search

google / grr

GRR Rapid Response: remote live forensics for incident response
https://grr-doc.readthedocs.io/
Apache License 2.0
4.77k stars 764 forks source link

Update elasticsearch output plugin. #991

Closed fredx30 closed 1 year ago

fredx30 commented 2 years ago

Updates the elasticsearch output plugin to conform to additional requirements set by the elasticcsearch _bulk api.

The final line of data must end with a newline character \n. Each newline character may be preceded by a carriage return \r. When sending NDJSON data to the _bulk endpoint, use a Content-Type header of application/json or application/x-ndjson.

Adds a changelog entry for the above change.

Edit: Added a test to ensure one of the elastic approved content type headers is used. Added a test to ensure the post body to _bulk ends with a '\n'.

Closes #990

fredx30 commented 2 years ago

Thanks a lot for fixing this! I only have small comments, the this PR is ready to be merged.

Easy review, thanks!

Think i got them all.

fredx30 commented 2 years ago

Pushed a rebase style fast-forward update to current master.

max-vogler commented 1 year ago

Thanks for your PR, again! :)