Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Filebeat module expected logs files #21454

Merged
merged 1 commit into from
Oct 2, 2020
Merged

Update Filebeat module expected logs files #21454

merged 1 commit into from
Oct 2, 2020

Conversation

andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Oct 1, 2020
edited
Loading

What does this PR do?

Elasticsearch added country_name to the list of default field for geo in elastic/elasticsearch#62915. So the expected files needed updated.

Why is it important?

Fixes broken Filebeat module.

Checklist

  • My code follows the style guidelines of this project
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@andrewkroh
Update Filebeat module expected logs files
73675e7 
Elasticsearch added country_name to the list of default field for geo in elastic/elasticsearch#62915. So the expected files needed updated.
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 1, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Oct 1, 2020
@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #21454 opened]

  • Start Time: 2020-10-01T20:09:37.950+0000

  • Duration: 59 min 27 sec

Test stats 🧪

Test Results
Failed 0
Passed 4406
Skipped 558
Total 4964

leehinman
leehinman requested changes Oct 1, 2020
View reviewed changes
x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json
@@ -607,7 +607,6 @@
]
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems odd that this is removed. Looks like the date is in the original log.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It must be from

beats/filebeat/tests/system/test_modules.py

Lines 226 to 257 in 3390aa8

# datasets for which @timestamp is removed due to date missing
remove_timestamp = {
"activemq.audit",
"barracuda.spamfirewall",
"barracuda.waf",
"bluecoat.director",
"cef.log",
"cisco.asa",
"cisco.ios",
"citrix.netscaler",
"cyberark.corepas",
"cylance.protect",
"f5.bigipafm",
"fortinet.clientendpoint",
"haproxy.log",
"icinga.startup",
"imperva.securesphere",
"infoblox.nios",
"iptables.log",
"juniper.netscreen",
"netscout.sightline",
"proofpoint.emailsecurity",
"redis.log",
"snort.log",
"symantec.endpointprotection",
"system.auth",
"system.syslog",
"microsoft.defender_atp",
"crowdstrike.falcon_endpoint",
"crowdstrike.falcon_audit",
"gsuite.admin",
"gsuite.config",

@andrewkroh andrewkroh merged commit 13a5463 into elastic:master Oct 2, 2020
v1v added a commit to v1v/beats that referenced this pull request Oct 2, 2020
@v1v
Merge remote-tracking branch 'upstream/master' into feature/windows-2016
ff9a47c 
* upstream/master: (27 commits)
  [Ingest Manager] Split index restrictions into type,dataset, namespace parts (elastic#21406)
  Update Filebeat module expected logs files (elastic#21454)
  Edit SQL module docs and fix broken doc structure (elastic#21233)
  [Ingest Manager] Send snapshot flag together with metadata (elastic#21285)
  Revert "[JJBB] Set shallow cloning to 10 (elastic#21409)" (elastic#21447)
  [JJBB] Use reference repo for fast checkouts (elastic#21410)
  Add initial skeleton of filestream input (elastic#21427)
  Initial spec file for apm-server (elastic#21225)
  [Ingest Manager] Upgrade Action: make source URI optional (elastic#21372)
  Add field limit check for AWS Cloudtrail flattened fields (elastic#21388)
  [Winlogbeat] Move winlogbeat javascript processor to libbeat (elastic#21402)
  ci: pipeline to generate the changelog (elastic#21426)
  [JJBB] Set shallow cloning to 10 (elastic#21409)
  docs: add link to release notes for 7.9.2 (elastic#21405) (elastic#21419)
  docs: Prepare Changelog for 7.9.2 (elastic#21229) (elastic#21403)
  fix: mark flaky tests (elastic#21300)
  fix: use a fixed version of setuptools (elastic#21393)
  Move Kubernetes events metricset to its own block in reference config (elastic#21407)
  [libbeat] Enable WriteAheadLimit in the disk queue (elastic#21391)
  docs: fix apt/yum formatting (elastic#21362)
  ...
v1v added a commit to v1v/beats that referenced this pull request Oct 2, 2020
@v1v
Merge remote-tracking branch 'upstream/master' into feature/ci-pipeli…
83f8acf 
…ne-2.0-arm

* upstream/master: (54 commits)
  [CI] Change x-pack/auditbeat build events (comments, labels) (elastic#21463)
  [CI] changeset from elastic#20603 was not added to CI2.0 (elastic#21464)
  Add new log file reader for filestream input (elastic#21450)
  [CI] Send slack message with build status (elastic#21428)
  Remove duplicated sources url in dependencies report (elastic#21462)
  Add implementation of FSWatcher and FSScanner for filestream (elastic#21444)
  [Ingest Manager] Split index restrictions into type,dataset, namespace parts (elastic#21406)
  Update Filebeat module expected logs files (elastic#21454)
  Edit SQL module docs and fix broken doc structure (elastic#21233)
  [Ingest Manager] Send snapshot flag together with metadata (elastic#21285)
  Revert "[JJBB] Set shallow cloning to 10 (elastic#21409)" (elastic#21447)
  [JJBB] Use reference repo for fast checkouts (elastic#21410)
  Add initial skeleton of filestream input (elastic#21427)
  Initial spec file for apm-server (elastic#21225)
  [Ingest Manager] Upgrade Action: make source URI optional (elastic#21372)
  Add field limit check for AWS Cloudtrail flattened fields (elastic#21388)
  [Winlogbeat] Move winlogbeat javascript processor to libbeat (elastic#21402)
  ci: pipeline to generate the changelog (elastic#21426)
  [JJBB] Set shallow cloning to 10 (elastic#21409)
  docs: add link to release notes for 7.9.2 (elastic#21405) (elastic#21419)
  ...
v1v added a commit to v1v/beats that referenced this pull request Oct 2, 2020
@v1v
Merge remote-tracking branch 'upstream/master' into feature/2.0-skip-…
7c218ea 
…ci-build-label-support

* upstream/master:
  [CI] Change x-pack/auditbeat build events (comments, labels) (elastic#21463)
  [CI] changeset from elastic#20603 was not added to CI2.0 (elastic#21464)
  Add new log file reader for filestream input (elastic#21450)
  [CI] Send slack message with build status (elastic#21428)
  Remove duplicated sources url in dependencies report (elastic#21462)
  Add implementation of FSWatcher and FSScanner for filestream (elastic#21444)
  [Ingest Manager] Split index restrictions into type,dataset, namespace parts (elastic#21406)
  Update Filebeat module expected logs files (elastic#21454)
  Edit SQL module docs and fix broken doc structure (elastic#21233)
  [Ingest Manager] Send snapshot flag together with metadata (elastic#21285)
  Revert "[JJBB] Set shallow cloning to 10 (elastic#21409)" (elastic#21447)
  [JJBB] Use reference repo for fast checkouts (elastic#21410)
  Add initial skeleton of filestream input (elastic#21427)
  Initial spec file for apm-server (elastic#21225)
  [Ingest Manager] Upgrade Action: make source URI optional (elastic#21372)
  Add field limit check for AWS Cloudtrail flattened fields (elastic#21388)
  [Winlogbeat] Move winlogbeat javascript processor to libbeat (elastic#21402)
  ci: pipeline to generate the changelog (elastic#21426)
@andrewkroh andrewkroh mentioned this pull request Oct 5, 2020
Merged
3 tasks
andrewkroh added a commit to andrewkroh/beats that referenced this pull request Oct 7, 2020
@andrewkroh
Update Filebeat module expected logs files (elastic#21454)
f6e6db6 
Elasticsearch added country_name to the list of default field for geo in elastic/elasticsearch#62915. So the expected files needed updated.

(cherry picked from commit 13a5463)
andrewkroh added a commit that referenced this pull request Oct 7, 2020
@andrewkroh
Update Filebeat module expected logs files (#21454) (#21526)
a3011ec 
Elasticsearch added country_name to the list of default field for geo in elastic/elasticsearch#62915. So the expected files needed updated.

(cherry picked from commit 13a5463)
andrewkroh added a commit to andrewkroh/beats that referenced this pull request Oct 7, 2020
@andrewkroh
Update Filebeat module expected logs files (elastic#21454)
ffe1640 
Elasticsearch added country_name to the list of default field for geo in elastic/elasticsearch#62915. So the expected files needed updated.

(cherry picked from commit 13a5463)
@andrewkroh andrewkroh mentioned this pull request Oct 7, 2020
Merged
3 tasks
andrewkroh added a commit that referenced this pull request Oct 8, 2020
@andrewkroh
Update Filebeat module expected logs files (#21454) (#21660)
a4c606e 
Elasticsearch added country_name to the list of default field for geo in elastic/elasticsearch#62915. So the expected files needed updated.

(cherry picked from commit 13a5463)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leehinman leehinman leehinman approved these changes

Assignees
No one assigned
Labels
Filebeat Filebeat v7.10.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrewkroh @elasticmachine @leehinman