Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #17342 to 7.x: LIBBEAT: Enhancement replace_string processor for replacing strings values of fields. #18047

Merged
merged 2 commits into from
Apr 29, 2020
Merged

Cherry-pick #17342 to 7.x: LIBBEAT: Enhancement replace_string processor for replacing strings values of fields. #18047

merged 2 commits into from
Apr 29, 2020

Conversation

urso
Copy link

@urso urso commented Apr 28, 2020
edited by zube bot
Loading

Cherry-pick of PR #17342 to 7.x branch. Original message:

What does this PR do?

This PR is to add a replace processor. This processor takes in a field name, search string and replacement string. Searches field value for pattern and replaces it with replacement string.

Why is it important?

This PR will help remove extra strings or add additional string to values

How to test this PR locally

Added unit test cases.

Use cases

While using auditbeat we get full path to file inside the pod on Kubernetes
"/run/containerd/io.containerd.runtime.v1.linux/k8s.io/${data.kubernetes.container.id}/rootfs/etc/runit/runsvdir/default/mcelog/supervise/pid.new"
This PR helps trim the beginning part of the string to get
/etc/runit/runsvdir/default/mcelog/supervise/pid.new"

Using config below

      processors:
        - replace:
            fields:
            - field: "file.path"
              pattern: "/run/containerd/io.containerd.runtime.v1.linux/k8s.io/${data.kubernetes.container.id}/rootfs/"
              replacement: "/"

@premendrasingh
LIBBEAT: Enhancement replace_string processor for replacing strings v…
5605b99 
…alues of fields. (elastic#17342)

This PR is to add a replace processor. This processor takes in a field name, search string and replacement string. Searches field value for pattern and replaces it with replacement string.

(cherry picked from commit 09fd4df)
@urso urso added [zube]: In Review backport Team:Services (Deprecated) Label for the former Integrations-Services team labels Apr 28, 2020
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Apr 28, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/integrations-services (Team:Services)

@urso
Copy link
Author

urso commented Apr 29, 2020

CI failures seem unrelated.

@urso urso merged commit b669b5d into elastic:7.x Apr 29, 2020
@urso urso deleted the backport_17342_7.x branch April 29, 2020 12:23
@andresrc andresrc removed the needs_team Indicates that the issue/PR needs a Team:* label label May 2, 2020
@zube zube bot removed the [zube]: Done label Oct 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@exekias exekias exekias approved these changes

Assignees
No one assigned
Labels
backport Team:Services (Deprecated) Label for the former Integrations-Services team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@urso @elasticmachine @exekias @andresrc @premendrasingh