-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Filebeat] Update Grok pattern for UDM logs #25616
Conversation
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
@JAndritsch Let me know what you think for these changes. Also if you find out anything on the weird format of these logs, let me know. |
I'll try to test them out today. I just posted an issue on the Ubiquiti forums, so hopefully that'll help shed some light on things. |
I just had a chance to test these changes. It looks like the sample messages I gave you now parse properly. I was hoping to hear back from the UI forums before this gets merged, but it's quiet over there. I still feel like there's got to be something wrong with the log format from those UDM logs. |
If it is working as you would expected we can go ahead and merge it, worst case scenario we can apply more changes later on if needed. |
run tests |
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, waiting for CI to pass
This pull request is now in conflicts. Could you fix it? 🙏
|
3090f27
to
342b393
Compare
run tests |
This pull request is now in conflicts. Could you fix it? 🙏
|
17d2971
to
bd5a220
Compare
* Update Grok pattern for UDM logs * update changelog (cherry picked from commit fcf19c3)
* Update Grok pattern for UDM logs * update changelog (cherry picked from commit fcf19c3)
…25721) * [Filebeat] Update Grok pattern for UDM logs (#25616) * Update Grok pattern for UDM logs * update changelog (cherry picked from commit fcf19c3) * trying to regenerate golden files222222 * fixing tags * add options from master Co-authored-by: Alex Resnick <adr8292@gmail.com> Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co> Co-authored-by: Marius Iversen <marius.iversen@elastic.co>
What does this PR do?
Updates the IPtables ingest pipeline with an additional grok pattern.
Why is it important?
The module currently isn't able to parse some log entries created by the UDM pro
Checklist
CHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.Author's Checklist
How to test this PR locally
Related issues
Use cases
Screenshots
Logs