-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Network direction processor #66644
Network direction processor #66644
Conversation
Pinging @elastic/es-core-features (Team:Core/Features) |
@andrewstucki, thanks for submitting this. I'll review it from the ES Core Features side, but it might wait until early January since our team has limited bandwidth until then. |
@danhermann that's perfectly fine, I'm hoping it can get in by 7.12 so that it can unblock some ECS upgrade work we postponed on the beats ingest side of things, but no rush. Just whipped this up to gain a bit more familiarity with ES. |
@elasticmachine update branch |
@andrewstucki, there are some checkstyle violations here that need to be addressed. You should be able to see them either in the output of the |
…k-direction-processor
@danhermann sorry about the late response. I merged latest master in so this wasn't stale anymore. The checkstyle issues seemed to be outdated and related to a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@andrewstucki, this looks good. I added two very minor comments below and once those are addressed, I can get this merged.
...ck/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java
Outdated
Show resolved
Hide resolved
...ck/plugin/ingest/src/main/java/org/elasticsearch/xpack/ingest/NetworkDirectionProcessor.java
Outdated
Show resolved
Hide resolved
Thanks, @andrewstucki. This looks good now and I'll get it merged into the appropriate branches. |
cc: @elastic/es-ui in case Kibana auto-complete needs to be updated with this new processor. |
This PR computes the ECS perimeter-based network direction of a document given a source and destination ip and a list of ip addresses that specify the internal network boundary. It's essentially a port of the beats processor along with named range support.
See
"network":{"direction":"inbound"}