From 829d6776fe8d2824a6f9e9f68962e628556358ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cmuthu-mps=E2=80=9D?= Date: Thu, 7 Mar 2024 20:16:26 +0530 Subject: [PATCH 1/4] Fix incorrect values in url-extensions --- .../module/iis/error/test/iis_error_url.log-expected.json | 4 +--- .../module/o365/audit/test/13-dlp-exchange.log-expected.json | 3 +-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/filebeat/module/iis/error/test/iis_error_url.log-expected.json b/filebeat/module/iis/error/test/iis_error_url.log-expected.json index cc7213141754..88509d87dc55 100644 --- a/filebeat/module/iis/error/test/iis_error_url.log-expected.json +++ b/filebeat/module/iis/error/test/iis_error_url.log-expected.json @@ -39,7 +39,6 @@ "source.geo.region_name": "England", "source.ip": "81.2.69.145", "source.port": 12345, - "url.extension": "1", "url.original": "12.2.1", "url.path": "12.2.1" }, @@ -83,7 +82,6 @@ "source.geo.region_name": "England", "source.ip": "81.2.69.145", "source.port": 12345, - "url.extension": "/", "url.original": "./././././../../../../../../../../", "url.path": "./././././../../../../../../../../" }, @@ -343,4 +341,4 @@ "url.original": "/fee&fie=foe", "url.path": "/fee&fie=foe" } -] \ No newline at end of file +] diff --git a/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json b/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json index 6eae82404516..c6d25a2cc57f 100644 --- a/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json @@ -792,7 +792,6 @@ "forwarded" ], "url.domain": "example.net", - "url.extension": "com/sharepoint", "url.original": "https://example.net/testsiem2.onmicrosoft.com/sharepoint", "url.path": "/testsiem2.onmicrosoft.com/sharepoint", "url.scheme": "https", @@ -801,4 +800,4 @@ "user.id": "alice@testsiem2.onmicrosoft.com", "user.name": "alice" } -] \ No newline at end of file +] From ac306a99c3652d001f306f86b4e49e094cb1ddd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cmuthu-mps=E2=80=9D?= Date: Thu, 7 Mar 2024 20:42:47 +0530 Subject: [PATCH 2/4] add changelog entry --- CHANGELOG.next.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index eef3e2304167..3083b592f9b3 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -97,6 +97,7 @@ fields added to events containing the Beats version. {pull}37553[37553] - [threatintel] MISP pagination fixes {pull}37898[37898] - Fix file handle leak when handling errors in filestream {pull}37973[37973] - Prevent HTTPJSON holding response bodies between executions. {issue}35219[35219] {pull}38116[38116] +- Fix the incorrect values generated by url_parts processor. {pull}38216[38216] *Heartbeat* From 42c867d7af4d20c669e1e3e801bb9a7b6c069529 Mon Sep 17 00:00:00 2001 From: apmmachine Date: Fri, 8 Mar 2024 15:09:12 +0000 Subject: [PATCH 3/4] updated the effected version in snapshots.yml --- testing/environments/snapshot.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml index fd3c6007409e..859e94b06721 100644 --- a/testing/environments/snapshot.yml +++ b/testing/environments/snapshot.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.14.0-74a79bf3-SNAPSHOT + image: docker.elastic.co/elasticsearch/elasticsearch:8.14.0-b9699c81-SNAPSHOT # When extend is used it merges healthcheck.tests, see: # https://github.com/docker/compose/issues/8962 # healthcheck: @@ -31,7 +31,7 @@ services: - "./docker/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles" logstash: - image: docker.elastic.co/logstash/logstash:8.14.0-74a79bf3-SNAPSHOT + image: docker.elastic.co/logstash/logstash:8.14.0-b9699c81-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 600 @@ -44,7 +44,7 @@ services: - 5055:5055 kibana: - image: docker.elastic.co/kibana/kibana:8.14.0-74a79bf3-SNAPSHOT + image: docker.elastic.co/kibana/kibana:8.14.0-b9699c81-SNAPSHOT environment: - "ELASTICSEARCH_USERNAME=kibana_system_user" - "ELASTICSEARCH_PASSWORD=testing" From 8c88e40c3f5631a078ad3a6427e9ee31b0d75a24 Mon Sep 17 00:00:00 2001 From: muthu-mps <101238137+muthu-mps@users.noreply.github.com> Date: Wed, 13 Mar 2024 10:10:52 +0530 Subject: [PATCH 4/4] Update CHANGELOG.next.asciidoc Co-authored-by: subham sarkar --- CHANGELOG.next.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index a99a7da04df0..2a4f76c2b69d 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -100,7 +100,7 @@ fields added to events containing the Beats version. {pull}37553[37553] - Prevent HTTPJSON holding response bodies between executions. {issue}35219[35219] {pull}38116[38116] - Fix "failed processing S3 event for object key" error on aws-s3 input when key contains the "+" character {issue}38012[38012] {pull}38125[38125] - Fix duplicated addition of regexp extension in CEL input. {pull}38181[38181] -- Fix the incorrect values generated by url_parts processor. {pull}38216[38216] +- Fix the incorrect values generated by the uri_parts processor. {pull}38216[38216] *Heartbeat*