Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cisco_ios] Remove erroneous period from repeated messages grok #9228

Merged
merged 2 commits into from Feb 22, 2024
Merged

[cisco_ios] Remove erroneous period from repeated messages grok #9228

merged 2 commits into from Feb 22, 2024

Conversation

taylor-swanson
Copy link
Contributor

@taylor-swanson taylor-swanson commented Feb 22, 2024
edited

Proposed commit message

  • During initial development, a period at the end of the repeated messages grok was added by mistake
  • The period has been removed and tests updated

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

cd packages/cisco_ios
elastic-package test

Related issues

@taylor-swanson
[cisco_ios] Remove erroneous period from repeated messages grok
111f8e1 
- During initial development, a period at the end of the repeated
messages grok was added by mistake
- The period has been removed and tests updated
@taylor-swanson taylor-swanson added bug Something isn't working Integration:CiscoIOS Cisco IOS Team:Security-Deployment and Devices Deployment and Devices Security team labels Feb 22, 2024
@taylor-swanson taylor-swanson self-assigned this Feb 22, 2024
@taylor-swanson taylor-swanson mentioned this pull request Feb 22, 2024
Merged
4 tasks
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
100.0% 100.0% Coverage on New Code
0.0% 0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

cc @taylor-swanson

@taylor-swanson taylor-swanson marked this pull request as ready for review February 22, 2024 16:06
@taylor-swanson taylor-swanson requested a review from a team as a code owner February 22, 2024 16:06
@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@IanLee1521
Copy link

LGTM!

@taylor-swanson
Copy link
Contributor Author

taylor-swanson commented Feb 22, 2024
edited

@IanLee1521, just as a heads up, I ran the log you provided though as a test, and while it no longer produces a grok error, the header portion of the message doesn't get parsed out correctly. It doesn't produce an error, but some of the fields get assigned incorrectly.

<46>: 2024 Feb 21 23:53:26 PST: last message repeated 121 times

{
    "cisco": {
        "ios": {
            "uptime": "<46>"
        }
    },
    "ecs": {
        "version": "8.11.0"
    },
    "event": {
        "category": [
            "network"
        ],
        "original": "<46>: 2024 Feb 21 23:53:26 PST: last message repeated 121 times",
        "provider": "firewall",
        "timezone": "UTC",
        "type": [
            "info"
        ]
    },
    "message": "last message repeated 121 times",
    "observer": {
        "product": "IOS",
        "type": "firewall",
        "vendor": "Cisco"
    },
    "tags": [
        "preserve_original_event"
    ]
}

It seems like the timestamp is the culprit. In all of the other logs, it goes Month Day Year while the log in question goes Year Month Day. I see if I can handle this case in the #9102 PR.

@taylor-swanson taylor-swanson merged commit e8ca6da into elastic:main Feb 22, 2024
5 checks passed
@taylor-swanson taylor-swanson deleted the bug/cisco-ios-msg-repeated-period branch February 22, 2024 20:32
@elasticmachine
Copy link

Package cisco_ios - 1.25.1 containing this change is available at https://epr.elastic.co/search?package=cisco_ios

gizas pushed a commit that referenced this pull request Mar 13, 2024
@taylor-swanson @gizas
[cisco_ios] Remove erroneous period from repeated messages grok (#9228)
2a153eb 
- During initial development, a period at the end of the repeated
messages grok was added by mistake
- The period has been removed and tests updated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gogochan gogochan gogochan approved these changes

Assignees

@taylor-swanson taylor-swanson

Labels
bug Something isn't working Integration:CiscoIOS Cisco IOS Team:Security-Deployment and Devices Deployment and Devices Security team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@taylor-swanson @elasticmachine @IanLee1521 @gogochan