Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] Change okta.target to nested field #24636

Merged
merged 5 commits into from
Apr 7, 2021
Merged

[Filebeat] Change okta.target to nested field #24636

merged 5 commits into from
Apr 7, 2021

Conversation

legoguy1000
Copy link
Contributor

@legoguy1000 legoguy1000 commented Mar 18, 2021
edited
Loading

What does this PR do?

Resolves #24354. Changes the okta.target field from an array to flattened type

Why is it important?

unable to perform nested searches on the fields without it.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

How to test this PR locally

Related issues

Resolves #24354

Use cases

Screenshots

Logs

#24354 (comment)

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Mar 18, 2021
@elasticmachine
Copy link
Collaborator

elasticmachine commented Mar 18, 2021
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Pull request #24636 updated

  • Start Time: 2021-04-07T06:39:12.015+0000

  • Duration: 52 min 6 sec

  • Commit: dd58e84

Test stats 🧪

Test Results
Failed 0
Passed 13416
Skipped 2271
Total 15687

Trends 🧪

Image of Build Times

Image of Tests

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 13416
Skipped 2271
Total 15687

@legoguy1000 legoguy1000 marked this pull request as ready for review March 18, 2021 15:22
@andrewkroh
Copy link
Member

jenkins, run tests

@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Mar 18, 2021
@legoguy1000 legoguy1000 mentioned this pull request Mar 19, 2021
Closed
6 tasks
@legoguy1000
Copy link
Contributor Author

After doing some digging, this could also be a flattened field type. Any ideas on what's best?

@legoguy1000 legoguy1000 force-pushed the okta-target-nested branch 3 times, most recently from db20183 to eb88a2a Compare March 28, 2021 17:48
@marc-gr
Copy link
Contributor

marc-gr commented Apr 1, 2021

After doing some digging, this could also be a flattened field type. Any ideas on what's best?

Good point, from https://developer.okta.com/docs/reference/api/system-log/#target-object it seems that the detail field can be an arbitrary object. Maybe to prevent a mapping explosion would be safer to change the field to flattened instead of nested.

@legoguy1000
Copy link
Contributor Author

After doing some digging, this could also be a flattened field type. Any ideas on what's best?

Good point, from https://developer.okta.com/docs/reference/api/system-log/#target-object it seems that the detail field can be an arbitrary object. Maybe to prevent a mapping explosion would be safer to change the field to flattened instead of nested.

Will do.

@legoguy1000
Copy link
Contributor Author

After doing some digging, this could also be a flattened field type. Any ideas on what's best?

Good point, from https://developer.okta.com/docs/reference/api/system-log/#target-object it seems that the detail field can be an arbitrary object. Maybe to prevent a mapping explosion would be safer to change the field to flattened instead of nested.

Will do.

Done.

@legoguy1000
Copy link
Contributor Author

@marc-gr Ready for review

@marc-gr
Copy link
Contributor

marc-gr commented Apr 6, 2021

jenkins run tests

@marc-gr marc-gr added needs_integration_sync Changes in this PR need synced to elastic/integrations. needs_backport PR is waiting to be backported to other branches. labels Apr 7, 2021
@marc-gr marc-gr merged commit 803e8ca into elastic:master Apr 7, 2021
@marc-gr
Copy link
Contributor

marc-gr commented Apr 7, 2021

Thanks for the contribution! ❤️

v1v added a commit to v1v/beats that referenced this pull request Apr 7, 2021
@v1v
Merge remote-tracking branch 'upstream/master' into feature/mergify
c1238b8 
* upstream/master: (91 commits)
  [Filebeat] Change okta.target to nested field (elastic#24636)
  Add RFC5424 format support for syslog input  (elastic#23954)
  Fix links to Beats product pages (elastic#24821)
  [DOCS] Fix 'make setup' instructions for a new beat (elastic#24944)
  Remove duplicate decode_xml entry (elastic#24941)
  [libbeat] Add wineventlog schema to decode_xml processor (elastic#24726)
  [Elastic Agent] Add check for URL set when cert and cert key. (elastic#24904)
  feat: stage execution cache (elastic#24780)
  Fix error in Journalbeat commands (elastic#24880)
  Add baseline ECS 1.9.0 upgrade (elastic#24909)
  [Elastic Agent] Cloud container legacy apm files. (elastic#24896)
  [Elastic Agent]: Reduce allowed socket path length (elastic#24914)
  Add ability to destroy indices with wildcards in testing (elastic#24915)
  Add status subcommand to report status of running daemon. (elastic#24856)
  Fix types of fields GetHits and Ops in Metricbeat module for Couchbase (elastic#23287)
  Add support for Filestream input in elastic agent. (elastic#24820)
  Implement k8s secrets provider for Agent (elastic#24789)
  Sort processor list in docs (elastic#24874)
  Add support for SCRAM authentication in kafka metricbeat module (elastic#24810)
  Properly update offset in case of unparasable line (elastic#22685)
  ...
@legoguy1000 legoguy1000 deleted the okta-target-nested branch April 7, 2021 12:09
@marc-gr marc-gr mentioned this pull request Apr 7, 2021
Merged
6 tasks
@marc-gr marc-gr added v7.13.0 and removed needs_backport PR is waiting to be backported to other branches. labels Apr 7, 2021
marc-gr pushed a commit to marc-gr/beats that referenced this pull request Apr 7, 2021
@legoguy1000 @marc-gr
[Filebeat] Change okta.target to nested field (elastic#24636)
1b2e7f1 
* Change okta.target to nested field

* update to flattened field type

* fixed test files

* update changelog

* Move changelog line to Added section

Co-authored-by: Marc Guasch <marc.guasch@elastic.co>
(cherry picked from commit 803e8ca)
marc-gr added a commit that referenced this pull request Apr 7, 2021
@marc-gr @legoguy1000
[Filebeat] Change okta.target to nested field (#24636) (#24969)
698df22 
* Change okta.target to nested field

* update to flattened field type

* fixed test files

* update changelog

* Move changelog line to Added section

Co-authored-by: Marc Guasch <marc.guasch@elastic.co>
(cherry picked from commit 803e8ca)

Co-authored-by: Alex Resnick <adr8292@gmail.com>
@marc-gr marc-gr mentioned this pull request Apr 8, 2021
Merged
2 tasks
@marc-gr marc-gr removed the needs_integration_sync Changes in this PR need synced to elastic/integrations. label Apr 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marc-gr marc-gr marc-gr approved these changes

Assignees

@marc-gr marc-gr

Labels
enhancement Filebeat Filebeat review v7.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Filebeat] Okta module mapping issue for 'okta.target'
4 participants
@legoguy1000 @elasticmachine @andrewkroh @marc-gr