-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Enhancement] Cisco MERAKI urls user agent support #4873
[Enhancement] Cisco MERAKI urls user agent support #4873
Conversation
/test |
@srilumpa The ci error is occurring because there is a mismatch in the readme fields. You need to update the file "sample_event.json" in the directory cisco_meraki/data_stream/log with the new fields introduced/changed by this PR and do run the command elastic-package build . You need to install elastic-package first ofc. This will rebuild the README.md with the new fields and the error will go away. |
@ShourieG thank you for the feedback. I have updated the README.md file as asked. |
@srilumpa Hey there, actually if you manually update the README it's not gonna work. I pulled your branch code and checked a couple of things, and these are the following steps you need to do, so that it passes the ci checks :-
"user_agent": {
"original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0",
"version": "108.0",
"name": "Firefox",
"device": {
"name": "Other"
},
"os": {
"name": "Windows",
"version": "10",
"full": "Windows 10"
}
}
These steps will regenerate the expected log files, and README files at the same time testing the changes that you have made and mostly make sure it passes our ci tests. |
Hi @ShourieG and thank you for you guiding me for this. I updated the README.md file simply running Anyway, here is an updated version after the
|
/test |
🌐 Coverage report
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@srilumpa have approved the changed |
@srilumpa, you need to merge latest upstream/main into your branch, it should resolve the merge conflicts |
Package cisco_meraki - 1.5.1 containing this change is available at https://epr.elastic.co/search?package=cisco_meraki |
What does this PR do?
In some cases, Cisco MERAKI URLS logs contains an "agent" field right after the "mac" field. Since the detection of those fields is realized with a "dissect" processor, the extracted MAC address can then contains the user-agent as well.
This PR aims to extract the User-Agent, leave the MAC address (and only the MAC address) in the
cisco_meraki.urls.mac
field and parse the User-Agent using the "User Agent" processor.Example before fix:
After fix:
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Execute
elastic-package check
Related issues
Screenshots