Cherry-pick #18298 to 7.x: [Filebeat][New Input] Http Input #18719
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## What does this PR do? This filebeat input configures a HTTP port listener, accepting JSON formatted POST requests, which again is formatted into a event, initially the event is created with the "json." prefix and expects the ingest pipeline to mutate the event during ingestion. The initial set of features is based on the Logstash input plugin, but implemented differently: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html ## Why is it important? This idea is based on a few different scenarios: - The user already has a large beats installation and no Logstash, and do not want to install Logstash solely for a single feature. - HTTP Input allows applications to be directly integrated with Elastic, without needing connectivity to Elasticsearch directly (or Logstash). - Allows us to integrate and create modules for any product that supports HTTP POST events like SOAR, cloud applications, ticketing systems etc etc. ## Features currently implemented - HTTP Basic Auth On/Off - HTTP/HTTPS configurable - Listening interface and port configurable - Response code on success configurable - Response body on success configurable - Response header on success configurable - Proper HTTP codes on both success and error responses - Message prefix configurable - URL to post to is configurable - SSL path to cert, key and CA is configurable. (cherry picked from commit 0b84f0a)
kvch
added
[zube]: In Review
backport
Team:Services
botelastic
bot
added
the
needs_team
|
Pinging @elastic/integrations-services (Team:Services) |
botelastic
bot
removed
the
needs_team
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cherry-pick of PR #18298 to 7.x branch. Original message:
What does this PR do?
This filebeat input configures a HTTP port listener, accepting JSON formatted POST requests, which again is formatted into a event, initially the event is created with the "json." prefix and expects the ingest pipeline to mutate the event during ingestion.
The initial set of features is based on the Logstash input plugin, but implemented differently: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html
Why is it important?
This idea is based on a few different scenarios:
Features currently implemented
HTTP Basic Auth On/Off
HTTP/HTTPS configurable
Listening interface and port configurable
Response code on success configurable
Response body on success configurable
Response header on success configurable
Proper HTTP codes on both success and error responses
Message prefix configurable
URL to post to is configurable
SSL path to cert, key and CA is configurable.
TODO
Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.