Set source.bytes/packets for uni-directional netflow #14111
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
andrewkroh
commented
Oct 17, 2019
| @@ -67,11 +67,12 @@ | |||
| "bytes": 132, | |||
| "ip": "172.16.32.201", | |||
| "locality": "private", | |||
| "packets": 200, | |||
| "packets": 2, | |||
There was a problem hiding this comment.
This was being populated with the revBytes.
This populates the `source.bytes` and `source.packets` fields for uni-directional netflow events. Previously only `network.bytes`/`network.packets` would be set. The input would already populate the source fields for bi-directional flows. This also fixes an issue where the totals in `network.bytes` and `network.packets` were incorrectly calculated for bi-directional flows.
andrewkroh
force-pushed
the
feature/filebeat-netflow-source-bytes
branch
from
878613f to
dabd9f5
Compare
andrewkroh
added
needs_backport
|
This should help with the rendering of uni-directional netflow events on the SIEM network page. |
adriansr
approved these changes
Oct 17, 2019
|
I guess this closes #11473 |
|
Yeah, this will address that issue. I forgot I had that open. Thanks. |
andrewkroh
added
v7.5.0
and removed
needs_backport
andrewkroh
added a commit
to andrewkroh/beats
that referenced
this pull request
Oct 21, 2019
This populates the `source.bytes` and `source.packets` fields for uni-directional netflow events. Previously only `network.bytes`/`network.packets` would be set. The input would already populate the source fields for bi-directional flows. This also fixes an issue where the totals in `network.bytes` and `network.packets` were incorrectly calculated for bi-directional flows. Closes elastic#11473 (cherry picked from commit cbc040a)
andrewkroh
added a commit
that referenced
this pull request
Oct 21, 2019
This populates the `source.bytes` and `source.packets` fields for uni-directional netflow events. Previously only `network.bytes`/`network.packets` would be set. The input would already populate the source fields for bi-directional flows. This also fixes an issue where the totals in `network.bytes` and `network.packets` were incorrectly calculated for bi-directional flows. Closes #11473 (cherry picked from commit cbc040a)
jorgemarey
pushed a commit
to jorgemarey/beats
that referenced
this pull request
Jun 8, 2020
This populates the `source.bytes` and `source.packets` fields for uni-directional netflow events. Previously only `network.bytes`/`network.packets` would be set. The input would already populate the source fields for bi-directional flows. This also fixes an issue where the totals in `network.bytes` and `network.packets` were incorrectly calculated for bi-directional flows. Closes elastic#11473
leweafan
pushed a commit
to leweafan/beats
that referenced
this pull request
Apr 28, 2023
…lastic#14161) This populates the `source.bytes` and `source.packets` fields for uni-directional netflow events. Previously only `network.bytes`/`network.packets` would be set. The input would already populate the source fields for bi-directional flows. This also fixes an issue where the totals in `network.bytes` and `network.packets` were incorrectly calculated for bi-directional flows. Closes elastic#11473 (cherry picked from commit 9e801c2)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This populates the
source.bytesandsource.packetsfields for uni-directional netflow events. Previously onlynetwork.bytes/network.packetswould be set. The input would already populate the source fields for bi-directional flows.This also fixes an issue where the totals in
network.bytesandnetwork.packetswere incorrectly calculated for bi-directional flows.