-
Notifications
You must be signed in to change notification settings - Fork 422
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[journald] Create custom journald input package #1739
[journald] Create custom journald input package #1739
Conversation
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
Create a generic package for ingesting journald logs.
6aeb21b
to
fda35ef
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR# needs update.
description: > | ||
The name of the originating host (from journald). | ||
|
||
- name: host.id |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ECS field, move to ecs.yml?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reason I defined them here is because I wanted to overwrite the description with its journald specific meaning. Ideally I would be able to use something like this to give clear indication that the fields type is governed by ECS, but that I'm giving it a tailored description to the use case.
- name: host.hostname
external: ecs
description: >
The name of the originating host (from journald).
- name: host.id
external: ecs
description: >
The machine ID of the originating host (from `machine-id`).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did move them over to ecs.yml with an external: ecs
.
This is waiting on a new Agent build containing elastic/beats#28160. |
/test |
1 similar comment
/test |
…thub.com:v1v/integrations into feature/refactor-to-support-windows-integrations * 'feature/refactor-to-support-windows-integrations' of github.com:v1v/integrations: (200 commits) [CI] Draft for windows system tests [journald] Create custom journald input package (elastic#1739) [Microsoft_DHCP] New package replacing old RSA2ELK DHCP package (elastic#1793) Fix contains check for forwarded tag (elastic#1861) [google_workspace] Fix contains check for forwarded tag (elastic#1819) Fix contains check for forwarded tag (elastic#1805) Fix contains check for forwarded tag (elastic#1815) Fix contains check for forwarded tag (elastic#1816) Fix contains check for forwarded tag (elastic#1817) Fix contains check for forwarded tag (elastic#1818) Fix contains check for forwarded tag (elastic#1820) Fix contains check for forwarded tag (elastic#1821) Fix contains check for forwarded tag (elastic#1822) Fix contains check for forwarded tag (elastic#1823) Fix contains check for forwarded tag (elastic#1824) Fix contains check for forwarded tag (elastic#1825) Fix contains check for forwarded tag (elastic#1826) Fix contains check for forwarded tag (elastic#1827) Fix contains check for forwarded tag (elastic#1828) Fix contains check for forwarded tag (elastic#1829) ...
Create a generic package for ingesting journald logs.
What does this PR do?
Create a generic package for ingesting journald logs.
Checklist
changelog.yml
file.manifest.yml
file to point to the latest Elastic stack release (e.g.^7.13.0
).Screenshots