Skip to content

Cherry-pick #17342 to 7.x: LIBBEAT: Enhancement replace_string processor for replacing strings values of fields.#18047

Merged
urso merged 2 commits intoelastic:7.xfrom
urso:backport_17342_7.x
Apr 29, 2020
Merged

Cherry-pick #17342 to 7.x: LIBBEAT: Enhancement replace_string processor for replacing strings values of fields.#18047
urso merged 2 commits intoelastic:7.xfrom
urso:backport_17342_7.x

Conversation

@urso
Copy link
Copy Markdown

@urso urso commented Apr 28, 2020
edited by zube bot
Loading

Cherry-pick of PR #17342 to 7.x branch. Original message:

What does this PR do?

This PR is to add a replace processor. This processor takes in a field name, search string and replacement string. Searches field value for pattern and replaces it with replacement string.

Why is it important?

This PR will help remove extra strings or add additional string to values

How to test this PR locally

Added unit test cases.

Use cases

While using auditbeat we get full path to file inside the pod on Kubernetes
"/run/containerd/io.containerd.runtime.v1.linux/k8s.io/${data.kubernetes.container.id}/rootfs/etc/runit/runsvdir/default/mcelog/supervise/pid.new"
This PR helps trim the beginning part of the string to get
/etc/runit/runsvdir/default/mcelog/supervise/pid.new"

Using config below

      processors:
        - replace:
            fields:
            - field: "file.path"
              pattern: "/run/containerd/io.containerd.runtime.v1.linux/k8s.io/${data.kubernetes.container.id}/rootfs/"
              replacement: "/"

@premendrasingh
LIBBEAT: Enhancement replace_string processor for replacing strings v…
5605b99 
…alues of fields. (elastic#17342)

This PR is to add a replace processor. This processor takes in a field name, search string and replacement string. Searches field value for pattern and replaces it with replacement string.

(cherry picked from commit 09fd4df)
@urso urso added [zube]: In Review backport Team:Services (Deprecated) Label for the former Integrations-Services team labels Apr 28, 2020
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Apr 28, 2020
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Apr 28, 2020

Pinging @elastic/integrations-services (Team:Services)

@urso
Copy link
Copy Markdown
Author

urso commented Apr 29, 2020

CI failures seem unrelated.

@urso urso merged commit b669b5d into elastic:7.x Apr 29, 2020
@urso urso deleted the backport_17342_7.x branch April 29, 2020 12:23
@andresrc andresrc removed the needs_team Indicates that the issue/PR needs a Team:* label label May 2, 2020
@zube zube bot removed the [zube]: Done label Oct 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@exekias exekias exekias approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport Team:Services (Deprecated) Label for the former Integrations-Services team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@urso @elasticmachine @exekias @andresrc @premendrasingh