httplog - reduce duplication to shrink log message size (#36531)

The request and response bodies are included twice in request tracer messages. The body appears in both the event.original and http.{request,response}.body.content. This removes the body from the event.original. It should help reduce the log message sizes for large responses.
elastic · Sep 7, 2023 · 8d3aa91 · 8d3aa91
1 parent 06ce3a6
commit 8d3aa91
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -217,6 +217,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 - Allow fine-grained control of entity analytics API requests for Okta provider. {issue}36440[36440] {pull}36492[36492]
 - Add support for expanding `journald.process.capabilities` into the human-readable effective capabilities in the ECS `process.thread.capabilities.effective` field. {issue}36454[36454] {pull}36470[36470]
 - Allow fine-grained control of entity analytics API requests for AzureAD provider. {issue}36440[36440] {pull}36441[36441]
+- For request tracer logging in CEL and httpjson the request and response body are no longer included in `event.original`. The body is still present in `http.{request,response}.body.content`. {pull}36531[36531]
 - Added support for Okta OAuth2 provider in the CEL input. {issue}36336[36336] {pull}36521[36521]
 
 *Auditbeat*

diff --git a/x-pack/filebeat/input/internal/httplog/roundtripper.go b/x-pack/filebeat/input/internal/httplog/roundtripper.go
@@ -65,15 +65,15 @@ type LoggingRoundTripper struct {
 //	http.request.body.content
 //	http.request.body.bytes
 //	http.request.mime_type
-//	event.original (the full request and body from httputil.DumpRequestOut)
+//	event.original (the request without body from httputil.DumpRequestOut)
 //
 // Fields logged in responses:
 //
 //	http.response.status_code
 //	http.response.body.content
 //	http.response.body.bytes
 //	http.response.mime_type
-//	event.original (the full response and body from httputil.DumpResponse)
+//	event.original (the response without body from httputil.DumpResponse)
 func (rt *LoggingRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
 	// Create a child logger for this request.
 	log := rt.logger.With(
@@ -111,7 +111,7 @@ func (rt *LoggingRoundTripper) RoundTrip(req *http.Request) (*http.Response, err
 			zap.String("http.request.mime_type", req.Header.Get("Content-Type")),
 		)
 	}
-	message, err := httputil.DumpRequestOut(req, true)
+	message, err := httputil.DumpRequestOut(req, false)
 	if err != nil {
 		errorsMessages = append(errorsMessages, fmt.Sprintf("failed to dump request: %s", err))
 	} else {
@@ -149,7 +149,7 @@ func (rt *LoggingRoundTripper) RoundTrip(req *http.Request) (*http.Response, err
 			zap.String("http.response.mime_type", resp.Header.Get("Content-Type")),
 		)
 	}
-	message, err = httputil.DumpResponse(resp, true)
+	message, err = httputil.DumpResponse(resp, false)
 	if err != nil {
 		errorsMessages = append(errorsMessages, fmt.Sprintf("failed to dump response: %s", err))
 	} else {