x-pack/filebeat/input/http_endpoint: fix handling of http_endpoint request exceeding memory limits by efd6 · Pull Request #41765 · elastic/beats

efd6 · 2024-11-24T21:05:38Z

Proposed commit message

The input does not have a way to communicate back-pressure to clients, potentially leading to unconstrained growth in the publisher event queue and an OoM event. This change adds a mechanism to keep track of the total sum of in-flight message bytes from the client in order to allow the server to return a 503 HTTP status when the total is too large.

Note that this does not monitor the total memory in the queue as that would require a complete understanding of the allocations in the preparation of event values to be sent to the publisher, but rather uses the message length as a reasonable proxy.

Checklist

My code follows the style guidelines of this project
I have commented my code, particularly in hard-to-understand areas
I have made corresponding changes to the documentation
I have made corresponding change to the default configuration files
I have added tests that prove my fix is effective or that my feature works
I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

Author's Checklist

There is also the possibility of using the metrics to retain the in-flight bytes count. This may be worth doing if we actually want to use that gauge metric. If we do that, I'd also think that having a overage count to distinguish failure due to this from all others. What is here is the minimal change required to get the feature.

How to test this PR locally

Related issues

Fixes x-pack/filebeat/input/http_endpoint: add back pressure mechanism #41764

Use cases

Screenshots

Logs

mergify · 2024-11-24T21:06:13Z

backport-8.x has been added to help with the transition to the new branch 8.x.
If you don't need it please use backport-skip label and remove the backport-8.x label.

elasticmachine · 2024-11-24T23:46:43Z

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

mergify · 2024-11-25T19:22:31Z

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 41764-http_endpoint upstream/41764-http_endpoint
git merge upstream/main
git push upstream 41764-http_endpoint

…quest exceeding memory limits The input does not have a way to communicate back-pressure to clients, potentially leading to unconstrained growth in the publisher event queue and an OoM event. This change adds a mechanism to keep track of the total sum of in-flight message bytes from the client in order to allow the server to return a 503 HTTP status when the total is too large. Note that this does not monitor the total memory in the queue as that would require a complete understanding of the allocations in the preparation of event values to be sent to the publisher, but rather uses the message length as a reasonable proxy.

kcreddy

Just a clarification. LGTM otherwise.

x-pack/filebeat/input/http_endpoint/handler.go

…quest exceeding memory limits (#41765) The input does not have a way to communicate back-pressure to clients, potentially leading to unconstrained growth in the publisher event queue and an OoM event. This change adds a mechanism to keep track of the total sum of in-flight message bytes from the client in order to allow the server to return a 503 HTTP status when the total is too large. Note that this does not monitor the total memory in the queue as that would require a complete understanding of the allocations in the preparation of event values to be sent to the publisher, but rather uses the message length as a reasonable proxy. (cherry picked from commit 2ad3922)

…ling of http_endpoint request exceeding memory limits (#41820) * x-pack/filebeat/input/http_endpoint: fix handling of http_endpoint request exceeding memory limits (#41765) The input does not have a way to communicate back-pressure to clients, potentially leading to unconstrained growth in the publisher event queue and an OoM event. This change adds a mechanism to keep track of the total sum of in-flight message bytes from the client in order to allow the server to return a 503 HTTP status when the total is too large. Note that this does not monitor the total memory in the queue as that would require a complete understanding of the allocations in the preparation of event values to be sent to the publisher, but rather uses the message length as a reasonable proxy. (cherry picked from commit 2ad3922) * remove irrelevant changelog entries --------- Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>

…quest exceeding memory limits (#41765) (#41819) The input does not have a way to communicate back-pressure to clients, potentially leading to unconstrained growth in the publisher event queue and an OoM event. This change adds a mechanism to keep track of the total sum of in-flight message bytes from the client in order to allow the server to return a 503 HTTP status when the total is too large. Note that this does not monitor the total memory in the queue as that would require a complete understanding of the allocations in the preparation of event values to be sent to the publisher, but rather uses the message length as a reasonable proxy. (cherry picked from commit 2ad3922) Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>

…ling of http_endpoint request exceeding memory limits (#41818) * x-pack/filebeat/input/http_endpoint: fix handling of http_endpoint request exceeding memory limits (#41765) The input does not have a way to communicate back-pressure to clients, potentially leading to unconstrained growth in the publisher event queue and an OoM event. This change adds a mechanism to keep track of the total sum of in-flight message bytes from the client in order to allow the server to return a 503 HTTP status when the total is too large. Note that this does not monitor the total memory in the queue as that would require a complete understanding of the allocations in the preparation of event values to be sent to the publisher, but rather uses the message length as a reasonable proxy. (cherry picked from commit 2ad3922) * remove irrelevant changelog entries --------- Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>

efd6 added Filebeat Filebeat bugfix Team:Security-Service Integrations Security Service Integrations Team 8.16-candidate backport-8.16 Automated backport with mergify labels Nov 24, 2024

efd6 self-assigned this Nov 24, 2024

botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Nov 24, 2024

efd6 force-pushed the 41764-http_endpoint branch from 189160d to f6527d5 Compare November 24, 2024 21:06

mergify bot added the backport-8.x Automated backport to the 8.x branch with mergify label Nov 24, 2024

efd6 force-pushed the 41764-http_endpoint branch from f6527d5 to f24169b Compare November 24, 2024 22:08

efd6 marked this pull request as ready for review November 24, 2024 23:46

efd6 requested a review from a team as a code owner November 24, 2024 23:46

efd6 force-pushed the 41764-http_endpoint branch 2 times, most recently from ac98f9f to 7c7251a Compare November 25, 2024 10:25

efd6 force-pushed the 41764-http_endpoint branch from 7c7251a to 6f1cd44 Compare November 25, 2024 19:31

efd6 added the backport-8.17 Automated backport with mergify label Nov 25, 2024

efd6 force-pushed the 41764-http_endpoint branch 4 times, most recently from e9148a8 to 76c7c77 Compare November 25, 2024 21:39

efd6 force-pushed the 41764-http_endpoint branch from 76c7c77 to a7bf1ce Compare November 25, 2024 21:58

kcreddy approved these changes Nov 28, 2024

View reviewed changes

x-pack/filebeat/input/http_endpoint/handler.go Show resolved Hide resolved

efd6 merged commit 2ad3922 into elastic:main Nov 28, 2024

mergify bot mentioned this pull request Nov 28, 2024

[8.16](backport #41765) x-pack/filebeat/input/http_endpoint: fix handling of http_endpoint request exceeding memory limits #41818

Merged

7 tasks

mergify bot mentioned this pull request Nov 28, 2024

[8.x](backport #41765) x-pack/filebeat/input/http_endpoint: fix handling of http_endpoint request exceeding memory limits #41819

Merged

7 tasks

mergify bot mentioned this pull request Nov 28, 2024

[8.17](backport #41765) x-pack/filebeat/input/http_endpoint: fix handling of http_endpoint request exceeding memory limits #41820

Merged

7 tasks

khushijain21 mentioned this pull request Jun 23, 2025

test4 #44958

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x-pack/filebeat/input/http_endpoint: fix handling of http_endpoint request exceeding memory limits#41765

x-pack/filebeat/input/http_endpoint: fix handling of http_endpoint request exceeding memory limits#41765
efd6 merged 1 commit intoelastic:mainfrom
efd6:41764-http_endpoint

efd6 commented Nov 24, 2024 •

edited

Loading

Uh oh!

mergify bot commented Nov 24, 2024

Uh oh!

elasticmachine commented Nov 24, 2024

Uh oh!

mergify bot commented Nov 25, 2024

Uh oh!

kcreddy left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

efd6 commented Nov 24, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Proposed commit message

Checklist

Disruptive User Impact

Author's Checklist

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

Uh oh!

mergify bot commented Nov 24, 2024

Uh oh!

elasticmachine commented Nov 24, 2024

Uh oh!

mergify bot commented Nov 25, 2024

Uh oh!

kcreddy left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

efd6 commented Nov 24, 2024 •

edited

Loading