[checkpoint] Move last update time#17633
Conversation
ReviewersBuildkite won't run for external contributors automatically; you need to add a comment:
NOTE: https://github.com/elastic/integrations/blob/main/.buildkite/pull-requests.json contains all those details. |
ash-darin
left a comment
ash-darin
left a comment
There was a problem hiding this comment.
Resolved conflict of versioning with other approved patch.
Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
andrewkroh
added
the
Team:Integration-Experience
|
Pinging @elastic/integration-experience (Team:Integration-Experience) |
|
/test |
|
Apparently I can not trigger tests. @kgeller I forgot to update the manifest, sorry about that. I now rectified it. |
|
/test |
Thanks for fixing up the manifest! Looks like now you're running into actual test failures. I'd suggest running those locally and ensuring ✅ and then I can get CI to go green as well. The |
Test suite complains: "event.risk_score"'s Go type, string, does not match the expected field type: float But fields in checkpoint are always strings
Test case became malformed in the anonymization process. Added Quotation marks.
|
/test |
![macroscopeapp[bot]](https://avatars.githubusercontent.com/in/900172?s=60&v=4){kind=small}
🚀 Benchmarks reportTo see the full report comment with |
💚 Build Succeeded
History
|
kgeller
left a comment
kgeller
left a comment
There was a problem hiding this comment.
LGTM!
@ash-darin thanks for doing that additional cleanup of the field addition and convert processor!
|
Package checkpoint - 1.45.5 containing this change is available at https://epr.elastic.co/package/checkpoint/1.45.5/ |
andrewkroh
added
the
documentation
4 participants
Enhancement
Proposed commit message
Events may include last_hit_time and lastupdatetime.
Lastupdatetime is in all observed cases later than last_hit_time and should therefore mark the end of the event. The current order of processors parses last_hit_time as event.end after lastupdatetime though, therefore overwriting the date parsed from lastupdatetime.
This PR changes this order and additionally removes the attempt to parse the date as ISO, as the dates of last_hit_time and lastupdatetime are always UNIX Timestamps.
This documentation
describes "lastupdatetime" as an "integer".
Checklist
changelog.ymlfile.How to test this PR locally
Checking this is problematic, as the sourcefields are both discarded.