[Automatic Import] Restrict unsupported log formats (#202994)

2025-04-23 17:28:26 -04:00 · 2024-12-05 20:18:08 +01:00 · 2024-12-05 20:18:08 +01:00 · 178baa8468
commit 178baa8468
parent 7806861c5f
7 changed files with 64 additions and 12 deletions
--- a/x-pack/plugins/integration_assistant/common/api/generation_error.ts
+++ b/x-pack/plugins/integration_assistant/common/api/generation_error.ts
@ -34,6 +34,7 @@ export function isGenerationErrorBody(obj: unknown | undefined): obj is Generati
 export interface GenerationErrorAttributes {
  errorCode: GenerationErrorCode;
  underlyingMessages?: string[] | undefined;
+  logFormat?: string | undefined;
  errorMessageWithLink?: ErrorMessageWithLink | undefined;
 }

--- a/x-pack/plugins/integration_assistant/common/api/model/common_attributes.gen.ts
+++ b/x-pack/plugins/integration_assistant/common/api/model/common_attributes.gen.ts
@ -85,6 +85,8 @@ export const SamplesFormatName = z.enum([
  'unstructured',
  'unsupported',
  'cef',
+  'leef',
+  'fix',
 ]);
 export type SamplesFormatNameEnum = typeof SamplesFormatName.enum;
 export const SamplesFormatNameEnum = SamplesFormatName.enum;
--- a/x-pack/plugins/integration_assistant/common/api/model/common_attributes.schema.yaml
+++ b/x-pack/plugins/integration_assistant/common/api/model/common_attributes.schema.yaml
@ -65,6 +65,8 @@ components:
        - unstructured
        - unsupported
        - cef
+        - leef
+        - fix

    SamplesFormat:
      type: object
--- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/translations.ts
+++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/translations.ts
@ -212,12 +212,20 @@ export const GENERATION_ERROR_TRANSLATION: Record<
      defaultMessage: 'Max attempts exceeded. Please try again.',
    }
  ),
-  [GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT]: i18n.translate(
-    'xpack.integrationAssistant.errors.unsupportedLogSamples',
-    {
-      defaultMessage: 'Unsupported log format in the samples.',
+  [GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT]: (attributes) => {
+    if (attributes.logFormat !== undefined && attributes.logFormat?.length !== 0) {
+      return i18n.translate('xpack.integrationAssistant.errors.uparseableCSV.withReason', {
+        values: {
+          format: attributes.logFormat,
+        },
+        defaultMessage: `Unsupported log format in the samples (format: {format}).`,
+      });
+    } else {
+      return i18n.translate('xpack.integrationAssistant.errors.unsupportedLogSamples', {
+        defaultMessage: `Unsupported log format in the samples.`,
+      });
    }
-  ),
+  },
  [GenerationErrorCode.CEF_ERROR]: i18n.translate('xpack.integrationAssistant.errors.cefError', {
    // This is a default error message if the linking does not work.
    defaultMessage:
--- a/x-pack/plugins/integration_assistant/server/graphs/log_type_detection/prompts.ts
+++ b/x-pack/plugins/integration_assistant/server/graphs/log_type_detection/prompts.ts
@ -24,6 +24,8 @@ Follow these steps to do this:
  * 'structured': If the log samples have structured message body with key-value pairs then classify it as "name: structured". Look for a flat list of key-value pairs, often separated by some delimiters. Consider variations in formatting, such as quotes around values ("key=value", key="value"), special characters in keys or values, or escape sequences.
  * 'unstructured': If the log samples have unstructured body like a free-form text then classify it as "name: unstructured".
  * 'cef': If the log samples have Common Event Format (CEF) then classify it as "name: cef".
+  * 'leef': If the log samples have Log Event Extended Format (LEEF) then classify it as "name: leef".
+  * 'fix': If the log samples have Financial Information eXchange (FIX) then classify it as "name: fix".
  * 'unsupported': If you cannot put the format into any of the above categories then classify it with "name: unsupported".
 2. Header: for structured and unstructured format:
  - if the samples have any or all of priority, timestamp, loglevel, hostname, ipAddress, messageId in the beginning information then set "header: true".
--- a/x-pack/plugins/integration_assistant/server/lib/errors/unsupported_error.ts
+++ b/x-pack/plugins/integration_assistant/server/lib/errors/unsupported_error.ts
@ -9,18 +9,45 @@ import { KibanaResponseFactory } from '@kbn/core/server';
 import { ErrorThatHandlesItsOwnResponse } from './types';
 import { GenerationErrorCode } from '../../../common/constants';

+interface UnsupportedLogFormat {
+  message: string;
+  logFormat?: string;
+}
+
+interface UnsupportedLogFormatResponseBody {
+  message: string;
+  attributes: {
+    errorCode: string;
+    logFormat?: string;
+  };
+}
+
 export class UnsupportedLogFormatError extends Error implements ErrorThatHandlesItsOwnResponse {
  private readonly errorCode: string = GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT;
+  private logFormat: string | undefined;

-  // eslint-disable-next-line @typescript-eslint/no-useless-constructor
-  constructor(message: string) {
-    super(message);
+  constructor(unsupportedLogFormat: UnsupportedLogFormat) {
+    super(unsupportedLogFormat.message);
+    if (unsupportedLogFormat.logFormat) {
+      this.logFormat = unsupportedLogFormat.logFormat;
+    }
  }

  public sendResponse(res: KibanaResponseFactory) {
+    const responseBody: UnsupportedLogFormatResponseBody = {
+      message: this.message,
+      attributes: {
+        errorCode: this.errorCode,
+      },
+    };
+
+    if (this.logFormat) {
+      responseBody.attributes.logFormat = this.logFormat;
+    }
+
    return res.customError({
      statusCode: 501,
-      body: { message: this.message, attributes: { errorCode: this.errorCode } },
+      body: responseBody,
    });
  }
 }
--- a/x-pack/plugins/integration_assistant/server/routes/analyze_logs_routes.ts
+++ b/x-pack/plugins/integration_assistant/server/routes/analyze_logs_routes.ts
@ -106,11 +106,21 @@ export function registerAnalyzeLogsRoutes(

          switch (graphLogFormat) {
            case 'unsupported':
-              throw new UnsupportedLogFormatError(
-                GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT
-              );
+              throw new UnsupportedLogFormatError({
+                message: GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT,
+              });
            case 'cef':
              throw new CefError(GenerationErrorCode.CEF_ERROR);
+            case 'leef':
+              throw new UnsupportedLogFormatError({
+                message: GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT,
+                logFormat: 'Log Event Extended Format (LEEF)',
+              });
+            case 'fix':
+              throw new UnsupportedLogFormatError({
+                message: GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT,
+                logFormat: 'Financial Information eXchange (FIX)',
+              });
          }

          return res.ok({ body: AnalyzeLogsResponse.parse(graphResults) });