Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add nginx.ingress_controller.upstream.ip to related.ip (#34645) #34672

Merged
merged 6 commits into from
Feb 28, 2023
Merged

Add nginx.ingress_controller.upstream.ip to related.ip (#34645) #34672

merged 6 commits into from
Feb 28, 2023

Conversation

leweafan
Copy link
Contributor

What does this PR do?

Add nginx.ingress_controller.upstream.ip to related.ip (#34645)

Why is it important?

Missing ip in related.ip affects security issues discovery cause you can't be sure that all event' ip indeed present in related.ip.

According to ECS field description:

All of the IPs seen on your event.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

@leweafan leweafan requested a review from a team as a code owner February 26, 2023 11:51
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Feb 26, 2023
@cla-checker-service
Copy link

cla-checker-service bot commented Feb 26, 2023
edited
Loading

💚 CLA has been signed

@mergify
Copy link
Contributor

mergify bot commented Feb 26, 2023

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @leweafan? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@elasticmachine
Copy link
Collaborator

elasticmachine commented Feb 26, 2023
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-02-28T12:11:52.470+0000

  • Duration: 70 min 45 sec

Test stats 🧪

Test Results
Failed 0
Passed 7559
Skipped 746
Total 8305

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@leweafan
Copy link
Contributor Author

Signed Contributor Agreement

@leweafan
Copy link
Contributor Author

@Mergifyio backport 8.6.0

@mergify
Copy link
Contributor

mergify bot commented Feb 26, 2023

backport 8.6.0

❌ Command disallowed due to command restrictions in the Mergify configuration.

  • sender-permission>=write

@tetianakravchenko tetianakravchenko added the Team:Cloudnative-Monitoring Label for the Cloud Native Monitoring team label Feb 27, 2023
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Feb 27, 2023
tetianakravchenko
tetianakravchenko reviewed Feb 27, 2023
View reviewed changes
filebeat/module/nginx/ingress_controller/ingest/pipeline.yml
- append:
field: related.ip
value: "{{nginx.ingress_controller.upstream.ip}}"
if: "ctx?.nginx?.ingress_controller?.upstream?.ip != null"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please add allow_duplicates: false, similar to the integration - https://github.com/elastic/integrations/blob/main/packages/nginx_ingress_controller/data_stream/access/elasticsearch/ingest_pipeline/default.yml#L297-L301

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tetianakravchenko Thanks for the helpful advice! Done.

@gsantoro gsantoro merged commit e307076 into elastic:main Feb 28, 2023
chrisberkhout pushed a commit that referenced this pull request Jun 1, 2023
@leweafan @gsantoro @chrisberkhout
Add nginx.ingress_controller.upstream.ip to related.ip (#34645) (#34672)
5eceee8 
* Add nginx.ingress_controller.upstream.ip to related.ip (#34645)

* Added pull id

* Added "allow_duplicates: false"

* Added "allow_duplicates: false" for all related.ip appends

---------

Co-authored-by: Giuseppe Santoro <giuseppe.santoro@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tetianakravchenko tetianakravchenko tetianakravchenko approved these changes

@gsantoro gsantoro gsantoro approved these changes

Assignees

@leweafan leweafan

Labels
Team:Cloudnative-Monitoring Label for the Cloud Native Monitoring team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Filebeat Nginx module - add nginx.ingress_controller.upstream.ip to related.ip
4 participants
@leweafan @elasticmachine @gsantoro @tetianakravchenko