Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

checkpoint: improve parsing and expose origin_sic_name #5220

Merged
merged 3 commits into from
Feb 13, 2023
Merged

checkpoint: improve parsing and expose origin_sic_name #5220

merged 3 commits into from
Feb 13, 2023

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Feb 9, 2023
edited
Loading

What does this PR do?

  • expose the origin_sic_name field under checkpoint
  • improve robustness of KV parsing of structured data.
  • ensure related.ip, related.hash and related.user entries are not duplicated.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this Feb 9, 2023
@elasticmachine
Copy link

elasticmachine commented Feb 9, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-02-09T22:08:35.681+0000

  • Duration: 16 min 14 sec

Test stats 🧪

Test Results
Failed 0
Passed 12
Skipped 0
Total 12

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Feb 9, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (1/1) 💚 3.261
Classes 100.0% (1/1) 💚 3.261
Methods 100.0% (16/16) 💚 8.889
Lines 85.054% (791/930) 👎 -6.997
Conditionals 100.0% (0/0) 💚

@efd6 efd6 marked this pull request as ready for review February 9, 2023 05:22
@efd6 efd6 requested a review from a team as a code owner February 9, 2023 05:22
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

kcreddy
kcreddy approved these changes Feb 9, 2023
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just minor clarifications. Otherwise LGTM 👍🏼

...eckpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json Show resolved Hide resolved
@efd6 efd6 requested a review from kcreddy February 9, 2023 22:12
@efd6 efd6 merged commit 3d07e23 into elastic:main Feb 13, 2023
@elasticmachine
Copy link

Package checkpoint - 1.14.0 containing this change is available at https://epr.elastic.co/search?package=checkpoint

1 similar comment
@elasticmachine
Copy link

Package checkpoint - 1.14.0 containing this change is available at https://epr.elastic.co/search?package=checkpoint

bhapas pushed a commit to bhapas/integrations that referenced this pull request Feb 16, 2023
@efd6 @bhapas
checkpoint: improve parsing and expose origin_sic_name (elastic#5220)
da14d59 
* retain origin_sic_name in events
* improve structured data handling and related.* deduplication
* add additional test cases, clean up, and document fields
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kcreddy kcreddy Awaiting requested review from kcreddy

Assignees

@efd6 efd6

Labels
bug Something isn't working enhancement New feature or request Integration:Checkpoint
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Checkpoint module excludes extraction of field originsicname [checkpoint] parsing errors
3 participants
@efd6 @elasticmachine @kcreddy