Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tests failing with constant keywords in transforms with LogsDB #2218

Open
jsoriano opened this issue Nov 11, 2024 · 6 comments
Open

Tests failing with constant keywords in transforms with LogsDB #2218

jsoriano opened this issue Nov 11, 2024 · 6 comments
Assignees
@jsoriano

Comments

@jsoriano
Copy link
Member

Some packages are failing when logsdb is enabled with:

test case failed: errors found in documents of preview for transform logs-ti_cybersixgill.latest_ioc-default-0.3.0 for data stream logs-ti_cybersixgill.threat-34090: [0] parsing field value failed: field "labels.is_ioc_transform_source"'s value "true" does not match the declared constant_keyword value "false"

For testing we use the preview transform API, where the value actually doesn't match with the definition, but this doesn't seem to be an issue in a real deployment. Confirm if this is actually not an issue, and adjust the tests so they don't fail on this case.
@jsoriano
Copy link
Member Author

@kpollich this would be kind of urgent because there are many tests failing in the daily builds because of this.

@kpollich
Copy link
Member

Thanks @jsoriano I added this to our current sprint.

@jsoriano jsoriano self-assigned this Nov 13, 2024
@jsoriano
Copy link
Member Author

@chrisberkhout I was working on this issue, using the ti_anomali package, and I have found that the transform is actually failing:

Image

java.lang.IllegalArgumentException: [constant_keyword] field [labels.is_ioc_transform_source] only accepts values that are equal to the value defined in the mappings [false], but got [true]

This can be reproduced with:

elastic-package test system --setup -v --config-file ./data_stream/threatstream/_dev/test/system/test-integrator-http-config.yml

So there seems to be an actual issue.

We would need to work on two things:

  • Ensuring that issues in transforms are detected by elastic-package test.
  • Fixing these packages. For this maybe we need to add ingest pipelines to remove or modify these labels.is_ioc_transform_source fields in transform destination indexes.

@jsoriano jsoriano mentioned this issue Nov 14, 2024
Draft
@jsoriano
Copy link
Member Author

Fixing these packages. For this maybe we need to add ingest pipelines to remove or modify these labels.is_ioc_transform_source fields in transform destination indexes.

Tried to add a pipeline but I receive the same failure, even if logsdb is not enabled 🤔 elastic/integrations#11750

@jsoriano
Copy link
Member Author

Fixing these packages. For this maybe we need to add ingest pipelines to remove or modify these labels.is_ioc_transform_source fields in transform destination indexes.

Tried to add a pipeline but I receive the same failure, even if logsdb is not enabled 🤔 elastic/integrations#11750

Ah, I think the problem was on the type, I was setting it to boolean false, instead of to string "false".

@jsoriano jsoriano mentioned this issue Nov 19, 2024
Open
@jsoriano
Copy link
Member Author

There is already an open issue about testing transforms: #859
I have opened another one about supporting ingest pipelines in transforms: elastic/package-spec#833

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jsoriano jsoriano

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jsoriano @kpollich