-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
filebeat: CheckPoint module fails to parse action_reason #25575
Labels
Comments
botelastic
bot
added
the
needs_team
Indicates that the issue/PR needs a Team:* label
label
May 6, 2021
hazcod
changed the title
filebeat: CheckPoint module fails to parse log
filebeat: CheckPoint module fails to parse action_reason
May 6, 2021
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
botelastic
bot
removed
the
needs_team
Indicates that the issue/PR needs a Team:* label
label
May 6, 2021
6 tasks
legoguy1000
added a commit
to legoguy1000/beats
that referenced
this issue
May 7, 2021
@hazcod Can you take a look at the PR I created and see if you think it satisfies the issue? |
@legoguy1000 Seems about right, thank you for the fix! |
P1llus
pushed a commit
that referenced
this issue
May 10, 2021
P1llus
added a commit
that referenced
this issue
May 10, 2021
…n its a string, not a Long (#25633) * #25575: Fix `checkpoint.action_reason` when its a string, not a Long (#25609) (cherry picked from commit f432b92) # Conflicts: # x-pack/filebeat/module/checkpoint/fields.go * updating fields.go Co-authored-by: Alex Resnick <adr8292@gmail.com> Co-authored-by: Marius Iversen <marius.iversen@elastic.co>
P1llus
added a commit
that referenced
this issue
May 10, 2021
…n its a string, not a Long (#25634) * #25575: Fix `checkpoint.action_reason` when its a string, not a Long (#25609) (cherry picked from commit f432b92) # Conflicts: # x-pack/filebeat/module/checkpoint/fields.go * updating fields.go Co-authored-by: Alex Resnick <adr8292@gmail.com> Co-authored-by: Marius Iversen <marius.iversen@elastic.co>
leweafan
pushed a commit
to leweafan/beats
that referenced
this issue
Apr 28, 2023
…on` when its a string, not a Long (elastic#25634) * elastic#25575: Fix `checkpoint.action_reason` when its a string, not a Long (elastic#25609) (cherry picked from commit 8b53162) # Conflicts: # x-pack/filebeat/module/checkpoint/fields.go * updating fields.go Co-authored-by: Alex Resnick <adr8292@gmail.com> Co-authored-by: Marius Iversen <marius.iversen@elastic.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sometimes because of an implied rule CheckPoint will put 'Dropped by multiportal infrastructure' into
action_reason
instead of a Long. This causes filebeat to fail parsing.Error:
Log entry:
The text was updated successfully, but these errors were encountered: