Add multiline support to awss3 input

[leehinman]

What does this PR do?

Adds multiline and encoding reader support to aws-s3 input. This does
not change the processing of JSON logs by aws-s3 input.

Why is it important?

This is needed so you can read logs that have embedded new lines. For
example XML Windows events.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

• Need S3 bucket & SQS queue, then upload multiline logs.

Related issues

• Closes [Filebeat] Support multiline options in aws s3 input #25249

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25249_awss3_input_multiline2 upstream/25249_awss3_input_multiline2
git merge upstream/master
git push upstream 25249_awss3_input_multiline2

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Build Cause: Pull request #25710 updated

• Start Time: 2021-05-17T15:13:31.892+0000

• Duration: 115 min 39 sec

• Commit: 8a3b408

Test stats 🧪

Test	Results
Failed	0
Passed	7031
Skipped	1193
Total	8224

Trends 🧪

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test	Results
Failed	0
Passed	7031
Skipped	1193
Total	8224

[andrewkroh]

Awesome 😄 . I took a very quick pass at it. Plan to look a little deeper and try it out tomorrow.

[andrewkroh]

Can you combine this into a one-liner, e.g. if err = c.forwardEvent(event); err != nil {.

[andrewkroh]

Do you think these options should be available in the FileSelectorCfg?

[leehinman]

Hmmmm we could...

The use case would be a single S3 bucket that has a mix of multiline and non-multiline log files.

I'll add it, and we can see if we like it.

[andrewkroh]

The parser options could be combined into a struct that is embedded in both config and FileSelectorCfg to avoid having to duplicate the same config struct tags.

[leehinman]

I'm thinking of changing this so you always have a file_selector, the default is just to match any filename. That should make the config and code paths cleaner. I know we want to get a build out with multiline "soon". You OK with merging as is, with a new PR this week to clean this up?

[marc-gr]

Do you think could be worth adding a new test with the multiline config in s3_integration_test.go?

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 25249_awss3_input_multiline2 upstream/25249_awss3_input_multiline2
git merge upstream/master
git push upstream 25249_awss3_input_multiline2

[leehinman]

Do you think could be worth adding a new test with the multiline config in s3_integration_test.go?

added it. running it is a little weird you have to setup S3 bucket & SQS ahead of time, then upload the 2 sample files, then run go test --tags=integration,aws

Long term I'd like to improve this.

[marc-gr]

I think some files need to be formatted

[marc-gr]

LGTM once the formatting is fixed

[kaiyan-sheng]

LGTM! Thank you for adding this feature!! Are you planning to add this into the AWS package later? I'm adding the label just to make sure we don't forget about it :)