I am looking for guidance on a lookup feature.
We use Atlassian Stash and other Atlassian products, we currently have a Kibana dashboard for CAPTCHA requests. There seems to be a bug where users of Chrome do not see the CAPTCHA screen while Safari and IE users do.
So users using Chrome will continue to try and access Stash or another Atlassian service and be denied access. But they have no idea why and open a support ticket with our group.
In the Kibana dashboard we can see the userid, but not the email address of the user having the issue, it's not part of the log.
So it's a manual process if we want to be proactive and lookup the userid having the issue.
Step 1) copy / paste userid into Atlassian Crowd
Step 2) copy / paste user email address from result page
Step 3) email user informing them they appear to be having a CAPTCHA issue and recommend trying another browser.
The Kibana dashboard has two columns, userid, and captcha count.
Some users have over 1000 captcha requests in the past 24 hours. This is caused by continuous integration scripts. They have no idea they are failing, which is why we are trying to be proactive.
So my question is, do I hook into the crowd api from logstash as the logs are parsed and add the user email there before the document is inserted into elasticsearch, or is it better to run something on the elasticsearch backend that will update this documents as they are created, or some other way I have not thought about?
The geoip lookup happens in logstash, so I know it's a viable option.
Any insight would be great.
It looks like doing this as a filter in logstash is the best route.
Then adding another filter that makes a call to the Crowd rest api.