feat: Enforce request maximum size and number of logs #2033
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
djaglowski
reviewed
Dec 9, 2024
djaglowski
approved these changes
Dec 9, 2024
dpaasman00
requested changes
Dec 11, 2024
dpaasman00
pushed a commit
that referenced
this pull request
Dec 16, 2024
* feat: Enforce request maximum size and number of logs * Fix lint * Refactor to be more go-idiomatic * Update Chronicle exporter readme with new flags
Caleb-Hurshman
added a commit
that referenced
this pull request
Dec 18, 2024
* chore: Update modules to v1.67.0 * fix: QRadar README typo (#2028) Fix README typo * fix: Shut down zombie goroutine in chronicleexporter (#2029) * Properly shut down chronicleexporter zombie goroutine * Fix lint * Fix the same problem for the GRPC workflow * ssapi mvp * lint * tls * WIP * ticker, other pr feedback * pagination functionality * break if results earlier than earliest_time * fix lint * check for earliest/latest in query * config unit tests * package comment * feat(chronicleexporter): Support dynamic namespace and ingestion labels (#1939) * add namespace and ingenstion logs initial commit * working except ingestion labels * ingestion labels from attributes * use proper log entry batch * namespace and ingestion logs no config overwrite * delete OverrideNamespace and OverrideIngestionLabeles * PR changes * fix unit tests * modify tests again * marshal changes * readme and namespace check * debug logs * rm unnecessary clauses * fix error wording * rm space * wip * client tests * checkpoint methods * WIP * functional checkpoint * debug logs, rm print * loadCheckpoint return error * splunk failure test * WIP * encode req body * stricter query validation * storage config test * lint, tidy * return error on export fail * tidy * receiver tests * receiver tests * lint * fix TestCheckpoint * rename structs * exporter fail test * fix search checkpointing * auth token * lint * fix struct name * rm prints, fix error messages * fix tests * default batch size * log end of export * readme * how-to * how-to example config * change how-to conf values * change test batch size * fix test case * fix client test * fix rebase errors * tidy * feat: Enforce request maximum size and number of logs (#2033) * feat: Enforce request maximum size and number of logs * Fix lint * Refactor to be more go-idiomatic * Update Chronicle exporter readme with new flags * fix: Delete empty values iterates through nested arrays (#2034) * delete empty values processor iterates through slices * log body implementation * pr review * initial feedback * chore: Minor cleanup of chronicle exporter names (#2046) * chore: Save component.TelemetrySettings on chronicle exporter (#2047) * chore: Minor cleanup of chronicle exporter names * chore: Chronicle exporter - save component.TelemetrySettings * safe shutdown() * chore: Localize chronicle exporter's metrics concerns (#2048) chore: Pull metrics-specific concerns into hostMetricsReporter * rm err checkk from time parsing * chore: Add debug logging (#2042) Add debug logging * chore: Add new tests for chronicle exporter with http and grpc servers (#2049) * ctx check, doc notes * chore: Rename to `bindplane-otel-collector` (#2043) * rename to bindplane-otel-collector * fix website links * update report card link * fix: Shut down zombie goroutine in chronicleexporter (#2029) * Properly shut down chronicleexporter zombie goroutine * Fix lint * Fix the same problem for the GRPC workflow * chore: Save component.TelemetrySettings on chronicle exporter (#2047) * chore: Minor cleanup of chronicle exporter names * chore: Chronicle exporter - save component.TelemetrySettings * chore: Localize chronicle exporter's metrics concerns (#2048) chore: Pull metrics-specific concerns into hostMetricsReporter * chore: Add new tests for chronicle exporter with http and grpc servers (#2049) * fix: Rebase cleanup (#2063) rebase cleanup * chore: separate http and grpc exporters (#2050) * fix: Shut down zombie goroutine in chronicleexporter (#2029) * Properly shut down chronicleexporter zombie goroutine * Fix lint * Fix the same problem for the GRPC workflow * ssapi mvp * initial feedback * chore: Save component.TelemetrySettings on chronicle exporter (#2047) * chore: Minor cleanup of chronicle exporter names * chore: Chronicle exporter - save component.TelemetrySettings * chore: Localize chronicle exporter's metrics concerns (#2048) chore: Pull metrics-specific concerns into hostMetricsReporter * chore: Add new tests for chronicle exporter with http and grpc servers (#2049) * chore: Save component.TelemetrySettings on chronicle exporter (#2047) * chore: Minor cleanup of chronicle exporter names * chore: Chronicle exporter - save component.TelemetrySettings * chore: Localize chronicle exporter's metrics concerns (#2048) chore: Pull metrics-specific concerns into hostMetricsReporter * chore: Add new tests for chronicle exporter with http and grpc servers (#2049) * fix: Shut down zombie goroutine in chronicleexporter (#2029) * Properly shut down chronicleexporter zombie goroutine * Fix lint * Fix the same problem for the GRPC workflow * fix rebase stuff --------- Co-authored-by: Dakota Paasman <[email protected]> Co-authored-by: Sam Hazlehurst <[email protected]> Co-authored-by: Ian Adams <[email protected]> Co-authored-by: Justin Voss <[email protected]> Co-authored-by: Daniel Jaglowski <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed Change
Google SecOps (Chronicle) limits API log ingestion in two different ways - first, in uncompressed request size, and secondly in number of logs per request. This PR changes the implementation of the chronicle exporter to respect these limits by checking against them before sending, and then splitting up the batched request logging data if either limit is exceeded. These limits are configurable on the SecOps backend, and therefore now are also configurable in the exporter.
Possible concerns:
Checklist