Skip to content

[aws] Update Grok pattern to support new HTTP ELB log format #13944

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[aws] Update Grok pattern to support new HTTP ELB log format #13944

wants to merge 3 commits into from
+62 −4

Conversation

devamanv
Copy link
Contributor

@devamanv devamanv commented May 20, 2025
edited
Loading

Proposed commit message

The PR contains changes to modify the ELB HTTP Grok pattern to support the new log format, which is as follows:

http 2025-05-01T11:24:32.748149Z app/internal-service-alb/abcd1234efgh5678 127.0.0.1:57273 - -1 -1 -1 200 - 0 272 "- http://internal-service-alb.example.com:80-/ " "-" - - - "-" "-" "-" - 2025-05-01T11:24:32.720000Z "-" "-" "-" "-" "-" "-" "-" TID_00000000000000000000000000000000

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • All pipeline tests should still pass

Related issues

@devamanv devamanv requested review from a team as code owners May 20, 2025 07:53
@devamanv devamanv added enhancement New feature or request Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] labels May 20, 2025
@elasticmachine
Copy link

elasticmachine commented May 20, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

History

ritalwar
ritalwar reviewed May 20, 2025
View reviewed changes
packages/aws/changelog.yml
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "3.3.2"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- version: "3.3.2"
- version: "3.4.0"

Since this is an enhancement, should we consider increasing the minor version instead of the patch version, which is typically for bug fixes?

efd6
efd6 reviewed May 21, 2025
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is probably worth adding a note to the commit message indicating the origin of the test sample.

packages/aws/data_stream/elb_logs/_dev/test/pipeline/test-alb.log
2024-11-29T13:45:24.599544Z 172.31.43.26 58206 80 - - - "-" - - - TID_16132ed0b4112148
http 2025-05-01T11:24:32.748149Z app/internal-service-alb/abcd1234efgh5678 127.0.0.1:57273 - -1 -1 -1 200 - 0 272 "- http://internal-service-alb.example.com:80-/ " "-" - - - "-" "-" "-" - 2025-05-01T11:24:32.720000Z "-" "-" "-" "-" "-" "-" "-" TID_00000000000000000000000000000000
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a final new line.

packages/aws/changelog.yml
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "3.3.2"
changes:
- description: Update Grok pattern to support new ELB HTTP log format.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"new" is a term that goes stale. Is there a version number or documentation that details this?

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@efd6 efd6 efd6 left review comments

@ritalwar ritalwar ritalwar left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
enhancement New feature or request Integration:aws AWS Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@devamanv @elasticmachine @efd6 @ritalwar @andrewkroh