Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add null checks and ignore_missing checks to the rename processor #7845

Merged
merged 9 commits into from Sep 21, 2023
Merged

Add null checks and ignore_missing checks to the rename processor #7845

merged 9 commits into from Sep 21, 2023

Conversation

ishleenk17
Copy link
Contributor

@ishleenk17 ishleenk17 commented Sep 18, 2023
edited

  • Bug

What does this PR do?

This PR adds the if check for event.original and the ignore_missing check for the renaming of message to event.original

This PR does changes for below Packages:

  • apache
  • apache_tomcat
  • cassandra
  • ceph
  • citrix_adc
  • golang
  • hadoop
  • haproxy
  • iis
  • kafka
  • microsoft_sqlserver
  • nagios_xi
  • nginx
  • oracle
  • oracle_weblogic
  • php_fpm
  • postgresql
  • rabbitmq
  • redis
  • traefik

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

@elasticmachine
Copy link

elasticmachine commented Sep 18, 2023
edited

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-09-21T12:01:57.740+0000

  • Duration: 39 min 57 sec

Test stats 🧪

Test Results
Failed 0
Passed 547
Skipped 0
Total 547

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Sep 18, 2023
edited

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (53/53) 💚
Files 93.939% (62/66) 👎 -6.061
Classes 93.939% (62/66) 👎 -6.061
Methods 91.304% (609/667) 👎 -3.757
Lines 92.538% (7974/8617) 👍 12.692
Conditionals 100.0% (0/0) 💚

@ishleenk17 ishleenk17 self-assigned this Sep 18, 2023
@ishleenk17 ishleenk17 marked this pull request as ready for review September 18, 2023 09:37
@ishleenk17 ishleenk17 requested a review from a team as a code owner September 18, 2023 09:37
@ishleenk17 ishleenk17 changed the title Initial commit for event.original if check Add null checks and ignore_missing checks to the rename processor Sep 18, 2023
@muthu-mps
Copy link
Contributor

@ishleenk17,
As this PR closes the #7822 , Are we consider addressing all the cloud native and cloud monitoring integration changes as well with this PR ?

Observations

As the event.original is renamed and the grok processor is applied without validating the preserve_original_event flag. Will this be an extra overhead when we remove the event.original field at the end after performing rename and applying grok?

Remove processor Sample

- remove:
      field: event.original
      if: "ctx.tags == null || !(ctx.tags.contains('preserve_original_event'))"
      ignore_failure: true
      ignore_missing: true

@shmsr
Copy link
Member

shmsr commented Sep 21, 2023
edited

Can we also note down the names of the packages touched in this PR (in the PR description itself) so that it is trackable?

Also, in the PR description:

Closes #7822

^ This issue will be closed once this PR gets merged and not all packages are taken care of, right? So can we do s/Closes/Relates

@shmsr
Copy link
Member

shmsr commented Sep 21, 2023

Looks good to me.

shmsr
shmsr reviewed Sep 21, 2023
View reviewed changes
Copy link
Member

@shmsr shmsr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a comment in PR comments.

@ishleenk17
Copy link
Contributor Author

ishleenk17 commented Sep 21, 2023
edited

Can we also note down the names of the packages touched in this PR (in the PR description itself) so that it is trackable?

Also, in the PR description:

Closes #7822

^ This issue will be closed once this PR gets merged and not all packages are taken care of, right? So can we do s/Closes/Relates

Makes sense. Updated!

@ishleenk17
Copy link
Contributor Author

As the event.original is renamed and the grok processor is applied without validating the preserve_original_event flag. Will this be an extra overhead when we remove the event.original field at the end after performing rename and applying grok?

@muthu-mps , the renaming of message to event.original was already happening. We are mainly adding if checks.
Also since we are having check for preserve original in the end after all the groking has been done, so it should be ok.
For tracking preserve original issue I have raised this github ticket

@muthu-mps
Copy link
Contributor

muthu-mps commented Sep 21, 2023
edited

@ishleenk17 - As part of the new validation rules here we should also remove the message field. Can we consider removing message field as a part of this change ?

@ishleenk17
Copy link
Contributor Author

@ishleenk17 - As part of the new validation rules here we should also remove the message field. Can we consider removing message field as a part of this change ?

Muthu, removing of fields that have been renamed should be tackled at a generic level, not specific to event.original. Some examples, in haproxy, iis for eg. there exists many renamed fields which are not removed. So, I don't think we should keep this removal as a validation check in. I will comment same in this ticket as well.

@muthu-mps muthu-mps self-requested a review September 21, 2023 09:27
muthu-mps
muthu-mps approved these changes Sep 21, 2023
View reviewed changes
Copy link
Contributor

@muthu-mps muthu-mps left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ishleenk17 ishleenk17 merged commit 9d22b59 into elastic:main Sep 21, 2023
4 checks passed
@elasticmachine
Copy link

Package apache - 1.15.1 containing this change is available at https://epr.elastic.co/search?package=apache

@elasticmachine
Copy link

Package apache_tomcat - 0.12.3 containing this change is available at https://epr.elastic.co/search?package=apache_tomcat

@elasticmachine
Copy link

Package cassandra - 1.9.1 containing this change is available at https://epr.elastic.co/search?package=cassandra

@elasticmachine
Copy link

Package ceph - 1.0.1 containing this change is available at https://epr.elastic.co/search?package=ceph

@elasticmachine
Copy link

Package citrix_adc - 1.0.1 containing this change is available at https://epr.elastic.co/search?package=citrix_adc

@elasticmachine
Copy link

Package golang - 0.4.3 containing this change is available at https://epr.elastic.co/search?package=golang

@elasticmachine
Copy link

Package hadoop - 1.1.8 containing this change is available at https://epr.elastic.co/search?package=hadoop

@elasticmachine
Copy link

Package haproxy - 1.8.3 containing this change is available at https://epr.elastic.co/search?package=haproxy

@elasticmachine
Copy link

Package iis - 1.15.1 containing this change is available at https://epr.elastic.co/search?package=iis

@elasticmachine
Copy link

Package kafka - 1.9.2 containing this change is available at https://epr.elastic.co/search?package=kafka

@elasticmachine
Copy link

Package microsoft_sqlserver - 2.2.1 containing this change is available at https://epr.elastic.co/search?package=microsoft_sqlserver

@elasticmachine
Copy link

Package nagios_xi - 1.1.1 containing this change is available at https://epr.elastic.co/search?package=nagios_xi

@elasticmachine
Copy link

Package nginx - 1.15.1 containing this change is available at https://epr.elastic.co/search?package=nginx

@elasticmachine
Copy link

Package oracle - 1.20.2 containing this change is available at https://epr.elastic.co/search?package=oracle

@elasticmachine
Copy link

Package oracle_weblogic - 1.0.1 containing this change is available at https://epr.elastic.co/search?package=oracle_weblogic

@elasticmachine
Copy link

Package php_fpm - 0.6.2 containing this change is available at https://epr.elastic.co/search?package=php_fpm

@elasticmachine
Copy link

Package postgresql - 1.16.1 containing this change is available at https://epr.elastic.co/search?package=postgresql

@elasticmachine
Copy link

Package rabbitmq - 1.10.1 containing this change is available at https://epr.elastic.co/search?package=rabbitmq

@elasticmachine
Copy link

Package redis - 1.11.1 containing this change is available at https://epr.elastic.co/search?package=redis

@elasticmachine
Copy link

Package traefik - 1.8.1 containing this change is available at https://epr.elastic.co/search?package=traefik

@ishleenk17 ishleenk17 mentioned this pull request Sep 22, 2023
Closed
35 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shmsr shmsr shmsr approved these changes

@muthu-mps muthu-mps muthu-mps approved these changes

Assignees

@ishleenk17 ishleenk17

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ishleenk17 @elasticmachine @muthu-mps @shmsr