Skip to content

[Azure] Improves IPv6 parsing, replaced grok filter with convert #3411

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
May 26, 2022
Merged

[Azure] Improves IPv6 parsing, replaced grok filter with convert #3411

merged 8 commits into from
May 26, 2022

Conversation

@ShourieG
Copy link
Contributor

@ShourieG ShourieG commented May 23, 2022
edited
Loading

Improves IPv6 parsing

What does this PR do?

  1. Added bug fix for issue [azure] Handle IPv6 addresses in activity/audit/platform logs #2138 replacing grok filter with convert in 'activitylogs' of azure package
  2. Improved IPv6 handling for other sub-packages : 'auditlogs', 'platformlogs' & 'springcloudlogs'
  3. Updated ecs.yml file for springcloudlogs to incorporate client.ip as it was missing and is required by definition of the
    ingest pipeline.
  4. Added edge test case to support IPV6 parsing check and failures for sub-packages : activitylogs, 'auditlogs', 'platformlogs' & 'springcloudlogs'

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • All tests should pass in azure activitylogs, auditlogs, platformlogs & springcloudlogs modules , including newly added edge cases IPV6 scenario

How to test this PR locally

Use elastic package to test locally by running command - elastic-package test from inside packages/azure directory

Related issues
Shourie Ganguly and others added 2 commits May 23, 2022 15:50
added bug fix for issue 'azure-issues-2138' replacing grok filter wit…
eb19e6a 
…h convert. Added edge test case to support IPV6 parsing check
@ShourieG
added bug fix for issue 'azure-issues-2138' replacing grok filter wit…
efbfda6 
…h convert. Added edge test case to support IPV6 parsing check
@ShourieG ShourieG requested a review from a team as a code owner May 23, 2022 12:42
@cla-checker-service
Copy link

cla-checker-service bot commented May 23, 2022
edited
Loading

💚 CLA has been signed
@elasticmachine
Copy link

elasticmachine commented May 23, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-05-26T05:08:59.789+0000

  • Duration: 14 min 52 sec

Test stats 🧪

Test Results
Failed 0
Passed 89
Skipped 0
Total 89

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.
@elasticmachine
Copy link

elasticmachine commented May 23, 2022
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (6/6) 💚
Files 78.571% (11/14) 👎 -17.857
Classes 78.571% (11/14) 👎 -17.857
Methods 77.876% (88/113) 👎 -11.226
Lines 81.516% (1570/1926) 👎 -8.969
Conditionals 100.0% (0/0) 💚
@ShourieG ShourieG closed this May 23, 2022
@ShourieG ShourieG reopened this May 23, 2022
@ShourieG ShourieG closed this May 23, 2022
@ShourieG ShourieG reopened this May 23, 2022
@ShourieG ShourieG requested review from a team and adriansr May 23, 2022 13:56
@ShourieG ShourieG changed the title bug/azure-issues-2138-fix [Azure] - bug fix for issue #2138 , replaced grok filter with convert May 23, 2022
@ShourieG ShourieG changed the title [Azure] - bug fix for issue #2138 , replaced grok filter with convert [Azure] Bug fix for issue #2138 , replaced grok filter with convert May 23, 2022
efd6
efd6 reviewed May 24, 2022
View reviewed changes
@adriansr
Copy link
Contributor

adriansr commented May 24, 2022

In order to reference an issue or PR, instead of azure-issues-2138, use the #NNNN format if the issue belongs to the current repo, or a link if it belongs to a different repo. This way it can be accessed quickly
@ShourieG ShourieG changed the title [Azure] Bug fix for issue #2138 , replaced grok filter with convert [Azure] Improves IPv6 parsing, replaced grok filter with convert May 24, 2022
@ShourieG
[Azure] Improved IPv6 handling for 'activitylogs', 'auditlogs', 'plat…
4dd11bf 
…formlogs' & 'springcloudlogs' , added edge-case and faliure senario test cases
r00tu53r
r00tu53r approved these changes May 24, 2022
View reviewed changes
Copy link
Contributor

@r00tu53r r00tu53r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
adriansr
adriansr approved these changes May 25, 2022
View reviewed changes
Copy link
Contributor

@adriansr adriansr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀
@ShourieG ShourieG requested a review from efd6 May 25, 2022 10:31
kaiyan-sheng
kaiyan-sheng approved these changes May 25, 2022
View reviewed changes
Copy link
Contributor

@kaiyan-sheng kaiyan-sheng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! Just one nit: since we are not using the grok to parse anymore, should source.port field be removed from ecs.yml file?
@ShourieG ShourieG merged commit 4317807 into elastic:main May 26, 2022
@ShourieG ShourieG deleted the bug/azure-issues-2138-fix branch November 9, 2022 06:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

6 participants

@ShourieG @elasticmachine @adriansr @kaiyan-sheng @r00tu53r @efd6