Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixing breakage caused in #10174 #10340

Merged
merged 2 commits into from
Jan 25, 2019
Merged

Fixing breakage caused in #10174 #10340

merged 2 commits into from
Jan 25, 2019

Conversation

ycombinator
Copy link
Contributor

@ycombinator ycombinator commented Jan 25, 2019
edited
Loading

PR #10174 inadvertently broke the parsing of a couple of fields:

  1. The audit event. The correct field for 6.x should've been elasticsearch.audit.event_type but Cherry-pick #10135 to 6.x: Elasticsearch/audit fileset should be more lenient in parsing node name #10174 was parsing this information into event.type. The latter is an ECS field that should only exist in 7.0+. This PR reverts the target field to elasticsearch.audit.event_type.

  2. The audit URI. PR Cherry-pick #10135 to 6.x: Elasticsearch/audit fileset should be more lenient in parsing node name #10174 introduced a typo in the grok expression for this field, thereby causing it and any subsequent fields in the log line to no longer be parsed. This PR fixes the typo and now the audit URI field and subsequent fields in log line get parsed again.

@ycombinator ycombinator requested a review from ruflin January 25, 2019 14:22
@ycombinator ycombinator mentioned this pull request Jan 25, 2019
Merged
ruflin
ruflin approved these changes Jan 25, 2019
View reviewed changes
Copy link
Contributor

@ruflin ruflin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Glad you found this. Should have catched this in the review :-(

@ycombinator ycombinator mentioned this pull request Jan 25, 2019
Merged
@ycombinator
Copy link
Contributor Author

jenkins, test this

@ycombinator ycombinator merged commit 897c1bd into elastic:6.x Jan 25, 2019
@ycombinator ycombinator deleted the backport_10135_6.x branch January 25, 2019 21:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruflin ruflin ruflin approved these changes

Assignees
No one assigned
Labels
Feature:Stack Monitoring review v6.6.1 v6.7.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ycombinator @ruflin