Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[libbeat] Add wineventlog schema to decode_xml processor #24726

Merged
merged 8 commits into from
Apr 6, 2021
Merged

[libbeat] Add wineventlog schema to decode_xml processor #24726

merged 8 commits into from
Apr 6, 2021

Conversation

marc-gr
Copy link
Contributor

@marc-gr marc-gr commented Mar 24, 2021

What does this PR do?

Adds a wineventlog schema decoder to the decode_xml processor.

Why is it important?

To decouple winevent log decoding from winlogbeat.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related

Closes #23910

@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Mar 24, 2021
@marc-gr marc-gr mentioned this pull request Mar 24, 2021
Closed
6 tasks
@marc-gr marc-gr force-pushed the add_wineventlog_schema_decode_xml branch from ae7915c to 87ceaec Compare March 24, 2021 11:57
@marc-gr marc-gr requested a review from P1llus March 24, 2021 11:57
@elasticmachine
Copy link
Collaborator

elasticmachine commented Mar 24, 2021
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Started by user Marc Guasch

  • Start Time: 2021-04-06T05:00:37.187+0000

  • Duration: 56 min 33 sec

  • Commit: a75c084

Test stats 🧪

Test Results
Failed 0
Passed 46548
Skipped 5132
Total 51680

Trends 🧪

Image of Build Times

Image of Tests

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 46548
Skipped 5132
Total 51680

@marc-gr marc-gr force-pushed the add_wineventlog_schema_decode_xml branch 5 times, most recently from 6c9e125 to 17e5858 Compare March 24, 2021 15:30
andrewkroh
andrewkroh reviewed Mar 24, 2021
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Left some suggestions for the docs.

libbeat/processors/decode_xml/docs/decode_xml.asciidoc Outdated Show resolved Hide resolved
libbeat/processors/decode_xml/docs/decode_xml.asciidoc Outdated Show resolved Hide resolved
@marc-gr marc-gr force-pushed the add_wineventlog_schema_decode_xml branch 3 times, most recently from db25591 to 0c060ec Compare March 25, 2021 14:46
andrewkroh
andrewkroh approved these changes Mar 25, 2021
View reviewed changes
libbeat/processors/decode_xml/schema.go Outdated Show resolved Hide resolved
@marc-gr marc-gr force-pushed the add_wineventlog_schema_decode_xml branch 7 times, most recently from 05a1795 to d9514d2 Compare March 31, 2021 06:58
This was referenced Mar 31, 2021
Merged
Merged
@marc-gr marc-gr force-pushed the add_wineventlog_schema_decode_xml branch 2 times, most recently from 049d604 to ab2a213 Compare April 1, 2021 07:10
@marc-gr marc-gr force-pushed the add_wineventlog_schema_decode_xml branch from 6c1568e to 782167e Compare April 5, 2021 10:45
@marc-gr marc-gr merged commit c96e460 into elastic:master Apr 6, 2021
@marc-gr marc-gr deleted the add_wineventlog_schema_decode_xml branch April 6, 2021 06:29
@marc-gr marc-gr mentioned this pull request Apr 6, 2021
Merged
6 tasks
marc-gr added a commit to marc-gr/beats that referenced this pull request Apr 6, 2021
@marc-gr
[libbeat] Add wineventlog schema to decode_xml processor (elastic#24726)
720255f 
(cherry picked from commit c96e460)
@marc-gr marc-gr mentioned this pull request Apr 6, 2021
Merged
marc-gr added a commit that referenced this pull request Apr 6, 2021
@marc-gr
[libbeat] Add wineventlog schema to decode_xml processor (#24726) (#2…
b6b284d 
…4938)

(cherry picked from commit c96e460)
michalpristas pushed a commit to michalpristas/beats that referenced this pull request Apr 7, 2021
@marc-gr @michalpristas
[libbeat] Add wineventlog schema to decode_xml processor (elastic#24726)
2873c4f
v1v added a commit to v1v/beats that referenced this pull request Apr 7, 2021
@v1v
Merge remote-tracking branch 'upstream/master' into feature/mergify
c1238b8 
* upstream/master: (91 commits)
  [Filebeat] Change okta.target to nested field (elastic#24636)
  Add RFC5424 format support for syslog input  (elastic#23954)
  Fix links to Beats product pages (elastic#24821)
  [DOCS] Fix 'make setup' instructions for a new beat (elastic#24944)
  Remove duplicate decode_xml entry (elastic#24941)
  [libbeat] Add wineventlog schema to decode_xml processor (elastic#24726)
  [Elastic Agent] Add check for URL set when cert and cert key. (elastic#24904)
  feat: stage execution cache (elastic#24780)
  Fix error in Journalbeat commands (elastic#24880)
  Add baseline ECS 1.9.0 upgrade (elastic#24909)
  [Elastic Agent] Cloud container legacy apm files. (elastic#24896)
  [Elastic Agent]: Reduce allowed socket path length (elastic#24914)
  Add ability to destroy indices with wildcards in testing (elastic#24915)
  Add status subcommand to report status of running daemon. (elastic#24856)
  Fix types of fields GetHits and Ops in Metricbeat module for Couchbase (elastic#23287)
  Add support for Filestream input in elastic agent. (elastic#24820)
  Implement k8s secrets provider for Agent (elastic#24789)
  Sort processor list in docs (elastic#24874)
  Add support for SCRAM authentication in kafka metricbeat module (elastic#24810)
  Properly update offset in case of unparasable line (elastic#22685)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

@P1llus P1llus Awaiting requested review from P1llus

Assignees
No one assigned
Labels
enhancement libbeat v7.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create decode_xml_wineventlog processor
3 participants
@marc-gr @elasticmachine @andrewkroh