You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Summary: Centralize duplicated request-tracer filename sanitization logic used across multiple Filebeat HTTP inputs into x-pack/filebeat/input/internal/httplog and migrate inputs incrementally.
Problem
The same sanitization routine is duplicated in multiple input implementations, increasing maintenance cost and making behavior changes error-prone.
This pattern indicates shared behavior is still fragmented after the prior path-validation extraction.
Proposed Approach
Add/expand shared helpers in x-pack/filebeat/input/internal/httplog for request-tracer path concerns, then migrate call sites incrementally. Keep input-specific behavior at call sites while consolidating common primitives.
What changes:
Shared utility functions move to internal/httplog.
Inputs call shared helpers instead of local copies.
What stays the same:
Per-input config, logging, and tracer enablement flow.
Existing runtime semantics.
Why better:
One implementation for cross-cutting sanitization logic.
Lower risk of divergence across inputs.
Future tracer-path behavior changes become single-point updates.
Proof of Concept
I partially implemented this refactor on one representative slice to verify viability.
Risk: Subtle behavior drift during migration. Mitigation: Keep helper behavior byte-for-byte equivalent and migrate one package at a time with package-scoped tests.
Risk: Scope creep into unrelated tracer concerns. Mitigation: Limit this refactor to helper consolidation first; defer behavioral changes to follow-up PRs.
Evidence
Duplication references listed above (path:line).
Co-change signal from git log --since="60 days ago" includes shared commit ec6e82f86c across the same set of input areas.
Existing shared tracer path helper already present at x-pack/filebeat/input/internal/httplog/roundtripper.go:37-44, making this a low-risk continuation of consolidation.
Note
π Integrity filter blocked 57 items
The following items were blocked because they don't meet the GitHub integrity level.
#50867search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#50758search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#50774search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#49159search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#48464search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#49163search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#49162search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#51138search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#51137search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#51139search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#51058search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#51057search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#51056search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#49800search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#48359search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
#45589search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
... and 41 more items
To allow these resources, lower min-integrity in your GitHub frontmatter:
ποΈ Refactor Proposal
Summary: Centralize duplicated request-tracer filename sanitization logic used across multiple Filebeat HTTP inputs into
x-pack/filebeat/input/internal/httplogand migrate inputs incrementally.Problem
The same sanitization routine is duplicated in multiple input implementations, increasing maintenance cost and making behavior changes error-prone.
Concrete duplication evidence:
x-pack/filebeat/input/httpjson/input.go:293x-pack/filebeat/input/cel/input.go:170x-pack/filebeat/input/http_endpoint/input.go:152x-pack/filebeat/input/entityanalytics/provider/jamf/jamf.go:265x-pack/filebeat/input/entityanalytics/provider/okta/okta.go:280x-pack/filebeat/input/entityanalytics/provider/azuread/fetcher/graph/graph.go:598These files also co-change in recent work touching request-tracer handling:
ec6e82f86cβx-pack/filebeat/input/{cel,httpjson,http_endpoint,entityanalytics},internal/httplog: fix request tracer path validation under OTel receiver runtime (#50581)This pattern indicates shared behavior is still fragmented after the prior path-validation extraction.
Proposed Approach
Add/expand shared helpers in
x-pack/filebeat/input/internal/httplogfor request-tracer path concerns, then migrate call sites incrementally. Keep input-specific behavior at call sites while consolidating common primitives.What changes:
internal/httplog.What stays the same:
Why better:
Proof of Concept
I partially implemented this refactor on one representative slice to verify viability.
Files changed:
x-pack/filebeat/input/internal/httplog/roundtripper.gox-pack/filebeat/input/http_endpoint/input.goBefore β After:
Before (
x-pack/filebeat/input/http_endpoint/input.go):After:
and shared helper added in
x-pack/filebeat/input/internal/httplog/roundtripper.go:46-52.Verification:
go test ./x-pack/filebeat/input/http_endpoint ./x-pack/filebeat/input/internal/httplogβIncremental Rollout Plan
This refactor can be completed incrementally:
http_endpointnow useshttplog.SanitizeFileName.httpjsonandcelto the shared helper.entityanalyticsproviders (jamf,okta,azuread) and remove remaining duplicated helpers.Risks and Mitigations
Mitigation: Keep helper behavior byte-for-byte equivalent and migrate one package at a time with package-scoped tests.
Mitigation: Limit this refactor to helper consolidation first; defer behavioral changes to follow-up PRs.
Evidence
path:line).git log --since="60 days ago"includes shared commitec6e82f86cacross the same set of input areas.x-pack/filebeat/input/internal/httplog/roundtripper.go:37-44, making this a low-risk continuation of consolidation.Note
π Integrity filter blocked 57 items
The following items were blocked because they don't meet the GitHub integrity level.
search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".To allow these resources, lower
min-integrityin your GitHub frontmatter:What is this? | From workflow: Refactor Opportunist
Give us feedback! React with π if perfect, π if helpful, π if not.