Support new Suricata JSON format which includes arrays and strings (#9338)

2021-06-14 10:07:36 -05:00 · 2021-06-14 10:07:36 -05:00 · 1d4b8d62f5
parent da7f2c7a93
commit 1d4b8d62f5
3 changed files with 68 additions and 0 deletions
--- a/plugins/inputs/suricata/suricata.go
+++ b/plugins/inputs/suricata/suricata.go
@ -148,6 +148,15 @@ func flexFlatten(outmap map[string]interface{}, field string, v interface{}, del
 				return err
 			}
 		}
+	case []interface{}:
+		for _, v := range t {
+			err := flexFlatten(outmap, field, v, delimiter)
+			if err != nil {
+				return err
+			}
+		}
+	case string:
+		outmap[field] = v
 	case float64:
 		outmap[field] = v.(float64)
 	default:
--- a/plugins/inputs/suricata/suricata_test.go
+++ b/plugins/inputs/suricata/suricata_test.go
@ -296,3 +296,41 @@ func TestSuricataStartStop(t *testing.T) {
 	require.NoError(t, s.Start(&acc))
 	s.Stop()
 }
+
+func TestSuricataParse(t *testing.T) {
+	tests := []struct {
+		filename string
+		expected []telegraf.Metric
+	}{{
+		filename: "test2.json",
+		expected: []telegraf.Metric{
+			testutil.MustMetric(
+				"suricata",
+				map[string]string{
+					"thread": "W#01-ens2f1",
+				},
+				map[string]interface{}{
+					"detect_alert":                float64(0),
+					"detect_engines_id":           float64(0),
+					"detect_engines_last_reload":  "2021-06-08T06:33:05.084872+0000",
+					"detect_engines_rules_failed": float64(0),
+					"detect_engines_rules_loaded": float64(22712),
+				},
+				time.Unix(0, 0),
+			),
+		},
+	},
+	}
+
+	for _, tc := range tests {
+		data, err := ioutil.ReadFile("testdata/" + tc.filename)
+		require.NoError(t, err)
+		s := Suricata{
+			Delimiter: "_",
+		}
+		acc := testutil.Accumulator{}
+		s.parse(&acc, data)
+
+		testutil.RequireMetricsEqual(t, tc.expected, acc.GetTelegrafMetrics(), testutil.IgnoreTime())
+	}
+}
--- a/plugins/inputs/suricata/testdata/test2.json
+++ b/plugins/inputs/suricata/testdata/test2.json
@ -0,0 +1,21 @@
+{
+    "timestamp": "2021-06-08T06:34:49.237367+0000",
+    "event_type": "stats",
+    "stats": {
+        "threads": {
+            "W#01-ens2f1": {
+                "detect": {
+                    "engines": [
+                        {
+                            "id": 0,
+                            "last_reload": "2021-06-08T06:33:05.084872+0000",
+                            "rules_loaded": 22712,
+                            "rules_failed": 0
+                        }
+                    ],
+                    "alert": 0
+                }
+            }
+        }
+    }
+}