Skip to content

Commit

Permalink
Empty configuration options generate <no value> string for azure-ev…
Browse files Browse the repository at this point in the history
…enthub input (elastic#24156)

* work on no value

* changelog

(cherry picked from commit 916d4e0)
  • Loading branch information
narph committed Feb 23, 2021
1 parent 950b1c4 commit c163eae
Show file tree
Hide file tree
Showing 6 changed files with 85 additions and 9 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,10 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Suricata EVE: Convert `suricata.eve.flow_id` to string because the field is a keyword in the mapping. {pull}23424[23424]
- Zeek DNS: Ignore failures in data type conversions. And change `dns.id` JSON field to a string to match its `keyword` mapping. {pull}23424[23424]
- Update `filestream` reader offset when a line is skipped. {pull}23417[23417]
- Add check for empty values in azure module. {pull}24156[24156]

*Filebeat*

- cisco/asa fileset: Fix parsing of 302021 message code. {pull}14519[14519]
- Fix filebeat azure dashboards, event category should be `Alert`. {pull}14668[14668]
- Fixed dashboard for Cisco ASA Firewall. {issue}15420[15420] {pull}15553[15553]
Expand Down
2 changes: 1 addition & 1 deletion x-pack/filebeat/input/azureeventhub/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ func (conf *azureInputConfig) Validate() error {
return errors.New("no event hub name configured")
}
if conf.SAName == "" || conf.SAKey == "" {
return errors.New("missing storage account information")
return errors.New("no storage account or storage account key configured")
}
if conf.SAContainer == "" {
conf.SAContainer = fmt.Sprintf("%s-%s", ephContainerName, conf.EventHubName)
Expand Down
Original file line number Diff line number Diff line change
@@ -1,11 +1,29 @@
type: azure-eventhub
connection_string: {{ .connection_string }}
{{ if .eventhub }}
eventhub: {{ .eventhub }}
storage_account_container: filebeat-activitylogs-{{ .eventhub }}
{{ end }}

{{ if .connection_string }}
connection_string: {{ .connection_string }}
{{ end }}

{{ if .consumer_group }}
consumer_group: {{ .consumer_group }}
{{ end }}

{{ if .storage_account }}
storage_account: {{ .storage_account }}
{{ end }}

{{ if .storage_account_key }}
storage_account_key: {{ .storage_account_key }}
{{ end }}

{{ if .resource_manager_endpoint }}
resource_manager_endpoint: {{ .resource_manager_endpoint }}
storage_account_container: filebeat-activitylogs-{{ .eventhub }}
{{ end }}

tags: {{.tags | tojson}}
publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}

Expand Down
22 changes: 20 additions & 2 deletions x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,29 @@
type: azure-eventhub
connection_string: {{ .connection_string }}
{{ if .eventhub }}
eventhub: {{ .eventhub }}
storage_account_container: filebeat-auditlogs-{{ .eventhub }}
{{ end }}

{{ if .connection_string }}
connection_string: {{ .connection_string }}
{{ end }}

{{ if .consumer_group }}
consumer_group: {{ .consumer_group }}
{{ end }}

{{ if .storage_account }}
storage_account: {{ .storage_account }}
{{ end }}

{{ if .storage_account_key }}
storage_account_key: {{ .storage_account_key }}
{{ end }}

{{ if .resource_manager_endpoint }}
resource_manager_endpoint: {{ .resource_manager_endpoint }}
storage_account_container: filebeat-auditlogs-{{ .eventhub }}
{{ end }}

tags: {{.tags | tojson}}
publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}
processors:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,11 +1,29 @@
type: azure-eventhub
connection_string: {{ .connection_string }}
{{ if .eventhub }}
eventhub: {{ .eventhub }}
storage_account_container: filebeat-platformlogs-{{ .eventhub }}
{{ end }}

{{ if .connection_string }}
connection_string: {{ .connection_string }}
{{ end }}

{{ if .consumer_group }}
consumer_group: {{ .consumer_group }}
{{ end }}

{{ if .storage_account }}
storage_account: {{ .storage_account }}
{{ end }}

{{ if .storage_account_key }}
storage_account_key: {{ .storage_account_key }}
{{ end }}

{{ if .resource_manager_endpoint }}
resource_manager_endpoint: {{ .resource_manager_endpoint }}
storage_account_container: filebeat-platformlogs-{{ .eventhub }}
{{ end }}

tags: {{.tags | tojson}}
publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}

Expand Down
22 changes: 20 additions & 2 deletions x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,29 @@
type: azure-eventhub
connection_string: {{ .connection_string }}
{{ if .eventhub }}
eventhub: {{ .eventhub }}
storage_account_container: filebeat-signinlogs-{{ .eventhub }}
{{ end }}

{{ if .connection_string }}
connection_string: {{ .connection_string }}
{{ end }}

{{ if .consumer_group }}
consumer_group: {{ .consumer_group }}
{{ end }}

{{ if .storage_account }}
storage_account: {{ .storage_account }}
{{ end }}

{{ if .storage_account_key }}
storage_account_key: {{ .storage_account_key }}
{{ end }}

{{ if .resource_manager_endpoint }}
resource_manager_endpoint: {{ .resource_manager_endpoint }}
storage_account_container: filebeat-signinlogs-{{ .eventhub }}
{{ end }}

tags: {{.tags | tojson}}
publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}
processors:
Expand Down

0 comments on commit c163eae

Please sign in to comment.