Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #21240 to 7.x: Fixes for new 7.10 rsa2elk datasets #21379

Merged
merged 1 commit into from
Sep 29, 2020
Merged

Cherry-pick #21240 to 7.x: Fixes for new 7.10 rsa2elk datasets #21379

merged 1 commit into from
Sep 29, 2020

Conversation

adriansr
Copy link
Contributor

@adriansr adriansr commented Sep 29, 2020
edited by zube bot
Loading

Cherry-pick of PR #21240 to 7.x branch. Original message:

What does this PR do?

This updates the Javascript pipelines in the new rsa2elk datasets for 7.10.

Why is it important?

There were two problems with the original pipelines:

  • juniper/netscreen:

    This pipeline used ’ XML entity as a quote character. This entity translates to UNICODE codepoint U+0092 (PRIVATE USE 2) (�), which is not printable and can cause problems.

My understanding is that this is the result of either:

  • Device logs are encoded in the windows-1252 codepage, or
  • Log parsers originally written in windows-1252 codepage
    and
  • Expecting XML's &#xNNN to encode a byte instead of a unicode codepoint.

In this codepage, \x92 represents a quotation mark similar to the ASCII \x27 single quotation mark ('). The correct codepoint to use for this character would have been U+2019 (’, RIGHT SINGLE QUOTATION MARK, ’).

As it is unclear if the original logs contain this special quote, or it's the result of writing the parsers in a Windows editor, it's better to replace it's usage with empty captures that skip over the quote.

  • All pipelines:

The original pipelines had been generated with some debugging comments that made them much larger than necessary.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

It's OK as long as it passes the tests.

@adriansr
Fixes for new 7.10 rsa2elk datasets (elastic#21240)
49eb59c 
* Fix bad unicode character used in juniper/netscreen

Some parsers from netwitness wrongly use &#x092 XML entity as a quote
character. This entity translates to UNICODE codepoint U+0092 (PRIVATE
USE 2), which is not printable and can cause problems.

My understanding is that this is the result of either:
- Device logs are encoded in the windows-1252 codepage, or
- Log parsers originally written in windows-1252 codepage.

In this codepage, \x92 represents a quotation mark similar to the
ASCII \x27 single quotation mark (').

I believe someone misunderstood XML's &#xNNN entity as escaping a byte value,
instead of a UNICODE codepoint.

As it is unclear if the original logs contain this special quote, or it's the
result of writting the parsers in a Windows editor, it's better to replace
it's usage with empty captures that skip over this quote.

* Update pipelines for new 7.10 rsa2elk datasets

The original pipelines had been generated with some debugging comments
in them, which made them much larger than necessary.

(cherry picked from commit 24e972f)
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Sep 29, 2020
@elasticmachine
Copy link
Collaborator

💔 Tests Failed

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #21379 opened]

  • Start Time: 2020-09-29T13:14:15.144+0000

  • Duration: 83 min 56 sec

Test stats 🧪

Test Results
Failed 2
Passed 20039
Skipped 1865
Total 21906

Test errors

Expand to view the tests failures

  • Name: Build&Test / x-pack/metricbeat-build / TestFetch – ec2

    • Age: 1
    • Duration: 20.06
    • Error Details: Failed

  • Name: Build&Test / metricbeat-pythonIntegTest / test_namespace – metricbeat.module.aerospike.test_aerospike.Test

    • Age: 1
    • Duration: 860.354
    • Error Details: failed on setup with "compose.service.BuildError: (<Service: aerospike>, "The command '/bin/sh -c apt-get update && apt-get install -y netcat' returned a non-zero code: 100")"

Steps errors

Expand to view the steps failures

  • Name: Sleep

    • Description: 5

    • Duration: 0 min 5 sec

    • Start Time: 2020-09-29T13:42:18.207+0000

    • log

  • Name: mage pythonIntegTest

    • Description: mage pythonIntegTest

    • Duration: 53 min 51 sec

    • Start Time: 2020-09-29T13:42:48.468+0000

    • log

  • Name: Notifies GitHub of the status of a Pull Request

    • Description: script returned exit code 1

    • Duration: 0 min 1 sec

    • Start Time: 2020-09-29T14:36:07.663+0000

    • log

  • Name: check for Docker

    • Description: command -v docker

    • Duration: 0 min 1 sec

    • Start Time: 2020-09-29T13:42:18.538+0000

    • log

  • Name: Notifies GitHub of the status of a Pull Request

    • Description: java.util.regex.Matcher

    • Duration: 0 min 1 sec

    • Start Time: 2020-09-29T13:42:20.034+0000

    • log

  • Name: mage build test

    • Description: mage build test

    • Duration: 26 min 43 sec

    • Start Time: 2020-09-29T13:52:28.048+0000

    • log

  • Name: Notifies GitHub of the status of a Pull Request

    • Description: script returned exit code 1

    • Duration: 0 min 1 sec

    • Start Time: 2020-09-29T14:18:35.503+0000

    • log

Log output

Expand to view the last 100 lines of log output 

[2020-09-29T14:36:25.132Z] + tar -xpf source.tgz
[2020-09-29T14:36:37.730Z] + rm source.tgz
[2020-09-29T14:36:37.892Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats
[2020-09-29T14:36:37.926Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/uncategorized-1601386707962
[2020-09-29T14:36:38.034Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/libbeat-stress-tests-1601386966133
[2020-09-29T14:36:38.146Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/winlogbeat-crosscompile-1601387035978
[2020-09-29T14:36:38.247Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/auditbeat-crosscompile-1601387078674
[2020-09-29T14:36:38.346Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-elastic-agent-build-1601387091838
[2020-09-29T14:36:38.455Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-dockerlogbeat-build-1601387135012
[2020-09-29T14:36:38.563Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/journalbeat-unitTest-1601387155442
[2020-09-29T14:36:38.663Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/libbeat-crosscompile-1601387242850
[2020-09-29T14:36:38.769Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/packetbeat-build-1601387323353
[2020-09-29T14:36:38.879Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-functionbeat-build-1601387323775
[2020-09-29T14:36:38.986Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-elastic-agent-windows-windows-2019-1601387384533
[2020-09-29T14:36:39.094Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/metricbeat-unitTest-1601387501441
[2020-09-29T14:36:39.196Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/heartbeat-build-1601387527742
[2020-09-29T14:36:39.299Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/auditbeat-windows-windows-2019-1601387544183
[2020-09-29T14:36:39.409Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/heartbeat-windows-windows-2019-1601387585561
[2020-09-29T14:36:39.520Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-winlogbeat-build-windows-2019-1601387593165
[2020-09-29T14:36:39.621Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/metricbeat-crosscompile-1601387596756
[2020-09-29T14:36:39.725Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/auditbeat-build-1601387610788
[2020-09-29T14:36:39.832Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/generator-metricbeat-test-1601387614800
[2020-09-29T14:36:39.927Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-auditbeat-windows-windows-2019-1601387615987
[2020-09-29T14:36:40.025Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/generator-beat-test-1601387685175
[2020-09-29T14:36:40.125Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/filebeat-windows-windows-2019-1601387735630
[2020-09-29T14:36:40.220Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/packetbeat-windows-windows-2019-1601387754229
[2020-09-29T14:36:40.322Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-functionbeat-windows-windows-2019-1601387783325
[2020-09-29T14:36:40.414Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-filebeat-windows-windows-2019-1601387811295
[2020-09-29T14:36:40.514Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/winlogbeat-windows-windows-2019-1601387832446
[2020-09-29T14:36:40.610Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/metricbeat-windows-windows-2019-1601387924554
[2020-09-29T14:36:40.715Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-libbeat-build-1601388076746
[2020-09-29T14:36:40.818Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-metricbeat-windows-windows-2019-1601388181011
[2020-09-29T14:36:40.919Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/auditbeat-macos-macosx-1601388639835
[2020-09-29T14:36:41.016Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/filebeat-build-1601388650642
[2020-09-29T14:36:41.113Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/generator-macos-metricbeat-macosx-1601388802470
[2020-09-29T14:36:41.213Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/generator-macos-beat-macosx-1601388843041
[2020-09-29T14:36:41.312Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/heartbeat-macos-macosx-1601388882761
[2020-09-29T14:36:41.415Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/filebeat-macos-macosx-1601388974950
[2020-09-29T14:36:41.515Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/libbeat-build-1601389033291
[2020-09-29T14:36:41.626Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/metricbeat-goIntegTest-1601389054244
[2020-09-29T14:36:41.730Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-metricbeat-build-1601389102184
[2020-09-29T14:36:41.831Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-filebeat-build-1601389103154
[2020-09-29T14:36:41.929Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-auditbeat-macos-macosx-1601389124909
[2020-09-29T14:36:42.038Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-elastic-agent-macos-macosx-1601389155334
[2020-09-29T14:36:42.138Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/packetbeat-macos-macosx-1601389238151
[2020-09-29T14:36:42.248Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/metricbeat-macos-macosx-1601389250651
[2020-09-29T14:36:42.350Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-filebeat-macos-macosx-1601389438216
[2020-09-29T14:36:42.457Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-metricbeat-macos-macosx-1601389550534
[2020-09-29T14:36:42.561Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-functionbeat-macos-macosx-1601390033521
[2020-09-29T14:36:42.663Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/metricbeat-pythonIntegTest-1601390149141
[2020-09-29T14:36:43.119Z] + cat
[2020-09-29T14:36:43.120Z] + /usr/local/bin/runbld ./runbld-test-reports --job-name elastic+beats+pull-request
[2020-09-29T14:36:43.120Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-09-29T14:36:51.276Z] runbld>>> runbld started
[2020-09-29T14:36:51.276Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-09-29T14:36:53.204Z] runbld>>> The following profiles matched the job 'elastic+beats+pull-request' in order of occurrence in the config (last value wins).
[2020-09-29T14:36:53.205Z] runbld>>> Matches in the system config:
[2020-09-29T14:36:53.205Z] runbld>>> - Matched ^elastic\+beats
[2020-09-29T14:36:53.205Z] runbld>>> - Matched ^elastic\+beats\+pull-request
[2020-09-29T14:36:54.597Z] runbld>>> Debug logging enabled.
[2020-09-29T14:36:54.597Z] runbld>>> Storing result
[2020-09-29T14:36:54.597Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-09-29T14:36:54.597Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1597739501209/t/20200929143654-499F9D20
[2020-09-29T14:36:54.597Z] runbld>>> Adding system facts.
[2020-09-29T14:36:56.521Z] runbld>>> Adding vcs info for the latest commit:  49eb59c566ec1852da4338cde24d814e449155ac
[2020-09-29T14:36:56.521Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-09-29T14:36:56.521Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-09-29T14:36:56.521Z] + echo 'Processing JUnit reports with runbld...'
[2020-09-29T14:36:56.521Z] Processing JUnit reports with runbld...
[2020-09-29T14:36:56.783Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-09-29T14:36:56.783Z] runbld>>> DURATION: 44ms
[2020-09-29T14:36:56.783Z] runbld>>> STDOUT: 40 bytes
[2020-09-29T14:36:56.783Z] runbld>>> STDERR: 49 bytes
[2020-09-29T14:36:56.783Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-09-29T14:36:56.783Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats_PR-21379
[2020-09-29T14:36:57.731Z] runbld>>> Storing build metadata: 
[2020-09-29T14:36:57.731Z] runbld>>> Adding test report.
[2020-09-29T14:36:57.731Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats
[2020-09-29T14:36:58.679Z] runbld>>> Found 137 test output files
[2020-09-29T14:37:00.067Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/metricbeat-goIntegTest-1601389054244/metricbeat/build/TEST-go-integration-graphite.xml
[2020-09-29T14:37:00.329Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/metricbeat-goIntegTest-1601389054244/metricbeat/build/TEST-go-integration-windows.xml
[2020-09-29T14:37:00.902Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-metricbeat-build-1601389102184/x-pack/metricbeat/build/TEST-go-integration-openmetrics.xml
[2020-09-29T14:37:01.163Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-metricbeat-build-1601389102184/x-pack/metricbeat/build/TEST-go-integration-istio.xml
[2020-09-29T14:37:01.163Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-metricbeat-build-1601389102184/x-pack/metricbeat/build/TEST-go-integration-activemq.xml
[2020-09-29T14:37:01.163Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-metricbeat-build-1601389102184/x-pack/metricbeat/build/TEST-go-integration-iis.xml
[2020-09-29T14:37:01.163Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21379/src/github.com/elastic/beats/x-pack-metricbeat-build-1601389102184/x-pack/metricbeat/build/TEST-go-integration-tomcat.xml
[2020-09-29T14:37:02.552Z] runbld>>> Test output logs contained: Errors: 1 Failures: 1 Tests: 21906 Skipped: 1566
[2020-09-29T14:37:02.815Z] runbld>>> Storing result
[2020-09-29T14:37:02.815Z] runbld>>> FAILURES: 2
[2020-09-29T14:37:03.390Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-09-29T14:37:03.390Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1597739501209/t/20200929143654-499F9D20
[2020-09-29T14:37:03.652Z] runbld>>> Email notification disabled by environment variable.
[2020-09-29T14:37:03.652Z] runbld>>> Slack notification disabled by environment variable.
[2020-09-29T14:37:10.017Z] Running on worker-1244230 in /var/lib/jenkins/workspace/Beats_beats_PR-21379
[2020-09-29T14:37:10.086Z] [INFO] getVaultSecret: Getting secrets
[2020-09-29T14:37:10.187Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-09-29T14:37:12.407Z] + chmod 755 generate-build-data.sh
[2020-09-29T14:37:12.407Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21379/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21379/runs/1 FAILURE 4975794
[2020-09-29T14:37:12.407Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21379/runs/1/steps/?limit=10000 -o steps-info.json
[2020-09-29T14:37:21.878Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21379/runs/1/tests/?status=FAILED -o tests-errors.json

@adriansr
Copy link
Contributor Author

Ignoring build failures: x-pack/filebeat tests passed and this only touches .js pipelines.

@adriansr adriansr merged commit 6cfe43e into elastic:7.x Sep 29, 2020
@zube zube bot removed the [zube]: Done label Dec 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marc-gr marc-gr marc-gr approved these changes

Assignees
No one assigned
Labels
backport review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adriansr @elasticmachine @marc-gr