Skip to content

Commit

Permalink
Osquerybeat: Return the query result count with the action response (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
aleksmaus authored Oct 21, 2021

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 7b162dc commit cb9d3a7
Showing 1 changed file with 11 additions and 8 deletions.
19 changes: 11 additions & 8 deletions x-pack/osquerybeat/beater/action_handler.go
Original file line number Diff line number Diff line change
@@ -49,7 +49,7 @@ func (a *actionHandler) Name() string {
func (a *actionHandler) Execute(ctx context.Context, req map[string]interface{}) (map[string]interface{}, error) {

start := time.Now().UTC()
err := a.execute(ctx, req)
count, err := a.execute(ctx, req)
end := time.Now().UTC()

res := map[string]interface{}{
@@ -59,14 +59,16 @@ func (a *actionHandler) Execute(ctx context.Context, req map[string]interface{})

if err != nil {
res["error"] = err.Error()
} else {
res["count"] = count
}
return res, nil
}

func (a *actionHandler) execute(ctx context.Context, req map[string]interface{}) error {
func (a *actionHandler) execute(ctx context.Context, req map[string]interface{}) (int, error) {
ac, err := action.FromMap(req)
if err != nil {
return fmt.Errorf("%v: %w", err, ErrQueryExecution)
return 0, fmt.Errorf("%v: %w", err, ErrQueryExecution)
}

var namespace string
@@ -80,13 +82,13 @@ func (a *actionHandler) execute(ctx context.Context, req map[string]interface{})
return a.executeQuery(ctx, config.Datastream(namespace), ac, "", req)
}

func (a *actionHandler) executeQuery(ctx context.Context, index string, ac action.Action, responseID string, req map[string]interface{}) error {
func (a *actionHandler) executeQuery(ctx context.Context, index string, ac action.Action, responseID string, req map[string]interface{}) (int, error) {

if a.queryExec == nil {
return ErrNoQueryExecutor
return 0, ErrNoQueryExecutor
}
if a.publisher == nil {
return ErrNoPublisher
return 0, ErrNoPublisher
}

a.log.Debugf("Execute query: %s", ac.Query)
@@ -97,11 +99,12 @@ func (a *actionHandler) executeQuery(ctx context.Context, index string, ac actio

if err != nil {
a.log.Errorf("Failed to execute query, err: %v", err)
return err
return 0, err
}

a.log.Debugf("Completed query in: %v", time.Since(start))

a.publisher.Publish(index, ac.ID, responseID, hits, ac.ECSMapping, req["data"])
return nil

return len(hits), nil
}

0 comments on commit cb9d3a7

Please sign in to comment.