Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

filebeat,x-pack/filebeat: prevent master=>event.original rename failures #39588

Merged
merged 3 commits into from
May 17, 2024

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented May 16, 2024

Proposed commit message

Prevent rename of message to event.original failing when event.original
already exists as can be the case when documents are being ingested via
logstash.

This makes the change for all modules listed as owned by security-service-integrations and sec-deployment-and-devices that still exist (some don't) and have this specific rename*. Some modules already make the check or use another already safe mechanism.

Note that tthe cisco umbrella pipeline uses a set processor which will not fail, but would clobber event.original, so it also includes the check.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

@efd6 efd6 added enhancement Filebeat Filebeat backport-skip Skip notification from the automated backport with mergify Team:Security-Service Integrations Security Service Integrations Team Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution labels May 16, 2024
@efd6 efd6 self-assigned this May 16, 2024
@efd6 efd6 marked this pull request as ready for review May 16, 2024 03:47
@efd6 efd6 requested review from a team as code owners May 16, 2024 03:47
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elasticmachine
Copy link
Collaborator

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

Copy link
Contributor

@pkoutsovasilis pkoutsovasilis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Copy link
Contributor

mergify bot commented May 17, 2024

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 38224-ssi upstream/38224-ssi
git merge upstream/main
git push upstream 38224-ssi

@efd6 efd6 merged commit 6975676 into elastic:main May 17, 2024
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport-skip Skip notification from the automated backport with mergify enhancement Filebeat Filebeat Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution Team:Security-Service Integrations Security Service Integrations Team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants