[filebeat][input] - Websocket Input with CEL engine

[ShourieG]

Type of change

• Enhancement
• Docs

Proposed commit message

Websocket input implementation based on Gorilla websockets. It uses the CEL engine and the mito library
for processing of responses and maintaining the cursor. This input can be used to ingest data from any modern websocket server.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

• Added tests for config validation
• Added tests for Websocket input

How to test this PR locally

1. Clone the beats repo locally and make sure you have golang env setup.
2. Perform a go mod tidy to fetch any missing libraries.
3. Move to the x-pack/filebeat directory by doing cd x-pack/filebeat.
4. Configure the filebeat.yml according to the websocket documentation and customise it to your needs.
5. Run go run main.go -e -d "websocket" to start the input with filtering out relevant logs.

Sample config:

- type: websocket
  url: ws://localhost:443/v1/stream
  program: |
    bytes(state.response).decode_json().as(inner_body,{
      "events": {
        "message":  inner_body.encode_json(),
      }
    })

To enable pretty printing on console, configure the following attributes in the filebeat.yml config:

output.console:
  enabled: true
  pretty: true

Related issues

• Closes [Filebeat] Input to ingest data from WebSocket API #30991
• Relates Proofpoint On Demand integrations#1196

Use cases

Screenshots

Logs

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @ShourieG? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

[elasticmachine]

❕ Build Aborted

There is a new build on-going so the previous on-going builds have been aborted.

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2024-01-29T12:40:10.758+0000

• Duration: 20 min 2 sec

Test stats 🧪

Test	Results
Failed	1
Passed	1288
Skipped	11
Total	1300

Test errors

Expand to view the tests failures

Build&Test / x-pack/filebeat-goIntegTest / TestBenchmarkInputS3 – github.com/elastic/beats/v7/x-pack/filebeat/input/awss3

Expand to view the error details

 Failed 

Expand to view the stacktrace

 === RUN   TestBenchmarkInputS3
signal: terminated
 

Steps errors

Expand to view the steps failures

Error signal

• Took 0 min 0 sec . View more details here
• Description: Error 'org.jenkinsci.plugins.workflow.steps.FlowInterruptedException'

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2024-01-29T12:52:55.913+0000

• Duration: 178 min 8 sec

Test stats 🧪

Test	Results
Failed	0
Passed	28778
Skipped	2014
Total	30792

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

❕ Build Aborted

Either there was a build timeout or someone aborted the build.

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Duration: 43 min 20 sec

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

❕ Build Aborted

Either there was a build timeout or someone aborted the build.

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Duration: 182 min 0 sec

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2024-01-30T14:50:59.922+0000

• Duration: 181 min 31 sec

Test stats 🧪

Test	Results
Failed	0
Passed	28778
Skipped	2014
Total	30792

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[efd6]

Is a cursor a meaningful concept in this context? Aren't we at the whim of what the ws server sends us?

[ShourieG]

Is a cursor a meaningful concept in this context? Aren't we at the whim of what the ws server sends us?

Yes indeed we are at the mercy of what the websocket sends us, but incase it sends a timestamp Along with the event, we could include a cursor based condition in the cel program to process events accordingly. This would be upto the end user to configure.

[ShourieG]

@efd6 I've addressed all the PR suggestions and added the config tests

[efd6]

doc nits then LGTM

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: c68ad52

History

• 💚 Build #1228 succeeded 57a5dac
• 💚 Build #1227 succeeded 341ad87
• 💚 Build #1204 succeeded c301b16
• 💚 Build #1185 succeeded 6d00e55

cc @ShourieG

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: c68ad52

History

• 💚 Build #1223 succeeded 57a5dac
• 💚 Build #1222 succeeded 341ad87
• 💚 Build #1199 succeeded c301b16
• 💚 Build #1180 succeeded 6d00e55

cc @ShourieG

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: c68ad52

History

• 💚 Build #392 succeeded 57a5dac
• 💚 Build #391 succeeded 341ad87
• 💔 Build #368 failed c301b16
• 💚 Build #349 succeeded 6d00e55

cc @ShourieG

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: c68ad52

History

• 💚 Build #1553 succeeded 57a5dac
• 💔 Build #1529 failed c301b16
• 💚 Build #1512 succeeded 6d00e55

cc @ShourieG

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: c68ad52

History

• 💚 Build #2441 succeeded 57a5dac
• 💔 Build #2440 failed 341ad87
• 💔 Build #2417 failed c301b16
• 💚 Build #2398 succeeded 6d00e55

cc @ShourieG

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: c68ad52

History

• 💚 Build #2892 succeeded 57a5dac
• 💔 Build #2868 failed c301b16
• 💚 Build #2851 succeeded 6d00e55
• 💚 Build #2771 succeeded 3d6f070
• 💚 Build #2726 succeeded 581a210
• 💚 Build #2596 succeeded 21cdf6f

cc @ShourieG