Feature request - Please add source_address_key logic for network inputs

[ryn9]

Is your feature request related to a problem? Please describe.
N/A

Describe the solution you'd like
Like is available in some fluentd network inputs, it would be valuable to be able to store the source address as a key for network based inputs.

Example - https://docs.fluentd.org/input/tcp#source_address_key

Describe alternatives you've considered
N/A

Additional context
N/A

[ryn9]

It would also be valuable to have support for Proxy Protocol v1 and Proxy Protocol v2 for saving source addresses to keys

[agup006]

@cosmo0920 Is there anything we could borrow from the fluentd implementation for this feature?

[github-actions]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days. Maintainers can add the exempt-stale label.

[q2dg]

This issue deserves a lot more attention

[ryn9]

@agup006 @cosmo0920 any update on whether this is being looked at?

Would very much appreciate seeing this for (at least) the following network inputs:
Syslog
HTTP
TCP

For comparison - here are "metadata" fields available with using logstash for such network inputs:
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-udp.html#plugins-inputs-udp-ecs_metadata
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html#plugins-inputs-http-ecs_metadata
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-tcp.html#plugins-inputs-tcp-ecs_metadata

[bplessis-swi]

Is it not the purpose of Source_Address_Key ?
https://docs.fluentbit.io/manual/pipeline/inputs/syslog

[q2dg]

Yes, but for "tcp" and "http" input plugins too, at least

[ryn9]

I believe this would be of value for all network based inputs

[ryn9]

Some quick notes:

Syslog:
added via #7651
THANK YOU!

UDP:
added via #7673
THANK YOU!

TCP:
pending - #7672

HTTP:
I don't think anyone has started work on this.

For whatever it is worth - since Syslog was added - I have been testing with inputs like the following to get UDP and TCP data, plus can pass it direct to a parser which UDP and TCP don't currently seem to support

[INPUT]
  tag test_tag
  name syslog
  mode tcp
  port 9080
#  buffer_chunk_size
#  receive_buffer_size
  parser test_parser
  source_address_key test_source_address_key

[INPUT]
  tag test_tag
  name syslog
  mode udp
  port 9080
#  buffer_chunk_size
#  receive_buffer_size
  parser test_parser
  source_address_key test_source_address_key

[q2dg]

Where are the commits that implement this feature request??

[ryn9]

Where are the commits that implement this feature request??

Syslog:
added via #7651

UDP:
added via #7673

TCP:
pending - #7672

HTTP:
I don't think this one was done :/

[smd75jr]

For at least syslog, is there any chance we can get an option to strip out things like the protocol and port number?