Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cherry-pick #16889 to 7.6: [Filebeat] Cisco FTD issues parsing Security Event messages #16982

Merged
merged 5 commits into from
Apr 4, 2020

Conversation

andrewstucki
Copy link

@andrewstucki andrewstucki commented Mar 12, 2020

Cherry-pick of PR #16889 to 7.6 branch. Original message:

You'll want to take a look at this pr with ?w=1 since there was a lot of formatting changes for the pipeline.

What does this PR do?

Fixes a few bugs with the shared cisco parsing pipeline that was causing some fields to be dropped/misinterpreted

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works

Related issues

…16889)

* Fix grok and kv split bugs

* Fix optional whitespace for field name separator

(cherry picked from commit 912eac4)
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

Andrew Stucki added 3 commits March 19, 2020 13:57
@jsoriano
Copy link
Member

jenkins, test this

@andrewstucki andrewstucki merged commit da93eb5 into elastic:7.6 Apr 4, 2020
@andrewstucki andrewstucki deleted the backport_16889_7.6 branch April 4, 2020 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants