Add support for _msearch, _bulk and _doc operations

[pinoOgni]

This PR continues the work done in #801 and it:

• adds support for _msearch, _bulk and _doc Elasticsearch operations.
• removes the extractDBQueryText function: we just return the body and we don't check if it's a valid JSON because from an observability point of view it is still an Elasticsearch request/response. This way, we gain performance and provide the user with the query of the request.
• updates tests
• updates operation name extraction

[codecov]

Codecov Report

❌ Patch coverage is 48.27586% with 15 lines in your changes missing coverage. Please review.
✅ Project coverage is 55.08%. Comparing base (f6e1fcd) to head (f0d594a).

Files with missing lines	Patch %	Lines
pkg/ebpf/common/http/elasticsearch.go	48.27%	15 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #853      +/-   ##
==========================================
- Coverage   55.09%   55.08%   -0.02%     
==========================================
  Files         251      251              
  Lines       21477    21475       -2     
==========================================
- Hits        11833    11829       -4     
- Misses       8828     8830       +2     
  Partials      816      816              

Flag	Coverage Δ
integration-test	23.24% <0.00%> (-0.05%)	⬇️
integration-test-arm	0.00% <0.00%> (ø)
integration-test-vm-${ARCH}-${KERNEL_VERSION}	0.00% <0.00%> (ø)
k8s-integration-test	2.76% <0.00%> (-0.02%)	⬇️
oats-test	0.00% <0.00%> (ø)
unittests	46.20% <48.27%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[mmat11]

Forgot to mention, https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/blob/main/devdocs/features.md should be updated

[grcevski]

LGTM! Great work, good to merge as soon as tests pass.

[grcevski]

The shard-4 failure looks related, it's failing in the ES test.

[pinoOgni]

The shard-4 failure looks related, it's failing in the ES test.

Let me investigate it!

[NimrodAvni78]

nice!

[pinoOgni]

Hi everyone, I've been doing some research on the tests that fail.
Locally, they always work, so I looked at the logs from the CI (and thanks to @mmat11) and noticed that in some cases there seems to be conflicts with the kprobe/tcp_sendmsg probe. So I think tests are flaky.

[mmat11]

Hi everyone, I've been doing some research on the tests that fail. Locally, they always work, so I looked at the logs from the CI (and thanks to @mmat11) and noticed that in some cases there seems to be conflicts between the kprobe/unix_stream_sendmsg and kprobe/tcp_sendmsg probes. So I think tests are flaky.

edit: we are still looking for the root cause
This is very hard to investigate locally because it's somehow triggered more frequently in CI.
I suggest flagging this integration test as flaky and open a follow-up issue for when the real issue is solved to re-enable it

[grcevski]

Hi everyone, I've been doing some research on the tests that fail. Locally, they always work, so I looked at the logs from the CI (and thanks to @mmat11) and noticed that in some cases there seems to be conflicts between the kprobe/unix_stream_sendmsg and kprobe/tcp_sendmsg probes. So I think tests are flaky.

edit: we are still looking for the root cause This is very hard to investigate locally because it's somehow triggered more frequently in CI. I suggest flagging this integration test as flaky and open a follow-up issue for when the real issue is solved to re-enable it

I'm good with that plan, let's disable the test if you'd like and continue on another PR.

[grcevski]

I can also take a look at the BPF logs to see if anything is weird, unix_stream_sendmsg should be triggering for unix socks, I wonder if another traffic somehow passes through there and it's impacting this code path.

[pinoOgni]

I can also take a look at the BPF logs to see if anything is weird, unix_stream_sendmsg should be triggering for unix socks, I wonder if another traffic somehow passes through there and it's impacting this code path.

Hi @grcevski, my comment on the unix_stream_sendmsg was wrong. I updated the comment today.

[grcevski]

No problem, let me know what you want to do. I re-ran the test one more time to see if it passes and it failed again in the same spot. I haven't had time today to look into it to see if I can spot the issue. I'm at a company offsite this week, but I'll try tomorrow.