Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use ingest pipelines for forwarded data set #973

Merged
merged 1 commit into from
May 11, 2021
Merged

Use ingest pipelines for forwarded data set #973

merged 1 commit into from
May 11, 2021

Conversation

marc-gr
Copy link
Contributor

@marc-gr marc-gr commented May 6, 2021

What does this PR do?

Uses the existing pipelines in the forwarded data set.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.

@marc-gr marc-gr requested a review from leehinman May 6, 2021 16:04
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@elasticmachine
Copy link

elasticmachine commented May 6, 2021
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Pull request elastic/elastic-package#973 updated

  • Start Time: 2021-05-11T07:38:34.328+0000

  • Duration: 14 min 19 sec

  • Commit: d4de3d7

Test stats 🧪

Test Results
Failed 0
Passed 118
Skipped 0
Total 118

Trends 🧪

Image of Build Times

Image of Tests

andrewkroh
andrewkroh reviewed May 6, 2021
View reviewed changes
packages/windows/data_stream/forwarded/elasticsearch/ingest_pipeline/default.yml
name: '{{ IngestPipeline "security" }}'
if: ctx?.winlog?.channel != null && ctx?.winlog?.channel == "Security"
- pipeline:
name: '{{ IngestPipeline "powershell" }}'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@marc-gr Are we duplicating the Elasticsearch ingest pipelines from the other data streams here? I don't think there is any way around that now, and if we are then we should see if we can improve this situation through Fleet improvements.

Like perhaps the IngestPipeline function can be made to allow referencing pipelines from other data streams from the same package. Figuring out how to reuse the pipelines from other packages is probably harder unless we create a dependency mechanism so that the Windows package could depend on the security pipeline from the System package.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree. Also this is also done in other packages iirc, so would be a benefit to do it and change these also.

@marc-gr
Copy link
Contributor Author

marc-gr commented May 10, 2021

Opened this elastic/package-spec#580 to keep track of the proposed enhancement

leehinman
leehinman approved these changes May 10, 2021
View reviewed changes
Copy link
Contributor

@leehinman leehinman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@marc-gr marc-gr merged commit f363ff7 into elastic:master May 11, 2021
@marc-gr marc-gr deleted the forwarded-ingest branch May 11, 2021 07:54
eyalkraft pushed a commit to build-security/integrations that referenced this pull request Mar 30, 2022
@marc-gr
Use ingest pipelines for forwarded data set (elastic#973)
2cc62ff
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh left review comments

@leehinman leehinman leehinman approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request Integration:windows Windows
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@marc-gr @elasticmachine @andrewkroh @leehinman