 +265,7 @@ impl GenerateConfig for ChronicleUnstructuredConfig {
namespace = "namespace"
compression = "gzip"
log_type = "log_type"
fallback_log_type = "VECTOR_DEV"
encoding.codec = "text"
"#})
.unwrap()
Expand Down Expand Up @@ -355,6 +360,7 @@ impl ChronicleUnstructuredConfig {
fn partitioner(&self) -> crate::Result<ChroniclePartitioner> {
Ok(ChroniclePartitioner::new(
self.log_type.clone(),
self.fallback_log_type.clone(),
self.namespace.clone(),
))
}
Expand Down
44 changes: 33 additions & 11 deletions src/sinks/gcp_chronicle/partitioner.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,23 @@ pub struct ChroniclePartitionKey {
}

/// Partitions items based on the generated key for the given event.
pub struct ChroniclePartitioner(Template, Option<Template>);
pub struct ChroniclePartitioner {
log_type: Template,
fallback_log_type: Option<String>,
namespace_template: Option<Template>,
}

impl ChroniclePartitioner {
pub const fn new(log_type_template: Template, namespace_template: Option<Template>) -> Self {
Self(log_type_template, namespace_template)
pub const fn new(
log_type: Template,
fallback_log_type: Option<String>,
namespace_template: Option<Template>,
) -> Self {
Self {
log_type,
fallback_log_type,
namespace_template,
}
}
}

Expand All @@ -23,18 +35,28 @@ impl Partitioner for ChroniclePartitioner {

fn partition(&self, item: &Self::Item) -> Self::Key {
let log_type = self
.0
.log_type
.render_string(item)
.map_err(|error| {
emit!(TemplateRenderingError {
error,
field: Some("log_type"),
drop_event: true,
});
.or_else(|error| {
if let Some(fallback_log_type) = &self.fallback_log_type {
emit!(TemplateRenderingError {
error,
field: Some("log_type"),
drop_event: false,
});
Ok(fallback_log_type.clone())
} else {
Err(emit!(TemplateRenderingError {
error,
field: Some("log_type"),
drop_event: true,
}))
}
})
.ok()?;

let namespace = self
.1
.namespace_template
.as_ref()
.map(|namespace| {
namespace.render_string(item).map_err(|error| {
Expand Down
5 changes: 5 additions & 0 deletions website/cue/reference/components/sinks/base/gcp_chronicle_unstructured.cue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -464,6 +464,11 @@ base: components: sinks: gcp_chronicle_unstructured: configuration: {
required: false
type: string: examples: ["127.0.0.1:8080", "example.com:12345"]
}
fallback_log_type: {
description: "The default `log_type` to attach to events if the template in `log_type` cannot be resolved."
required: false
type: string: examples: ["VECTOR_DEV"]
}
labels: {
description: "A set of labels that are attached to each batch of events."
required: false
Expand Down
Loading