Guidance on lookup

Description

I am looking for guidance on a lookup feature.

We use Atlassian Stash and other Atlassian products, we currently have a Kibana dashboard for CAPTCHA requests. There seems to be a bug where users of Chrome do not see the CAPTCHA screen while Safari and IE users do.

So users using Chrome will continue to try and access Stash or another Atlassian service and be denied access. But they have no idea why and open a support ticket with our group.

In the Kibana dashboard we can see the userid, but not the email address of the user having the issue, it's not part of the log.

So it's a manual process if we want to be proactive and lookup the userid having the issue.

Step 1) copy / paste userid into Atlassian Crowd
https://crowd/stash/admin/users/view?name=<userid>

Step 2) copy / paste user email address from result page

Step 3) email user informing them they appear to be having a CAPTCHA issue and recommend trying another browser.

The Kibana dashboard has two columns, userid, and captcha count.

Some users have over 1000 captcha requests in the past 24 hours. This is caused by continuous integration scripts. They have no idea they are failing, which is why we are trying to be proactive.

So my question is, do I hook into the crowd api from logstash as the logs are parsed and add the user email there before the document is inserted into elasticsearch, or is it better to run something on the elasticsearch backend that will update this documents as they are created, or some other way I have not thought about?

The geoip lookup happens in logstash, so I know it's a viable option.

Any insight would be great.

Thanks
Zach

Environment

None

Status

Assignee

Logstash Developers

Reporter

Zachary Buckholz

Priority