Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] aws.vpcflow - use parse_aws_vpc_flow_log processor #33699

Merged
merged 1 commit into from
Nov 17, 2022
Merged

[Filebeat] aws.vpcflow - use parse_aws_vpc_flow_log processor #33699

merged 1 commit into from
Nov 17, 2022

Conversation

andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Nov 16, 2022
edited
Loading

What does this PR do?

Update the aws.vpcflow dataset in the AWS module to use the parse_aws_vpc_flow_log processor. I also updated the module to be aligned with ECS. It was not using valid event.category and event.type values. It will now produce event.category: [network]. And event.type: [connection] or [connection, allowed] or [connection, denied].

Why is it important?

This aligns the output to ECS and optimizes processing by using a dedicated processor.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Nov 16, 2022
@botelastic
Copy link

botelastic bot commented Nov 16, 2022

This pull request doesn't have a Team:<team> label.

@andrewkroh
aws.vpcflow - use parse_aws_vpc_flow_log processor
74f9a4d 
Update the aws.vpcflow dataset in the AWS module to use the parse_aws_vpc_flow_log processor.
I also updated the module to be aligned with ECS. It was not using valid event.category
and event.type values. It will now produce `event.category: [network]`. And `event.type: [connection]`
or `[connection, allowed]` or `[connection, denied]`.
@andrewkroh andrewkroh force-pushed the feature/fb/aws-vpcflow-module-update branch from 492c9ef to 74f9a4d Compare November 16, 2022 18:48
@mergify

This comment was marked as outdated.

Sign in to view
@andrewkroh andrewkroh marked this pull request as ready for review November 16, 2022 18:49
@andrewkroh andrewkroh requested review from a team as code owners November 16, 2022 18:49
@andrewkroh andrewkroh requested review from belimawr and cmacknz and removed request for a team November 16, 2022 18:49
@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-11-16T18:49:07.530+0000

  • Duration: 127 min 11 sec

Test stats 🧪

Test Results
Failed 0
Passed 5008
Skipped 340
Total 5348

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@andrewkroh andrewkroh added the backport-v8.6.0 Automated backport with mergify label Nov 16, 2022
@andrewkroh andrewkroh merged commit 703d529 into elastic:main Nov 17, 2022
@andrewkroh
Copy link
Member Author

@Mergifyio backport 8.6

mergify bot pushed a commit that referenced this pull request Nov 17, 2022
@andrewkroh @mergify
aws.vpcflow - use parse_aws_vpc_flow_log processor (#33699)
f442354 
Update the aws.vpcflow dataset in the AWS module to use the parse_aws_vpc_flow_log processor.
I also updated the module to be aligned with ECS. It was not using valid event.category
and event.type values. It will now produce `event.category: [network]`. And `event.type: [connection]`
or `[connection, allowed]` or `[connection, denied]`.

(cherry picked from commit 703d529)
@mergify mergify bot mentioned this pull request Nov 17, 2022
Merged
@mergify
Copy link
Contributor

mergify bot commented Nov 17, 2022

backport 8.6

✅ Backports have been created

andrewkroh added a commit that referenced this pull request Nov 17, 2022
@mergify @andrewkroh
aws.vpcflow - use parse_aws_vpc_flow_log processor (#33699) (#33710)
1f1ccd8 
Update the aws.vpcflow dataset in the AWS module to use the parse_aws_vpc_flow_log processor.
I also updated the module to be aligned with ECS. It was not using valid event.category
and event.type values. It will now produce `event.category: [network]`. And `event.type: [connection]`
or `[connection, allowed]` or `[connection, denied]`.

(cherry picked from commit 703d529)

Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
@kaiyan-sheng kaiyan-sheng mentioned this pull request May 3, 2023
Open
chrisberkhout pushed a commit that referenced this pull request Jun 1, 2023
@andrewkroh @chrisberkhout
aws.vpcflow - use parse_aws_vpc_flow_log processor (#33699)
7692377 
Update the aws.vpcflow dataset in the AWS module to use the parse_aws_vpc_flow_log processor.
I also updated the module to be aligned with ECS. It was not using valid event.category
and event.type values. It will now produce `event.category: [network]`. And `event.type: [connection]`
or `[connection, allowed]` or `[connection, denied]`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

@belimawr belimawr belimawr approved these changes

@cmacknz cmacknz Awaiting requested review from cmacknz cmacknz is a code owner automatically assigned from elastic/elastic-agent-data-plane

Assignees

@andrewkroh andrewkroh

Labels
backport-v8.6.0 Automated backport with mergify enhancement Filebeat Filebeat needs_team Indicates that the issue/PR needs a Team:* label
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@andrewkroh @elasticmachine @belimawr @kaiyan-sheng