From 54c0584543dafe676cca26ae4c9decd3f7cf66b5 Mon Sep 17 00:00:00 2001 From: Mariana Dima Date: Tue, 23 Feb 2021 15:22:19 +0000 Subject: [PATCH] Cherry-pick #24156 to 7.12: Empty configuration options generate `` string for azure-eventhub input (#24183) * Empty configuration options generate `` string for azure-eventhub input (#24156) * work on no value * changelog (cherry picked from commit 916d4e0e559b3c7b29b3b779b3b1c48cb8309a53) * fix changelog --- CHANGELOG.next.asciidoc | 1 + x-pack/filebeat/input/azureeventhub/config.go | 2 +- .../activitylogs/config/azure-eventhub.yml | 22 +++++++++++++++++-- .../azure/auditlogs/config/azure-eventhub.yml | 22 +++++++++++++++++-- .../platformlogs/config/azure-eventhub.yml | 22 +++++++++++++++++-- .../signinlogs/config/azure-eventhub.yml | 22 +++++++++++++++++-- 6 files changed, 82 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index ae641fbfe15..ea2b3579a36 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -165,6 +165,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Suricata EVE: Convert `suricata.eve.flow_id` to string because the field is a keyword in the mapping. {pull}23424[23424] - Zeek DNS: Ignore failures in data type conversions. And change `dns.id` JSON field to a string to match its `keyword` mapping. {pull}23424[23424] - Update `filestream` reader offset when a line is skipped. {pull}23417[23417] +- Add check for empty values in azure module. {pull}24156[24156] - cisco/asa fileset: Fix parsing of 302021 message code. {pull}14519[14519] - Fix filebeat azure dashboards, event category should be `Alert`. {pull}14668[14668] - Fixed dashboard for Cisco ASA Firewall. {issue}15420[15420] {pull}15553[15553] diff --git a/x-pack/filebeat/input/azureeventhub/config.go b/x-pack/filebeat/input/azureeventhub/config.go index 68ad8d109e0..e24f3f2b0f6 100644 --- a/x-pack/filebeat/input/azureeventhub/config.go +++ b/x-pack/filebeat/input/azureeventhub/config.go @@ -33,7 +33,7 @@ func (conf *azureInputConfig) Validate() error { return errors.New("no event hub name configured") } if conf.SAName == "" || conf.SAKey == "" { - return errors.New("missing storage account information") + return errors.New("no storage account or storage account key configured") } if conf.SAContainer == "" { conf.SAContainer = fmt.Sprintf("%s-%s", ephContainerName, conf.EventHubName) diff --git a/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml index 8701cae46fb..a949730a58f 100644 --- a/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml @@ -1,11 +1,29 @@ type: azure-eventhub -connection_string: {{ .connection_string }} +{{ if .eventhub }} eventhub: {{ .eventhub }} +storage_account_container: filebeat-activitylogs-{{ .eventhub }} +{{ end }} + +{{ if .connection_string }} +connection_string: {{ .connection_string }} +{{ end }} + +{{ if .consumer_group }} consumer_group: {{ .consumer_group }} +{{ end }} + +{{ if .storage_account }} storage_account: {{ .storage_account }} +{{ end }} + +{{ if .storage_account_key }} storage_account_key: {{ .storage_account_key }} +{{ end }} + +{{ if .resource_manager_endpoint }} resource_manager_endpoint: {{ .resource_manager_endpoint }} -storage_account_container: filebeat-activitylogs-{{ .eventhub }} +{{ end }} + tags: {{.tags | tojson}} publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} diff --git a/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml index 7f5eb091550..a5460ed456e 100644 --- a/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml @@ -1,11 +1,29 @@ type: azure-eventhub -connection_string: {{ .connection_string }} +{{ if .eventhub }} eventhub: {{ .eventhub }} +storage_account_container: filebeat-auditlogs-{{ .eventhub }} +{{ end }} + +{{ if .connection_string }} +connection_string: {{ .connection_string }} +{{ end }} + +{{ if .consumer_group }} consumer_group: {{ .consumer_group }} +{{ end }} + +{{ if .storage_account }} storage_account: {{ .storage_account }} +{{ end }} + +{{ if .storage_account_key }} storage_account_key: {{ .storage_account_key }} +{{ end }} + +{{ if .resource_manager_endpoint }} resource_manager_endpoint: {{ .resource_manager_endpoint }} -storage_account_container: filebeat-auditlogs-{{ .eventhub }} +{{ end }} + tags: {{.tags | tojson}} publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: diff --git a/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml index 80a73bc9905..49cfcef3a84 100644 --- a/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml @@ -1,11 +1,29 @@ type: azure-eventhub -connection_string: {{ .connection_string }} +{{ if .eventhub }} eventhub: {{ .eventhub }} +storage_account_container: filebeat-platformlogs-{{ .eventhub }} +{{ end }} + +{{ if .connection_string }} +connection_string: {{ .connection_string }} +{{ end }} + +{{ if .consumer_group }} consumer_group: {{ .consumer_group }} +{{ end }} + +{{ if .storage_account }} storage_account: {{ .storage_account }} +{{ end }} + +{{ if .storage_account_key }} storage_account_key: {{ .storage_account_key }} +{{ end }} + +{{ if .resource_manager_endpoint }} resource_manager_endpoint: {{ .resource_manager_endpoint }} -storage_account_container: filebeat-platformlogs-{{ .eventhub }} +{{ end }} + tags: {{.tags | tojson}} publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} diff --git a/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml index e37c7c61a4d..9a6a86e08fa 100644 --- a/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml @@ -1,11 +1,29 @@ type: azure-eventhub -connection_string: {{ .connection_string }} +{{ if .eventhub }} eventhub: {{ .eventhub }} +storage_account_container: filebeat-signinlogs-{{ .eventhub }} +{{ end }} + +{{ if .connection_string }} +connection_string: {{ .connection_string }} +{{ end }} + +{{ if .consumer_group }} consumer_group: {{ .consumer_group }} +{{ end }} + +{{ if .storage_account }} storage_account: {{ .storage_account }} +{{ end }} + +{{ if .storage_account_key }} storage_account_key: {{ .storage_account_key }} +{{ end }} + +{{ if .resource_manager_endpoint }} resource_manager_endpoint: {{ .resource_manager_endpoint }} -storage_account_container: filebeat-signinlogs-{{ .eventhub }} +{{ end }} + tags: {{.tags | tojson}} publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: