Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[netflow]: disable event normalisation #40635

Merged
merged 3 commits into from
Aug 29, 2024
Merged

[netflow]: disable event normalisation #40635

merged 3 commits into from
Aug 29, 2024

Conversation

pkoutsovasilis
Copy link
Contributor

@pkoutsovasilis pkoutsovasilis commented Aug 28, 2024
edited
Loading

Proposed commit message

This PR introduces the following:

  • Disable event normalisation for netflow input
  • Adds Kibana service in the docker-compose.yml provisioned for the needs of x-pack/filebeat integration tests
  • Extend netflow integration test to install netflow Kibana package and thus prevent similar issues as this one.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

N/A

Author's Checklist

N/A

How to test this PR locally

Related issues

Use cases

N/A

Screenshots

CPU profile with event normalisation enabled:
Screenshot 2024-08-28 at 9 24 52 AM

CPU profile with event normalisation disabled:
Screenshot 2024-08-28 at 9 25 13 AM

As you can see between the two screenshots the "GenericEventConverter" and the respective CPU time are completely gone (~13sec) and instead we have a netflow specific net.IP normalisation beat event function that takes (~2.5sec)

Logs

N/A

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Aug 28, 2024
@mergify Mergify
Copy link
Contributor

mergify bot commented Aug 28, 2024

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @pkoutsovasilis? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@pkoutsovasilis pkoutsovasilis force-pushed the pkoutsovasilis/netflow_disable_normalisation branch from 776c792 to a5637f7 Compare August 28, 2024 06:48
@pkoutsovasilis pkoutsovasilis added enhancement backport-skip Skip notification from the automated backport with mergify Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution labels Aug 28, 2024
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Aug 28, 2024
@pkoutsovasilis pkoutsovasilis marked this pull request as ready for review August 28, 2024 07:39
@pkoutsovasilis pkoutsovasilis requested review from a team as code owners August 28, 2024 07:39
@elasticmachine
Copy link
Collaborator

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@pierrehilbert pierrehilbert added the Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team label Aug 28, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@mergify Mergify
Copy link
Contributor

mergify bot commented Aug 28, 2024

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b pkoutsovasilis/netflow_disable_normalisation upstream/pkoutsovasilis/netflow_disable_normalisation
git merge upstream/main
git push upstream pkoutsovasilis/netflow_disable_normalisation

@pkoutsovasilis pkoutsovasilis force-pushed the pkoutsovasilis/netflow_disable_normalisation branch from 8114154 to ca5b199 Compare August 28, 2024 11:20
andrewkroh
andrewkroh approved these changes Aug 28, 2024
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

x-pack/agentbeat/docker-compose.yml Outdated Show resolved Hide resolved
x-pack/filebeat/input/netflow/convert.go Outdated Show resolved Hide resolved
@pkoutsovasilis pkoutsovasilis merged commit 3445a3e into elastic:main Aug 29, 2024
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VihasMakwana VihasMakwana VihasMakwana approved these changes

@andrewkroh andrewkroh andrewkroh approved these changes

@faec faec Awaiting requested review from faec faec is a code owner automatically assigned from elastic/elastic-agent-data-plane

Assignees

@pkoutsovasilis pkoutsovasilis

Labels
backport-skip Skip notification from the automated backport with mergify enhancement Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Filebeat] Netflow input - disable event normalization
5 participants
@pkoutsovasilis @elasticmachine @andrewkroh @VihasMakwana @pierrehilbert