Httpjson Input Config Issue

I am using the Fleet integration for httpjson to attempt to pull down API logs.

The request I am mimicking in the config is the curl request below (which works correctly).

curl --location --request POST '' \
--header 'Content-Type: application/json' \
--header 'x-org-id: xxxxxx' \
--header 'x-api-key: xxxxxxxxxxxxxxxx' \
--data-raw '{"service": ["all"], "start_time": "2022-03-01T14:00:00Z"}'

In the Fleet config for the integration, I am setting the request transforms, like so -

- set:
    target: header.Content-Type
    value: 'application/json'
- set:
    target: header.x-org-id
    value: 'xxxxxxxx'
- set:
    target: header.x-api-key
    value: 'xxxxxxxxxxxxxxxx'
- set:
    target: body.service
    value: ["all"]
- set:
    target: body.start_time
    value: '2022-03-15T14:00:00Z'

I've tried all variations of the below, which I think may be the issue, including "all", "[all]", all, [all], but to no avail.

- set:
    target: body.service
    value: all

I continue to get errors like this one.

[elastic_agent.filebeat][error] Error while processing http request: failed to execute http client.Do: server responded with status code 400: {"message":"Unable to parse JSON request body Invalid service: \u0026[34 97 108 108 34] json: cannot unmarshal string into Go value of type []model.ServiceEnum"}

Can anyone assist in what I may be doing wrong, so I can correctly get the integration pulling logs from the API endpoint?

Hello! If you need the value to be an array, you can try append instead of set:

- append:
    target: body.service
    value: "all"

Let me know if that works!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.