vsphere: populate ECS source.ip and related.ip from client.ip in log ingest pipelines#18536
Conversation
…g ingest pipelines Agent-Logs-Url: https://github.com/elastic/integrations/sessions/92c014c0-f3d3-46e0-b39f-4b47b21723b0 Co-authored-by: ishleenk17 <102962586+ishleenk17@users.noreply.github.com>
|
/test |
🚀 Benchmarks reportTo see the full report comment with |
|
@claude review the PR |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
I found one fix needed before merge: the new 1.24.0 changelog entry links to the wrong PR (#16753 instead of #18536). I left an inline suggestion on that line.
Warning
⚠️ Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
mustache.github.io
To allow these domains, add them to the network.allowed list in your workflow frontmatter:
network:
allowed:
- defaults
- "mustache.github.io"See Network Configuration for more information.
What is this? | From workflow: Mention in PR
Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
|
/test |
|
/test |
💚 Build Succeeded
History
cc @ishleenk17 @Copilot |
|
Package vsphere - 1.24.0 containing this change is available at https://epr.elastic.co/package/vsphere/1.24.0/ |
vCenter login/logout/failed login/SSH/upload events extract the initiating IP into
client.ipbut never propagate it to the ECS correlation fieldssource.ipandrelated.ip, breaking cross-dataset IP correlation and ECS compliance.Issue: #18537
Changes
ingest_pipeline/login.ymlandingest_pipeline/file.yml: append two processors at the end of each pipeline:test-format-common.log-expected.json: updated all 24 test cases that assertclient.ipto also assertsource.ipandrelated.ip.manifest.yml/changelog.yml: bumped package version1.23.1→1.24.0.