Skip to content

[System] Add custom configuration option to winlog inputs #9045

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 8, 2024
Merged

[System] Add custom configuration option to winlog inputs #9045

merged 3 commits into from
May 8, 2024

Conversation

user-987654321
Copy link
Contributor

Proposed commit message

Adding the ability for users to set custom yaml config for windows datastream (System, Application, Security) winlog inputs.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

custom-system

@user-987654321 user-987654321 requested review from a team as code owners February 2, 2024 14:53
@cla-checker-service CLA Checker Service
Copy link

cla-checker-service bot commented Feb 2, 2024
edited
Loading

💚 CLA has been signed

@botelastic
Copy link

botelastic bot commented Mar 3, 2024

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Mar 3, 2024
@andrewkroh andrewkroh changed the title [Windows] Add custom configuration option to system inputs [System] Add custom configuration option to winlog inputs Mar 4, 2024
@botelastic botelastic bot removed the Stalled label Mar 4, 2024
@botelastic botelastic bot removed the Stalled label Mar 4, 2024
@andrewkroh andrewkroh added the enhancement New feature or request label Mar 4, 2024
andrewkroh
andrewkroh approved these changes Mar 4, 2024
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Appears to be consistent with #8877.

@botelastic
Copy link

botelastic bot commented Apr 3, 2024

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Apr 3, 2024
@andrewkroh andrewkroh added the Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] label Apr 3, 2024
@elasticmachine
Copy link

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

@botelastic botelastic bot removed the Stalled label Apr 3, 2024
@andrewkroh andrewkroh enabled auto-merge (squash) April 3, 2024 16:14
@andrewkroh
Copy link
Member

/test

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No Coverage information No data about Coverage
0.0% 0.0% Duplication on New Code

See analysis details on SonarQube

@andrewkroh andrewkroh added the Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] label Apr 3, 2024
@ishleenk17
Copy link
Member

ishleenk17 commented Apr 4, 2024
edited
Loading

@andrewkroh :
This could potentially broaden the range of configurations for Winlog, given that it accepts any configuration in YAML format. Hence, increasing the likelihood of integration breakages.
Would it be better to give a specific yaml box for the requirement like we do for say SSL.

@botelastic
Copy link

botelastic bot commented May 4, 2024

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label May 4, 2024
@ishleenk17
Copy link
Member

@andrewkroh : Please see if we would like to proceed with this change. I had one concern as mentioned here.

@botelastic botelastic bot removed the Stalled label May 6, 2024
@andrewkroh
Copy link
Member

Hence, increasing the likelihood of integration breakages. Would it be better to give a specific yaml box for the requirement like we do for say SSL.

This is true given that there is no validation of the YAML. But I don't think scoping the YAML to one setting (like ssl: {{ssl}}) is any better because no matter where the invalid YAML is placed it will break the configuration. It's the same problem that exists for processors. So I don't think this drastically increases the risk of invalid configurations.

I would like to see us build a UI component that encapsulates all of the winlog input settings. It would encode all of the validation rules like mutual exclusivity between options, provide type-ahead for the most common channel names, and do validiton of the processors YAML based on json-schema. This would be a better UX and reduce this risk of saving an invalid config.

@andrewkroh
Copy link
Member

/test

@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

History

@andrewkroh andrewkroh merged commit db34a64 into elastic:main May 8, 2024
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

Package system - 1.56.0 containing this change is available at https://epr.elastic.co/search?package=system

@user-987654321 user-987654321 deleted the add-custom-config branch June 19, 2024 08:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

@ishleenk17 ishleenk17 ishleenk17 approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request Integration:system System Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@user-987654321 @elasticmachine @andrewkroh @ishleenk17