New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add null checks and ignore_missing checks to the rename processor #7845
Conversation
🌐 Coverage report
|
@ishleenk17, ObservationsAs the event.original is renamed and the grok processor is applied without validating the Remove processor Sample
|
Can we also note down the names of the packages touched in this PR (in the PR description itself) so that it is trackable? Also, in the PR description:
^ This issue will be closed once this PR gets merged and not all packages are taken care of, right? So can we do s/Closes/Relates |
Looks good to me. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left a comment in PR comments.
Makes sense. Updated! |
@muthu-mps , the renaming of message to event.original was already happening. We are mainly adding if checks. |
@ishleenk17 - As part of the new validation rules here we should also remove the |
Muthu, removing of fields that have been renamed should be tackled at a generic level, not specific to event.original. Some examples, in haproxy, iis for eg. there exists many renamed fields which are not removed. So, I don't think we should keep this removal as a validation check in. I will comment same in this ticket as well. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Package apache - 1.15.1 containing this change is available at https://epr.elastic.co/search?package=apache |
Package apache_tomcat - 0.12.3 containing this change is available at https://epr.elastic.co/search?package=apache_tomcat |
Package cassandra - 1.9.1 containing this change is available at https://epr.elastic.co/search?package=cassandra |
Package ceph - 1.0.1 containing this change is available at https://epr.elastic.co/search?package=ceph |
Package citrix_adc - 1.0.1 containing this change is available at https://epr.elastic.co/search?package=citrix_adc |
Package golang - 0.4.3 containing this change is available at https://epr.elastic.co/search?package=golang |
Package hadoop - 1.1.8 containing this change is available at https://epr.elastic.co/search?package=hadoop |
Package haproxy - 1.8.3 containing this change is available at https://epr.elastic.co/search?package=haproxy |
Package iis - 1.15.1 containing this change is available at https://epr.elastic.co/search?package=iis |
Package kafka - 1.9.2 containing this change is available at https://epr.elastic.co/search?package=kafka |
Package microsoft_sqlserver - 2.2.1 containing this change is available at https://epr.elastic.co/search?package=microsoft_sqlserver |
Package nagios_xi - 1.1.1 containing this change is available at https://epr.elastic.co/search?package=nagios_xi |
Package nginx - 1.15.1 containing this change is available at https://epr.elastic.co/search?package=nginx |
Package oracle - 1.20.2 containing this change is available at https://epr.elastic.co/search?package=oracle |
Package oracle_weblogic - 1.0.1 containing this change is available at https://epr.elastic.co/search?package=oracle_weblogic |
Package php_fpm - 0.6.2 containing this change is available at https://epr.elastic.co/search?package=php_fpm |
Package postgresql - 1.16.1 containing this change is available at https://epr.elastic.co/search?package=postgresql |
Package rabbitmq - 1.10.1 containing this change is available at https://epr.elastic.co/search?package=rabbitmq |
Package redis - 1.11.1 containing this change is available at https://epr.elastic.co/search?package=redis |
Package traefik - 1.8.1 containing this change is available at https://epr.elastic.co/search?package=traefik |
What does this PR do?
This PR adds the if check for event.original and the ignore_missing check for the renaming of message to event.original
This PR does changes for below Packages:
Checklist
changelog.yml
file.Related issues