[Infra UI] Adding rule for MySQL error and slowlog (#28219)

* Adding rule for MySQL error and slowlog * Renaming rules variable * Fixing slowlog rule * Updating prefixes
2025-04-23 01:13:23 -04:00 · 2019-01-11 12:05:17 -07:00 · 2019-01-11 12:05:17 -07:00 · bafdcd17b4
commit bafdcd17b4
parent b14194fdeb
3 changed files with 149 additions and 0 deletions
--- a/x-pack/plugins/infra/server/lib/domains/log_entries_domain/builtin_rules/filebeat_mysql.test.ts
+++ b/x-pack/plugins/infra/server/lib/domains/log_entries_domain/builtin_rules/filebeat_mysql.test.ts
@ -0,0 +1,85 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { compileFormattingRules } from '../message';
+import { filebeatMySQLRules } from './filebeat_mysql';
+
+const { format } = compileFormattingRules(filebeatMySQLRules);
+
+describe('Filebeat Rules', () => {
+  test('mysql error log', () => {
+    const errorDoc = {
+      'mysql.error.message':
+        "Access denied for user 'petclinicdd'@'47.153.152.234' (using password: YES)",
+    };
+    const message = format(errorDoc);
+    expect(message).toEqual([
+      {
+        constant: '[MySQL][error] ',
+      },
+      {
+        field: 'mysql.error.message',
+        highlights: [],
+        value: "Access denied for user 'petclinicdd'@'47.153.152.234' (using password: YES)",
+      },
+    ]);
+  });
+  test('mysql slow log', () => {
+    const errorDoc = {
+      'mysql.slowlog.query': 'select * from hosts',
+      'mysql.slowlog.query_time.sec': 5,
+      'mysql.slowlog.user': 'admin',
+      'mysql.slowlog.ip': '192.168.1.42',
+      'mysql.slowlog.host': 'webserver-01',
+    };
+    const message = format(errorDoc);
+    expect(message).toEqual([
+      {
+        constant: '[MySQL][slowlog] ',
+      },
+      {
+        field: 'mysql.slowlog.user',
+        highlights: [],
+        value: 'admin',
+      },
+      {
+        constant: '@',
+      },
+      {
+        field: 'mysql.slowlog.host',
+        highlights: [],
+        value: 'webserver-01',
+      },
+      {
+        constant: ' [',
+      },
+      {
+        field: 'mysql.slowlog.ip',
+        highlights: [],
+        value: '192.168.1.42',
+      },
+      {
+        constant: '] ',
+      },
+      {
+        constant: ' - ',
+      },
+      {
+        field: 'mysql.slowlog.query_time.sec',
+        highlights: [],
+        value: '5',
+      },
+      {
+        constant: 'sec - ',
+      },
+      {
+        field: 'mysql.slowlog.query',
+        highlights: [],
+        value: 'select * from hosts',
+      },
+    ]);
+  });
+});
--- a/x-pack/plugins/infra/server/lib/domains/log_entries_domain/builtin_rules/filebeat_mysql.ts
+++ b/x-pack/plugins/infra/server/lib/domains/log_entries_domain/builtin_rules/filebeat_mysql.ts
@ -0,0 +1,61 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export const filebeatMySQLRules = [
+  {
+    when: {
+      exists: ['mysql.error.message'],
+    },
+    format: [
+      {
+        constant: '[MySQL][error] ',
+      },
+      {
+        field: 'mysql.error.message',
+      },
+    ],
+  },
+  {
+    when: {
+      exists: ['mysql.slowlog.user', 'mysql.slowlog.query_time.sec', 'mysql.slowlog.query'],
+    },
+    format: [
+      {
+        constant: '[MySQL][slowlog] ',
+      },
+      {
+        field: 'mysql.slowlog.user',
+      },
+      {
+        constant: '@',
+      },
+      {
+        field: 'mysql.slowlog.host',
+      },
+      {
+        constant: ' [',
+      },
+      {
+        field: 'mysql.slowlog.ip',
+      },
+      {
+        constant: '] ',
+      },
+      {
+        constant: ' - ',
+      },
+      {
+        field: 'mysql.slowlog.query_time.sec',
+      },
+      {
+        constant: 'sec - ',
+      },
+      {
+        field: 'mysql.slowlog.query',
+      },
+    ],
+  },
+];
--- a/x-pack/plugins/infra/server/lib/domains/log_entries_domain/builtin_rules/index.ts
+++ b/x-pack/plugins/infra/server/lib/domains/log_entries_domain/builtin_rules/index.ts
@ -6,9 +6,11 @@

 import { filebeatApache2Rules } from './filebeat_apache2';
 import { filebeatAuditdRules } from './filebeat_auditd';
+import { filebeatMySQLRules } from './filebeat_mysql';
 import { filebeatNginxRules } from './filebeat_nginx';
 import { filebeatRedisRules } from './filebeat_redis';
 import { filebeatSystemRules } from './filebeat_system';
+
 import { genericRules } from './generic';

 export const builtinRules = [
@ -16,6 +18,7 @@ export const builtinRules = [
  ...filebeatNginxRules,
  ...filebeatRedisRules,
  ...filebeatSystemRules,
+  ...filebeatMySQLRules,
  ...filebeatAuditdRules,
  ...genericRules,
  {