search

turbot / steampipe-plugin-aws

Use SQL to instantly query AWS resources across regions and accounts. Open source CLI. No DB required.
https://hub.steampipe.io/plugins/turbot/aws
Apache License 2.0
190 stars 103 forks source link

aws_cloudtrail_trail_event filter on `event_name` doest work #902

Closed johnsmyth closed 2 years ago

johnsmyth commented 2 years ago

Describe the bug I'm trying to query the aws_cloudtrail_trail_event table for ConsoleLogin events. When I specify where log_group_name = 'Cloudtrail/llog_group_name' and event_name = 'ConsoleLogin', the query seems to hang. the plugin logs have entries like this:

2022-02-16 18:04:12.547 UTC [ERROR] steampipe-plugin-aws.plugin: [ERROR] listCloudwatchLogTrailEvents: input.FilterPattern="{ ( $.eventName = "ConsoleLogin" ) }"
2022-02-16 18:04:12.547 UTC [ERROR] steampipe-plugin-aws.plugin: [ERROR] listCloudwatchLogTrailEvents: input.FilterPattern="{ ( $.eventName = "ConsoleLogin" ) }"
2022-02-16 18:04:12.547 UTC [ERROR] steampipe-plugin-aws.plugin: [ERROR] listCloudwatchLogTrailEvents: input.FilterPattern="{ ( $.eventName = "ConsoleLogin" ) }"
2022-02-16 18:04:12.547 UTC [ERROR] steampipe-plugin-aws.plugin: [ERROR] listCloudwatchLogTrailEvents: input.FilterPattern="{ ( $.eventName = "ConsoleLogin" ) }"
2022-02-16 18:04:12.547 UTC [ERROR] steampipe-plugin-aws.plugin: [ERROR] listCloudwatchLogTrailEvents: input.FilterPattern="{ ( $.eventName = "ConsoleLogin" ) }"
2022-02-16 18:04:12.547 UTC [ERROR] steampipe-plugin-aws.plugin: [ERROR] listCloudwatchLogTrailEvents: input.FilterPattern="{ ( $.eventName = "ConsoleLogin" ) }"
20
...

Steampipe version (steampipe -v) steampipe version 0.13.0-alpha.8

Plugin version (steampipe plugin list) 0.48.0, but recompiled with new sdk - github.com/turbot/steampipe-plugin-sdk/v2 v2.0.3

To reproduce

select 
  *
from 
  aws_cloudtrail_trail_event 
where 
  log_group_name = 'Cloudtrail/llog_group_name' and event_name = 'ConsoleLogin'

and view the plugin logs.

Expected behavior should use the event_type qual and return results.

rajlearner17 commented 2 years ago

We will start looking into it.

ParthaI commented 2 years ago

Most of the columns of this table depends upon a single property message, which is available in the response of this API

message is a string type, we are doing Unmarshal for getting other column values, but if the value of the message property is not a valid JSON then it throws error/ return null data.

The alternative api is https://pkg.go.dev/github.com/aws/aws-sdk-go@v1.42.53/service/cloudtrail#CloudTrail.LookupEventsPages

If we are using LookupEventsPages api it will consume more time than current approach

github-actions[bot] commented 2 years ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

github-actions[bot] commented 2 years ago

This issue was closed because it has been stalled for 90 days with no activity.