Fix event handler types filter when using bulk export API#61787
Fix event handler types filter when using bulk export API#61787
types filter when using bulk export API#61787Conversation
kshi36
changed the title
types filter when using bulk export APItypes filter when using bulk export API
github-actions
bot
added
audit-log
| @@ -38,7 +38,6 @@ You may specify configuration options via command line arguments, environment va | |||
| | skip-session-types | Comma-separated list of session event types to skip | FDFWD_SKIP_SESSION_TYPES | | |||
| | start-time | Minimum event time (RFC3339 format) | FDFWD_START_TIME | | |||
| | timeout | Polling timeout | FDFWD_TIMEOUT | | |||
| | cursor | Start cursor value | FDFWD_CURSOR | | |||
There was a problem hiding this comment.
The cursor CLI option (and environment variable) do not seem to exist anymore
tigrato
left a comment
tigrato
left a comment
There was a problem hiding this comment.
I’m wondering whether we should do the same logic we do in SearchUnstructuredEvents. In that call, we pass the filter types directly to the auth server as a request parameter. Should we do the same here?
It would improve gRPC API throughput and avoid unnecessary unmarshalling and marshalling of events server side that we’ll ultimately discard anyway.
I will take a look into this. |
Based on the documentation on the usage of the bulk export API, it seems to favor not filtering types within |
I think that your PR is fine. We do have some stretch goal this quarter to improve event export performance. But before spending more time improving the design for performance, we'll need to measure where we spend time, what is slow, and where we can reap gains. Tiago is right and we can definitely improve the design here but if this provides a marginal 2% speedup in the general case (very likely as few events are usually filtered) while we could achieve a 30% speedup by fixing something else (and there's a lot to fix 🫠 ) this would not be a very efficient usage of our time. |
public-teleport-github-review-bot
bot
removed the request for review
from bernardjkim
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
* Fixed event handler `types` filter when using bulk export API * Fix license * Refactor and remove debug logs * Fix tests
* Fixed event handler `types` filter when using bulk export API * Fix license * Refactor and remove debug logs * Fix tests
…62082) * Fixed event handler `types` filter when using bulk export API * Fix license * Refactor and remove debug logs * Fix tests
…62083) * Fixed event handler `types` filter when using bulk export API * Fix license * Refactor and remove debug logs * Fix tests
* Fixed event handler `types` filter when using bulk export API * Fix license * Refactor and remove debug logs * Fix tests
5 participants
Fixes #56099
Manual Tests
Test:
typesfilter works correctly for clients using new bulk export APItomlconfiguration file with the following options:types="user.login"filter forwards onlyuser.loginevents to fluentd audit events endpointskip-event-types="user.login"filter skips forwardinguser.loginevents to fluentd audit events endpointskip-session-types="db.session.query"filter skips forwardingdb.session.queryevents to fluentd session events endpointtomlconfig file and CLI argumentschangelog: Fixed bug where event handler
typesfilter is ignored for Teleport clients using Athena storage backend