Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #17844 to 7.x: [Filebeat] Improve ECS categorization field mappings for nginx module #17940

Merged
merged 3 commits into from
Apr 29, 2020
Merged

Cherry-pick #17844 to 7.x: [Filebeat] Improve ECS categorization field mappings for nginx module #17940

merged 3 commits into from
Apr 29, 2020

Conversation

leehinman
Copy link
Contributor

@leehinman leehinman commented Apr 23, 2020
edited by zube bot
Loading

Cherry-pick of PR #17844 to 7.x branch. Original message:

What does this PR do?

Improves ECS categorization field mappings for nginx module. Specifically it adds:

  • access
    • event.kind
    • event.category
    • event.type
    • event.outcome
    • lowercase http.request.method
    • improve grok to not populate empty fields
    • related.ip
    • related.users
  • error
    • event.kind
    • event.category
    • event.outcome
  • ingress_controller
    • event.kind
    • event.category
    • event.type
    • event.outcome
    • lowercase http.request.method
    • improve grok to not populate empty fields
    • related.ip
    • related.users

Why is it important?

Improved ECS compliance improves use in SIEM application and makes comparing data across data sources easier.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
    - [ ] I have made corresponding changes to the documentation
    - [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

Closes #16174

@leehinman
Improve ECS categorization field mappings for nginx module (elastic#1…
699677c 
…7844)

- access
  + event.kind
  + event.category
  + event.type
  + event.outcome
  + lowercase http.request.method
  + improve grok to not populate empty fields
  + related.ip
  + related.users
- error
  + event.kind
  + event.category
  + event.outcome
- ingress_controller
  + event.kind
  + event.category
  + event.type
  + event.outcome
  + lowercase http.request.method
  + improve grok to not populate empty fields
  + related.ip
  + related.users

Closes elastic#16174

(cherry picked from commit 93c3d15)
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@andrewkroh
Copy link
Member

Looks like this needs attention to fix the merge conflict. Then hopefully CI will be in better shape.

@elasticmachine
Copy link
Collaborator

elasticmachine commented Apr 29, 2020
edited
Loading

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview stats

Expand to view the summary

Build stats

Test stats 🧪

Test Results
Failed 0
Passed 2108
Skipped 283
Total 2391

@leehinman leehinman merged commit f8ca5ca into elastic:7.x Apr 29, 2020
@leehinman leehinman deleted the backport_17844_7.x branch April 29, 2020 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@leehinman @elasticmachine @andrewkroh