Cherry-pick #21063 to 7.x: [Filebeat] Add Pensando DFW Module #24045
Commits on Feb 16, 2021
-
[Filebeat] Add Pensando DFW Module (elastic#21063)
* Add Pensando module init * explicitly define the ECS version per testing * updates to docs from make update * updates for pensando module * updates to documentation and db screenshot * add dashboard export to repo * update to add pensando beat * Update filebeat/module/pensando/dfw/config/dfw.yml Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> * Update pipeline.yml Condensed all "remove" fields to 1 list of fields. * Update pipeline.yml Do not remove the payload_raw field. * Update filebeat/module/pensando/_meta/docs.asciidoc Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co> * Update config.yml Added syslog_host and syslog_port values as suggested. * Update docs.asciidoc Added documentation for syslog_host and syslog_port as suggested. * Update pipeline.yml Removing payload_raw - this and json are, essentially, the same field and no longer needed after parsing. * Update pipeline.yml Changed checks if values are != null to use the filebeat specific ignore_empty_value: true instead. * Remove set of event.module Remove the set param for event.module. Filebeat should add this automatically. * Apply suggestions from code review Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co> * Update test.log * Use convert instead of set for some fields Changed ECS sets for IP addresses and ports to converts of type ip and integer respectively. * Updates for geoip and autonomous system * add pensando dfw fields * fixes from make -C filebeat update * fixes for filebeat check * make update changes * Update filebeat/module/pensando/dfw/config/dfw.yml Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> * remove old json file * ran tests * Update filebeat/module/pensando/dfw/ingest/pipeline.yml Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> * gen after run of 'mage -v pythonIntegTest' * Update fields.yml * mage fmt update request Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co> (cherry picked from commit 4194408)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.