diff --git a/packages/aws/changelog.yml b/packages/aws/changelog.yml index 35680875977..b8a50d4bce7 100644 --- a/packages/aws/changelog.yml +++ b/packages/aws/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.21.0" + changes: + - description: Fix route53 public logs grok pattern. + type: enhancement + link: https://github.com/elastic/integrations/pull/9249 - version: "2.20.0" changes: - description: Add S3 polling option to data streams use aws-s3 input diff --git a/packages/aws/data_stream/route53_public_logs/_dev/test/pipeline/test-route53.log b/packages/aws/data_stream/route53_public_logs/_dev/test/pipeline/test-route53.log index 3b3e8482e79..12f2eb54675 100644 --- a/packages/aws/data_stream/route53_public_logs/_dev/test/pipeline/test-route53.log +++ b/packages/aws/data_stream/route53_public_logs/_dev/test/pipeline/test-route53.log @@ -3,4 +3,5 @@ 1.0 2017-12-13T08:16:03.983Z Z123412341234 example.com ANY NOERROR UDP FRA6 2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6 2001:db8:abcd::/48 1.0 2017-12-13T08:15:50.342Z Z123412341234 bad.example.com A NXDOMAIN UDP IAD12 89.160.20.112 192.168.111.0/24 1.0 2017-12-13T08:16:05.744Z Z123412341234 txt.example.com TXT NOERROR UDP JFK5 89.160.20.112 - -1.0 2017-12-13T08:16:05.744Z Z123412341234 txt.example.com TXT NOERROR UDP GRU1-C1 89.160.20.112 - \ No newline at end of file +1.0 2017-12-13T08:16:05.744Z Z123412341234 txt.example.com TXT NOERROR UDP GRU1-C1 89.160.20.112 - +1.0 2017-12-13T08:17:05.744Z Z123412341234 _spf.example.com SPF NOERROR UDP DEN50-C1 89.160.20.112 - diff --git a/packages/aws/data_stream/route53_public_logs/_dev/test/pipeline/test-route53.log-expected.json b/packages/aws/data_stream/route53_public_logs/_dev/test/pipeline/test-route53.log-expected.json index aa2a729c826..c246f76ec36 100644 --- a/packages/aws/data_stream/route53_public_logs/_dev/test/pipeline/test-route53.log-expected.json +++ b/packages/aws/data_stream/route53_public_logs/_dev/test/pipeline/test-route53.log-expected.json @@ -440,6 +440,81 @@ "tags": [ "preserve_original_event" ] + }, + { + "@timestamp": "2017-12-13T08:17:05.744Z", + "aws": { + "route53": { + "edge_location": "DEN50-C1", + "hosted_zone_id": "Z123412341234" + } + }, + "cloud": { + "provider": "aws" + }, + "dns": { + "question": { + "name": "_spf.example.com", + "registered_domain": "example.com", + "subdomain": "_spf", + "top_level_domain": "com", + "type": "SPF" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "category": [ + "network" + ], + "kind": "event", + "original": "1.0 2017-12-13T08:17:05.744Z Z123412341234 _spf.example.com SPF NOERROR UDP DEN50-C1 89.160.20.112 -", + "outcome": "success", + "type": [ + "protocol" + ] + }, + "network": { + "iana_number": "17", + "protocol": "dns", + "transport": "udp", + "type": "ipv4" + }, + "related": { + "hosts": [ + "_spf.example.com" + ], + "ip": [ + "89.160.20.112" + ] + }, + "source": { + "address": "89.160.20.112", + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112" + }, + "tags": [ + "preserve_original_event" + ] } ] } \ No newline at end of file diff --git a/packages/aws/data_stream/route53_public_logs/elasticsearch/ingest_pipeline/default.yml b/packages/aws/data_stream/route53_public_logs/elasticsearch/ingest_pipeline/default.yml index 50ebf4ca5bb..31c30a31c16 100644 --- a/packages/aws/data_stream/route53_public_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/aws/data_stream/route53_public_logs/elasticsearch/ingest_pipeline/default.yml @@ -31,7 +31,7 @@ processors: - grok: field: event.original patterns: - - '%{BASE10NUM} %{TIMESTAMP_ISO8601:_tmp.timestamp} %{DATA:aws.route53.hosted_zone_id} %{HOSTNAME:_tmp.question} %{WORD:dns.question.type} %{WORD:dns.response_code} %{WORD:network.transport} %{EDGE_LOCATION:aws.route53.edge_location} %{IP:source.address} (%{SUBNET:aws.route53.edns_client_subnet}|-)' + - '%{BASE10NUM} %{TIMESTAMP_ISO8601:_tmp.timestamp} %{DATA:aws.route53.hosted_zone_id} %{DATA:_tmp.question} %{WORD:dns.question.type} %{WORD:dns.response_code} %{WORD:network.transport} %{EDGE_LOCATION:aws.route53.edge_location} %{IP:source.address} (%{SUBNET:aws.route53.edns_client_subnet}|-)' pattern_definitions: EDGE_LOCATION: '[A-Z]{3}\d+(-[A-Z]+\d+)?' SUBNET: '%{IP}/[0-9]+' diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index 68e089f3eb5..b254fd55347 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.0 name: aws title: AWS -version: 2.20.0 +version: 2.21.0 description: Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent. type: integration categories: