Skip to content

Network direction processor additions #68712

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Apr 14, 2021
Merged

Network direction processor additions #68712

merged 11 commits into from
Apr 14, 2021

Conversation

@andrewstucki
Copy link

@andrewstucki andrewstucki commented Feb 8, 2021

This adds some functionality to the new network_direction processor that allows the processor to use templates for specifying internal_networks or to read the values as an array from a given field. This is important because it allows for dynamic processor execution based on the contents of a given field. We actually use this internally in a number of beats modules where we pass configuration from a configuration file up to a pipeline on the document being ingested--the processor then gets executed based off of that extra configuration context prior to the fields being dropped.

One of my first desired use cases is in the cisco umbrella filebeat module where I'm planning to add the following to the pipeline:

  - network_direction:
      internal_networks_field: _conf.internal_networks
      ignore_missing: true

@andrewstucki andrewstucki added >enhancement :Data Management/Ingest Node Execution or management of Ingest Pipelines including GeoIP labels Feb 8, 2021
@elasticmachine elasticmachine added the Team:Data Management Meta label for data/management team label Feb 8, 2021
@elasticmachine
Copy link
Collaborator

elasticmachine commented Feb 8, 2021

Pinging @elastic/es-core-features (Team:Core/Features)

@danhermann danhermann self-requested a review February 8, 2021 21:39
@danhermann
Copy link
Contributor

danhermann commented Mar 1, 2021

@andrewstucki, can you update this PR with the new location of these files to resolve the merge conflicts?

@andrewstucki andrewstucki force-pushed the network-direction-additions branch from fd167b6 to cf6701a Compare March 23, 2021 16:39
@andrewstucki
Copy link
Author

andrewstucki commented Mar 23, 2021

@danhermann sorry about the delay, this should be up-to-date now.

danhermann
danhermann reviewed Mar 25, 2021
View reviewed changes
Copy link
Contributor

@danhermann danhermann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @andrewstucki. This looks pretty good although I think there are some simplifications that can be made as noted below.

danhermann
danhermann suggested changes Apr 12, 2021
View reviewed changes
Copy link
Contributor

@danhermann danhermann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@andrewstucki, two small requests here and then we can merge this. Can you add a test in NetworkDirectionProcessorFactoryTests that validates the internal_networks_field option for the processor. And then one other small request below.

@danhermann
Copy link
Contributor

danhermann commented Apr 14, 2021

Thanks, @andrewstucki. I'll get this merged and backported.

@danhermann danhermann merged commit c102566 into elastic:master Apr 14, 2021
danhermann pushed a commit to danhermann/elasticsearch that referenced this pull request Apr 14, 2021
@danhermann
Network direction processor supports dynamic internal networks specif…
060ad4d 
…ication (elastic#68712)
@danhermann danhermann mentioned this pull request Apr 14, 2021
Merged
@danhermann
Copy link
Contributor

danhermann commented Apr 15, 2021

cc: @elastic/es-ui in case auto-complete needs to be updated to accommodate this new option.

@alisonelizabeth alisonelizabeth mentioned this pull request Apr 19, 2021
Closed
@stevejgordon stevejgordon mentioned this pull request Apr 21, 2021
Closed
62 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@danhermann danhermann danhermann requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

:Data Management/Ingest Node Execution or management of Ingest Pipelines including GeoIP >enhancement Team:Data Management Meta label for data/management team v7.13.0 v8.0.0-alpha1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@andrewstucki @elasticmachine @danhermann @jakelandis