Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] Fix IPtables pipeline #24928

Merged
merged 6 commits into from
Apr 12, 2021
Merged

[Filebeat] Fix IPtables pipeline #24928

merged 6 commits into from
Apr 12, 2021

Conversation

legoguy1000
Copy link
Contributor

@legoguy1000 legoguy1000 commented Apr 5, 2021
edited
Loading

What does this PR do?

Fixes the Ubiquiti dashboard as part of the IPtables module and updates the grok patterns to better parse the sample data.

Why is it important?

Ubiquiti dashboard was never updated when pipeline was modified so fields don't match.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • [ ]

How to test this PR locally

GENERATE=true TESTING_FILEBEAT_MODULES=iptables TESTING_FILEBEAT_FILESETS=log mage -v pythonIntegTest

Related issues

Use cases

Screenshots

Logs

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Apr 5, 2021
@elasticmachine
Copy link
Collaborator

elasticmachine commented Apr 5, 2021
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: leehinman commented: /test

  • Start Time: 2021-04-12T14:19:07.768+0000

  • Duration: 73 min 8 sec

  • Commit: c926391

Test stats 🧪

Test Results
Failed 0
Passed 6910
Skipped 1185
Total 8095

Trends 🧪

Image of Build Times

Image of Tests

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 6910
Skipped 1185
Total 8095

PrplHaz4
PrplHaz4 reviewed Apr 5, 2021
View reviewed changes
CHANGELOG.next.asciidoc Outdated Show resolved Hide resolved
@legoguy1000 legoguy1000 marked this pull request as ready for review April 5, 2021 15:42
@legoguy1000
Copy link
Contributor Author

Should be good to review.

@legoguy1000
Copy link
Contributor Author

@leehinman You were the last one to make major changes to this module. Can you take a look?

leehinman
leehinman requested changes Apr 7, 2021
View reviewed changes
Copy link
Contributor

@leehinman leehinman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank You. Changes look good, just one question on the community_id processor.

x-pack/filebeat/module/iptables/log/config/input.yml Show resolved Hide resolved
@mergify
Copy link
Contributor

mergify bot commented Apr 9, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 24878-fix-ubiquity-dashboard upstream/24878-fix-ubiquity-dashboard
git merge upstream/master
git push upstream 24878-fix-ubiquity-dashboard

@legoguy1000 legoguy1000 force-pushed the 24878-fix-ubiquity-dashboard branch 2 times, most recently from 9c2aeab to 8f4db5e Compare April 11, 2021 21:26
@mergify
Copy link
Contributor

mergify bot commented Apr 12, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 24878-fix-ubiquity-dashboard upstream/24878-fix-ubiquity-dashboard
git merge upstream/master
git push upstream 24878-fix-ubiquity-dashboard

@leehinman
Copy link
Contributor

/test

@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Apr 12, 2021
@leehinman leehinman added enhancement needs_team Indicates that the issue/PR needs a Team:* label labels Apr 12, 2021
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Apr 12, 2021
@botelastic
Copy link

botelastic bot commented Apr 12, 2021

This pull request doesn't have a Team:<team> label.

@leehinman leehinman added Filebeat Filebeat backport-v7.13.0 Automated backport with mergify needs_integration_sync Changes in this PR need synced to elastic/integrations. labels Apr 12, 2021
@leehinman leehinman merged commit ddcf8f1 into elastic:master Apr 12, 2021
mergify bot pushed a commit that referenced this pull request Apr 12, 2021
@legoguy1000
[Filebeat] Fix IPtables pipeline (#24928)
59918e1 
* #24878: Fix IPtables pipeline
  - fix dashboards
  - populate additional event.actions
  - move community_id processor to ingest node
  - set observer.name

(cherry picked from commit ddcf8f1)
@mergify mergify bot mentioned this pull request Apr 12, 2021
Merged
leehinman pushed a commit that referenced this pull request Apr 13, 2021
@mergify @legoguy1000
[Filebeat] Fix IPtables pipeline (#24928) (#25029)
3f772bd 
* #24878: Fix IPtables pipeline
  - fix dashboards
  - populate additional event.actions
  - move community_id processor to ingest node
  - set observer.name

(cherry picked from commit ddcf8f1)

Co-authored-by: Alex Resnick <adr8292@gmail.com>
v1v added a commit to v1v/beats that referenced this pull request Apr 14, 2021
@v1v
Merge remote-tracking branch 'upstream/master' into feature/use-debian-9
1de2782 
* upstream/master: (308 commits)
  [winlogbeat] Add support for sysmon v13 events 24 and 25 (elastic#24945)
  mergify: add backport label (elastic#25050)
  Add pod.ip in k8s metadata (elastic#25037)
  [elastic-agent] Use fleet.url for container cmd (elastic#25026)
  disable TestXPackEnabled flaky test in logstash metricbeat module (elastic#25034)
  Leverege leader election in agent  k8s manifests (elastic#25016)
  libbeat/publisher/pipeline: expand monitoring (elastic#24700)
  libbeat: fix decode_json_fields config validation (elastic#24862)
  Remove make docs-preview instructions (elastic#25001)
  [Filebeat] Fix IPtables pipeline (elastic#24928)
  [DOCS] cd into correct directory before invoking mage. (elastic#17679)
  Add -buildmode=pie for supported platform (elastic#24964)
  Add agent's direcotry in k8s manifest generator (elastic#24987)
  [mergify] assign the original author (elastic#25007)
  Fix AWS module flaky tests (elastic#24852)
  [filebeat] Use fail_on_template_error on google_workspace and okta pagination (elastic#24967)
  Updated config to match defaults (elastic#25004)
  [Filebeat] Fix hardcoded amazonaws.com endpoint (elastic#24861)
  Add cloud.service.name to add_cloud_metadata (elastic#24993)
  [Ingest Manager] Expose processes and their metrics (elastic#24788)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PrplHaz4 PrplHaz4 PrplHaz4 left review comments

@leehinman leehinman leehinman approved these changes

Assignees
No one assigned
Labels
backport-v7.13.0 Automated backport with mergify enhancement Filebeat Filebeat needs_integration_sync Changes in this PR need synced to elastic/integrations.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[filebeat iptables] Ubiquiti Firewall field [raw_date] not present as part of path [iptables.raw_date]
4 participants
@legoguy1000 @elasticmachine @leehinman @PrplHaz4