Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ingest Node processor for Network Community ID #55685

Closed
andrewkroh opened this issue Apr 23, 2020 · 1 comment · Fixed by #66534
Closed

Ingest Node processor for Network Community ID #55685

andrewkroh opened this issue Apr 23, 2020 · 1 comment · Fixed by #66534
Assignees
@danhermann
Labels
:Data Management/Ingest Node Execution or management of Ingest Pipelines including GeoIP >enhancement Team:Data Management Meta label for data/management team

Comments

@andrewkroh
Copy link
Member

Describe the feature:

As a user that processes networking logs with Ingest Node, I would like to have an Ingest Node processor for populating the Elastic Common Schema (ECS) network.community_id field. At a high level this value is a hash of the source/destination addresses and protocol.

This is a useful field for correlating all events related to the same network flow regardless of the flow direction. For example correlating Packetbeat events other network log sources.

References
@andrewkroh andrewkroh added the :Data Management/Ingest Node Execution or management of Ingest Pipelines including GeoIP label Apr 23, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-core-features (:Core/Features/Ingest)

@rjernst rjernst added the Team:Data Management Meta label for data/management team label May 4, 2020
@danhermann danhermann self-assigned this Nov 19, 2020
@danhermann danhermann mentioned this issue Dec 17, 2020
Merged
@danhermann danhermann mentioned this issue Jan 14, 2021
Merged
@stevejgordon stevejgordon mentioned this issue Feb 22, 2021
Closed
34 tasks
@joegallo joegallo mentioned this issue Feb 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danhermann danhermann

Labels
:Data Management/Ingest Node Execution or management of Ingest Pipelines including GeoIP >enhancement Team:Data Management Meta label for data/management team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Network community_id processor for ingest pipelines danhermann/elasticsearch
4 participants
@rjernst @andrewkroh @elasticmachine @danhermann