elastic · kibanamachine · Dec 5, 2024 · Dec 5, 2024
@@ -34,6 +34,7 @@ export function isGenerationErrorBody(obj: unknown | undefined): obj is Generati
 export interface GenerationErrorAttributes {
   errorCode: GenerationErrorCode;
   underlyingMessages?: string[] | undefined;
+  logFormat?: string | undefined;
   errorMessageWithLink?: ErrorMessageWithLink | undefined;
 }
 

@@ -85,6 +85,8 @@ export const SamplesFormatName = z.enum([
   'unstructured',
   'unsupported',
   'cef',
+  'leef',
+  'fix',
 ]);
 export type SamplesFormatNameEnum = typeof SamplesFormatName.enum;
 export const SamplesFormatNameEnum = SamplesFormatName.enum;

@@ -65,6 +65,8 @@ components:
         - unstructured
         - unsupported
         - cef
+        - leef
+        - fix
 
     SamplesFormat:
       type: object

@@ -212,12 +212,20 @@ export const GENERATION_ERROR_TRANSLATION: Record<
       defaultMessage: 'Max attempts exceeded. Please try again.',
     }
   ),
-  [GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT]: i18n.translate(
-    'xpack.integrationAssistant.errors.unsupportedLogSamples',
-    {
-      defaultMessage: 'Unsupported log format in the samples.',
+  [GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT]: (attributes) => {
+    if (attributes.logFormat !== undefined && attributes.logFormat?.length !== 0) {
+      return i18n.translate('xpack.integrationAssistant.errors.uparseableCSV.withReason', {
+        values: {
+          format: attributes.logFormat,
+        },
+        defaultMessage: `Unsupported log format in the samples (format: {format}).`,
+      });
+    } else {
+      return i18n.translate('xpack.integrationAssistant.errors.unsupportedLogSamples', {
+        defaultMessage: `Unsupported log format in the samples.`,
+      });
     }
-  ),
+  },
   [GenerationErrorCode.CEF_ERROR]: i18n.translate('xpack.integrationAssistant.errors.cefError', {
     // This is a default error message if the linking does not work.
     defaultMessage:

@@ -24,6 +24,8 @@ Follow these steps to do this:
   * 'structured': If the log samples have structured message body with key-value pairs then classify it as "name: structured". Look for a flat list of key-value pairs, often separated by some delimiters. Consider variations in formatting, such as quotes around values ("key=value", key="value"), special characters in keys or values, or escape sequences.
   * 'unstructured': If the log samples have unstructured body like a free-form text then classify it as "name: unstructured".
   * 'cef': If the log samples have Common Event Format (CEF) then classify it as "name: cef".
+  * 'leef': If the log samples have Log Event Extended Format (LEEF) then classify it as "name: leef".
+  * 'fix': If the log samples have Financial Information eXchange (FIX) then classify it as "name: fix".
   * 'unsupported': If you cannot put the format into any of the above categories then classify it with "name: unsupported".
 2. Header: for structured and unstructured format:
   - if the samples have any or all of priority, timestamp, loglevel, hostname, ipAddress, messageId in the beginning information then set "header: true".

@@ -9,18 +9,45 @@ import { KibanaResponseFactory } from '@kbn/core/server';
 import { ErrorThatHandlesItsOwnResponse } from './types';
 import { GenerationErrorCode } from '../../../common/constants';
 
+interface UnsupportedLogFormat {
+  message: string;
+  logFormat?: string;
+}
+
+interface UnsupportedLogFormatResponseBody {
+  message: string;
+  attributes: {
+    errorCode: string;
+    logFormat?: string;
+  };
+}
+
 export class UnsupportedLogFormatError extends Error implements ErrorThatHandlesItsOwnResponse {
   private readonly errorCode: string = GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT;
+  private logFormat: string | undefined;
 
-  // eslint-disable-next-line @typescript-eslint/no-useless-constructor
-  constructor(message: string) {
-    super(message);
+  constructor(unsupportedLogFormat: UnsupportedLogFormat) {
+    super(unsupportedLogFormat.message);
+    if (unsupportedLogFormat.logFormat) {
+      this.logFormat = unsupportedLogFormat.logFormat;
+    }
   }
 
   public sendResponse(res: KibanaResponseFactory) {
+    const responseBody: UnsupportedLogFormatResponseBody = {
+      message: this.message,
+      attributes: {
+        errorCode: this.errorCode,
+      },
+    };
+
+    if (this.logFormat) {
+      responseBody.attributes.logFormat = this.logFormat;
+    }
+
     return res.customError({
       statusCode: 501,
-      body: { message: this.message, attributes: { errorCode: this.errorCode } },
+      body: responseBody,
     });
   }
 }
@@ -106,11 +106,21 @@ export function registerAnalyzeLogsRoutes(
 
           switch (graphLogFormat) {
             case 'unsupported':
-              throw new UnsupportedLogFormatError(
-                GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT
-              );
+              throw new UnsupportedLogFormatError({
+                message: GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT,
+              });
             case 'cef':
               throw new CefError(GenerationErrorCode.CEF_ERROR);
+            case 'leef':
+              throw new UnsupportedLogFormatError({
+                message: GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT,
+                logFormat: 'Log Event Extended Format (LEEF)',
+              });
+            case 'fix':
+              throw new UnsupportedLogFormatError({
+                message: GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT,
+                logFormat: 'Financial Information eXchange (FIX)',
+              });
           }
 
           return res.ok({ body: AnalyzeLogsResponse.parse(graphResults) });