Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[slack] Parse action_timestamp as microseconds #6965

Merged
merged 1 commit into from
Jul 14, 2023
Merged

[slack] Parse action_timestamp as microseconds #6965

merged 1 commit into from
Jul 14, 2023

Conversation

andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Jul 14, 2023
edited
Loading

What does this PR do?

Parse action_timestamp as microseconds since unix epoch. In #4999 we had samples that showed the value as unix_ms so this only parses the value as microseconds when it is larger than 1e13.

Fixes errors like:

Cannot index event ... {"type":"document_parsing_exception","reason":"[1:994] failed to parse field [@timestamp] of type [date] in document with id 'cLmsfZpQNjWMIUJcO00CXAZ4jgM='. Preview of field's value: '+55128-03-07T16:27:34.646Z'","caused_by":{"type":"illegal_argument_exception","reason":"failed to parse date field [+55128-03-07T16:27:34.646Z] with format [strict_date_optional_time||epoch_millis]","caused_by":{"type":"date_time_parse_exception","reason":"Failed to parse with all enclosed parsers"}}}, dropping event!

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Screenshots

@andrewkroh andrewkroh added the Integration:slack Slack Logs label Jul 14, 2023
@andrewkroh
slack - Parse action_timestamp as microseconds
558a940 
Parse action_timestamp as microseconds since unix epoch. In elastic#4999 we had
samples that showed the value as unix_ms so this only parses the value as
microseconds when it is larger than 1e13 (which would be 2286-11-20 in ms or
1970-04-26 for µs).
@andrewkroh andrewkroh force-pushed the slack/bugfix/action-timestamp-micros branch from 5e58b99 to 558a940 Compare July 14, 2023 19:31
@andrewkroh andrewkroh marked this pull request as ready for review July 14, 2023 19:31
@andrewkroh andrewkroh requested a review from a team as a code owner July 14, 2023 19:31
@elasticmachine
Copy link

elasticmachine commented Jul 14, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-07-14T19:31:29.847+0000

  • Duration: 14 min 47 sec

Test stats 🧪

Test Results
Failed 0
Passed 5
Skipped 0
Total 5

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (1/1) 💚 6.25
Classes 100.0% (1/1) 💚 6.25
Methods 100.0% (14/14) 💚 14.286
Lines 98.715% (384/389) 👍 12.789
Conditionals 100.0% (0/0) 💚

@andrewkroh andrewkroh added bug Something isn't working, use only for issues Team:Security-External Integrations labels Jul 14, 2023
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@andrewkroh andrewkroh merged commit 93726eb into elastic:main Jul 14, 2023
@elasticmachine
Copy link

Package slack - 1.7.1 containing this change is available at https://epr.elastic.co/search?package=slack

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees
No one assigned
Labels
bug Something isn't working, use only for issues Integration:slack Slack Logs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrewkroh @elasticmachine @efd6