Add decode base64 field processor #11914
Conversation
|
Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually? |
|
jenkins test this |
|
jenkins test this please |
mmatur
force-pushed
the
feature/processor-base64-decode
branch
3 times, most recently
from
3db61ae to
4f32f09
Compare
|
|
||
| func (f *decodeBase64Fields) Run(event *beat.Event) (*beat.Event, error) { | ||
| data, err := event.GetValue(f.field) | ||
| if err != nil && errors.Cause(err) != common.ErrKeyNotFound { |
There was a problem hiding this comment.
I think it would be good to make this configurable, just like in case of other processors. By adding fail_on_error and ignore_missing users could eliminate flooding the logs of Beats if the keys are not present in the event. See the implementation in rename processor: https://github.com/elastic/beats/blob/master/libbeat/processors/actions/rename.go#L36
mmatur
force-pushed
the
feature/processor-base64-decode
branch
3 times, most recently
from
0c1de6a to
c864d5f
Compare
mmatur
force-pushed
the
feature/processor-base64-decode
branch
from
c864d5f to
814bd5d
Compare
|
the code looks good, I am just worried about the usage and the configuration. The current code can work with a single instance of a processors on multiple fields. I wonder if it's better to make it a 1:1 mapping, each field need to define his own processors. I am thinking about this because the errors handling looks stranges when it's applied on multiple fields. @kvch in your comments #11914 (comment) were you asking only to add errors handling to the processors or allow a single processor to operate on multiple fields? |
So true. This really complicates things in other processors and I think having a 1:1 relationship like Ingest Node has would simplify many things. |
|
@mmatur Can you please also register this with the script processor so that it can be used there as well. Just need to add a line here: |
mmatur
force-pushed
the
feature/processor-base64-decode
branch
2 times, most recently
from
3f47bff to
4021509
Compare
|
@ph Yes, I would let one base64 processor work on multiple fields as in case of other processors. I think confusion around which field lead to an error can be avoided by adding the key name to the error message. WDYT? |
mmatur
force-pushed
the
feature/processor-base64-decode
branch
from
4021509 to
ddb04c9
Compare
|
@kvch @ph @andrewkroh do I need to keep 1:1 mapping? |
|
Keep it please. |
|
Thanks @kvch. My PR seems to be ready ;) |
|
Jenkins test this please |
|
Jenkins test this |
|
@kvch I've retriggerred jenkins build just to make sure. |
|
Thanks @mmatur for adding this :) |
Description
This PR adds a new processor to be able to decode base64.
The
decode_base64_fieldprocessor decodes field containing Base64 strings.The
decode_base64_fieldprocessor has the following configuration settings:field:: The field containing Base64 strings to decode.target:: (Optional) The field under which the decoded Base64 will be written. Bydefault the decoded Base64 object replaces the string field from which it was
read.
targetwith an empty string (target: ""). Note that thenullvalue (target:)is treated as if the field was not set at all.