Describe the enhancement:
If dimension value is ARN,then it should be processed by findIdentifierFromARN and check the resource identifier in resourceTagMap. I find this issue in AWS shield namespace metircs
|
func insertTags(events map[string]mb.Event, identifier string, resourceTagMap map[string][]resourcegroupstaggingapi.Tag) { |
|
// Check if identifier includes dimensionSeparator (comma in this case), |
|
// split the identifier and check for each sub-identifier. |
|
// For example, identifier might be [storageType, s3BucketName]. |
|
// And tags are only store under s3BucketName in resourceTagMap. |
|
subIdentifiers := strings.Split(identifier, dimensionSeparator) |
|
for _, v := range subIdentifiers { |
|
tags := resourceTagMap[v] |
|
if len(tags) != 0 { |
|
// By default, replace dot "." using underscore "_" for tag keys and values |
|
for _, tag := range tags { |
|
events[identifier].RootFields.Put("aws.tags."+common.DeDot(*tag.Key), common.DeDot(*tag.Value)) |
|
} |
|
continue |
|
func findIdentifierFromARN(resourceARN string) (string, error) { |
{
"Namespace": "DDoSProtection",
"Dimensions": [
{
"Name": "ResourceArn",
"Value": "arn:aws:ec2:ap-northeast-1:1111122222:elastic-ip/eipalloc-000aabbcccddd"
},
{
"Name": "AttackVector",
"Value": "GenericUDPReflection"
}
],
"MetricName": "DDoSAttackPacketsPerSecond"
}
aws doc:
https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html
Describe the enhancement:
If dimension value is ARN,then it should be processed by
findIdentifierFromARNand check the resource identifier in resourceTagMap. I find this issue in AWS shield namespace metircsbeats/x-pack/metricbeat/module/aws/cloudwatch/cloudwatch.go
Lines 610 to 623 in 0c15394
beats/x-pack/metricbeat/module/aws/utils.go
Line 202 in 0c15394
aws doc:
https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html