[8.17] [Automatic Import] Restrict unsupported log formats (elastic#2…

…02994) (elastic#203175)

# Backport

This will backport the following commits from `main` to `8.17`:
- [[Automatic Import] Restrict unsupported log formats
(elastic#202994)](elastic#202994)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Bharat
Pasupula","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-05T19:18:08Z","message":"[Automatic
Import] Restrict unsupported log formats
(elastic#202994)","sha":"178baa8468b3252bbebb6074baf0e59c9916d1a3","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","backport:prev-major","Team:Security-Scalability","Feature:AutomaticImport"],"title":"[Automatic
Import] Restrict unsupported log
formats","number":202994,"url":"https://github.com/elastic/kibana/pull/202994","mergeCommit":{"message":"[Automatic
Import] Restrict unsupported log formats
(elastic#202994)","sha":"178baa8468b3252bbebb6074baf0e59c9916d1a3"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/202994","number":202994,"mergeCommit":{"message":"[Automatic
Import] Restrict unsupported log formats
(elastic#202994)","sha":"178baa8468b3252bbebb6074baf0e59c9916d1a3"}}]}]
BACKPORT-->

Co-authored-by: Bharat Pasupula <[email protected]>

x-pack/plugins/integration_assistant/common/api/generation_error.ts

@@ -34,6 +34,7 @@ export function isGenerationErrorBody(obj: unknown | undefined): obj is Generati
 export interface GenerationErrorAttributes {
   errorCode: GenerationErrorCode;
   underlyingMessages?: string[] | undefined;
+  logFormat?: string | undefined;
   errorMessageWithLink?: ErrorMessageWithLink | undefined;
 }
 

x-pack/plugins/integration_assistant/common/api/model/common_attributes.gen.ts

@@ -85,6 +85,8 @@ export const SamplesFormatName = z.enum([
   'unstructured',
   'unsupported',
   'cef',
+  'leef',
+  'fix',
 ]);
 export type SamplesFormatNameEnum = typeof SamplesFormatName.enum;
 export const SamplesFormatNameEnum = SamplesFormatName.enum;

x-pack/plugins/integration_assistant/common/api/model/common_attributes.schema.yaml

@@ -65,6 +65,8 @@ components:
         - unstructured
         - unsupported
         - cef
+        - leef
+        - fix
 
     SamplesFormat:
       type: object

x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/translations.ts

@@ -212,12 +212,20 @@ export const GENERATION_ERROR_TRANSLATION: Record<
       defaultMessage: 'Max attempts exceeded. Please try again.',
     }
   ),
-  [GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT]: i18n.translate(
-    'xpack.integrationAssistant.errors.unsupportedLogSamples',
-    {
-      defaultMessage: 'Unsupported log format in the samples.',
+  [GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT]: (attributes) => {
+    if (attributes.logFormat !== undefined && attributes.logFormat?.length !== 0) {
+      return i18n.translate('xpack.integrationAssistant.errors.uparseableCSV.withReason', {
+        values: {
+          format: attributes.logFormat,
+        },
+        defaultMessage: `Unsupported log format in the samples (format: {format}).`,
+      });
+    } else {
+      return i18n.translate('xpack.integrationAssistant.errors.unsupportedLogSamples', {
+        defaultMessage: `Unsupported log format in the samples.`,
+      });
     }
-  ),
+  },
   [GenerationErrorCode.CEF_ERROR]: i18n.translate('xpack.integrationAssistant.errors.cefError', {
     // This is a default error message if the linking does not work.
     defaultMessage:

x-pack/plugins/integration_assistant/server/graphs/log_type_detection/prompts.ts

@@ -24,6 +24,8 @@ Follow these steps to do this:
   * 'structured': If the log samples have structured message body with key-value pairs then classify it as "name: structured". Look for a flat list of key-value pairs, often separated by some delimiters. Consider variations in formatting, such as quotes around values ("key=value", key="value"), special characters in keys or values, or escape sequences.
   * 'unstructured': If the log samples have unstructured body like a free-form text then classify it as "name: unstructured".
   * 'cef': If the log samples have Common Event Format (CEF) then classify it as "name: cef".
+  * 'leef': If the log samples have Log Event Extended Format (LEEF) then classify it as "name: leef".
+  * 'fix': If the log samples have Financial Information eXchange (FIX) then classify it as "name: fix".
   * 'unsupported': If you cannot put the format into any of the above categories then classify it with "name: unsupported".
 2. Header: for structured and unstructured format:
   - if the samples have any or all of priority, timestamp, loglevel, hostname, ipAddress, messageId in the beginning information then set "header: true".

x-pack/plugins/integration_assistant/server/lib/errors/unsupported_error.ts

@@ -9,18 +9,45 @@ import { KibanaResponseFactory } from '@kbn/core/server';
 import { ErrorThatHandlesItsOwnResponse } from './types';
 import { GenerationErrorCode } from '../../../common/constants';
 
+interface UnsupportedLogFormat {
+  message: string;
+  logFormat?: string;
+}
+
+interface UnsupportedLogFormatResponseBody {
+  message: string;
+  attributes: {
+    errorCode: string;
+    logFormat?: string;
+  };
+}
+
 export class UnsupportedLogFormatError extends Error implements ErrorThatHandlesItsOwnResponse {
   private readonly errorCode: string = GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT;
+  private logFormat: string | undefined;
 
-  // eslint-disable-next-line @typescript-eslint/no-useless-constructor
-  constructor(message: string) {
-    super(message);
+  constructor(unsupportedLogFormat: UnsupportedLogFormat) {
+    super(unsupportedLogFormat.message);
+    if (unsupportedLogFormat.logFormat) {
+      this.logFormat = unsupportedLogFormat.logFormat;
+    }
   }
 
   public sendResponse(res: KibanaResponseFactory) {
+    const responseBody: UnsupportedLogFormatResponseBody = {
+      message: this.message,
+      attributes: {
+        errorCode: this.errorCode,
+      },
+    };
+
+    if (this.logFormat) {
+      responseBody.attributes.logFormat = this.logFormat;
+    }
+
     return res.customError({
       statusCode: 501,
-      body: { message: this.message, attributes: { errorCode: this.errorCode } },
+      body: responseBody,
     });
   }
 }

x-pack/plugins/integration_assistant/server/routes/analyze_logs_routes.ts

@@ -106,11 +106,21 @@ export function registerAnalyzeLogsRoutes(
 
           switch (graphLogFormat) {
             case 'unsupported':
-              throw new UnsupportedLogFormatError(
-                GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT
-              );
+              throw new UnsupportedLogFormatError({
+                message: GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT,
+              });
             case 'cef':
               throw new CefError(GenerationErrorCode.CEF_ERROR);
+            case 'leef':
+              throw new UnsupportedLogFormatError({
+                message: GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT,
+                logFormat: 'Log Event Extended Format (LEEF)',
+              });
+            case 'fix':
+              throw new UnsupportedLogFormatError({
+                message: GenerationErrorCode.UNSUPPORTED_LOG_SAMPLES_FORMAT,
+                logFormat: 'Financial Information eXchange (FIX)',
+              });
           }
 
           return res.ok({ body: AnalyzeLogsResponse.parse(graphResults) });