Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[filebeat][aws][cloudtrail] flattened.request_parameters field can exceed 32k limit #21382

Closed
ynirk opened this issue Sep 29, 2020 · 1 comment · Fixed by #21388
Closed

[filebeat][aws][cloudtrail] flattened.request_parameters field can exceed 32k limit #21382

ynirk opened this issue Sep 29, 2020 · 1 comment · Fixed by #21388
Assignees
@leehinman
Labels
Filebeat Filebeat

Comments

@ynirk
Copy link

ynirk commented Sep 29, 2020

With cloudtrail 7.9 mapping and ingest, we encountered an ingestion issue:

On cloudtrail, some logs have a big request_parameters field that can exceed 32k and break elasticsearch field limit on aws.cloudtrail.flattened.request_parameters.

Document contains at least one immense term in field=\"aws.cloudtrail.flattened.request_parameters\" (whose UTF8 encoding is longer than the max length 32766), all of which were skipped.  Please correct the analyzer to not produce such terms.  The prefix of the first immense term is: '...', original message: bytes can be at most 32766 in length; got 42321
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@leehinman leehinman self-assigned this Sep 29, 2020
@leehinman leehinman mentioned this issue Sep 29, 2020
Merged
6 tasks
leehinman added a commit to leehinman/beats that referenced this issue Sep 29, 2020
@leehinman
Add field limit check for AWS Cloudtrail flattened fields
b4ee494 
add 32k length check for
  - aws.cloudtrail.flattened.request_parameters
  - aws.cloudtrail.flattened.response_elements
  - aws.cloudtrail.flattened.additional_eventdata
  - aws.cloudtrail.flattened.service_event_details

Closes elastic#21382
leehinman added a commit that referenced this issue Sep 30, 2020
@leehinman
Add field limit check for AWS Cloudtrail flattened fields (#21388)
eae9f5c 
add 32k length check for
  - aws.cloudtrail.flattened.request_parameters
  - aws.cloudtrail.flattened.response_elements
  - aws.cloudtrail.flattened.additional_eventdata
  - aws.cloudtrail.flattened.service_event_details

Closes #21382
leehinman added a commit to leehinman/beats that referenced this issue Sep 30, 2020
@leehinman
Add field limit check for AWS Cloudtrail flattened fields (elastic#21388
684398d 
)

add 32k length check for
  - aws.cloudtrail.flattened.request_parameters
  - aws.cloudtrail.flattened.response_elements
  - aws.cloudtrail.flattened.additional_eventdata
  - aws.cloudtrail.flattened.service_event_details

Closes elastic#21382

(cherry picked from commit eae9f5c)
This was referenced Sep 30, 2020
Merged
Merged
leehinman added a commit to leehinman/beats that referenced this issue Sep 30, 2020
@leehinman
Add field limit check for AWS Cloudtrail flattened fields (elastic#21388
9b783d3 
)

add 32k length check for
  - aws.cloudtrail.flattened.request_parameters
  - aws.cloudtrail.flattened.response_elements
  - aws.cloudtrail.flattened.additional_eventdata
  - aws.cloudtrail.flattened.service_event_details

Closes elastic#21382

(cherry picked from commit eae9f5c)
leehinman added a commit that referenced this issue Sep 30, 2020
@leehinman
Add field limit check for AWS Cloudtrail flattened fields (#21388) (#…
b6b07de 
…21432)

add 32k length check for
  - aws.cloudtrail.flattened.request_parameters
  - aws.cloudtrail.flattened.response_elements
  - aws.cloudtrail.flattened.additional_eventdata
  - aws.cloudtrail.flattened.service_event_details

Closes #21382

(cherry picked from commit eae9f5c)
leehinman added a commit that referenced this issue Sep 30, 2020
@leehinman
Add field limit check for AWS Cloudtrail flattened fields (#21388) (#…
25a05f0 
…21431)

add 32k length check for
  - aws.cloudtrail.flattened.request_parameters
  - aws.cloudtrail.flattened.response_elements
  - aws.cloudtrail.flattened.additional_eventdata
  - aws.cloudtrail.flattened.service_event_details

Closes #21382

(cherry picked from commit eae9f5c)
leweafan pushed a commit to leweafan/beats that referenced this issue Apr 28, 2023
@leehinman
Add field limit check for AWS Cloudtrail flattened fields (elastic#21388
603bbf8 
) (elastic#21432)

add 32k length check for
  - aws.cloudtrail.flattened.request_parameters
  - aws.cloudtrail.flattened.response_elements
  - aws.cloudtrail.flattened.additional_eventdata
  - aws.cloudtrail.flattened.service_event_details

Closes elastic#21382

(cherry picked from commit bfed554)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@leehinman leehinman

Labels
Filebeat Filebeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Filebeat] Add field limit check for AWS Cloudtrail flattened fields leehinman/beats
3 participants
@elasticmachine @ynirk @leehinman