Skip to content

[Filebeat] Add field definitions for known Netflow/IPFIX vendor fields#23773

Merged
andrewkroh merged 4 commits intoelastic:masterfrom
andrewkroh:feature/fb/netflow-vendor-fields-yml
Feb 16, 2021
Merged

[Filebeat] Add field definitions for known Netflow/IPFIX vendor fields#23773
andrewkroh merged 4 commits intoelastic:masterfrom
andrewkroh:feature/fb/netflow-vendor-fields-yml

Conversation

@andrewkroh
Copy link
Copy Markdown
Member

@andrewkroh andrewkroh commented Jan 31, 2021
edited
Loading

What does this PR do?

Several vendor specific fields are known to Filebeat (we built in the names/types of vendor field IDs into the input). Those fields were not included in the index template that we export. This updates the fields.yml file for the Filebeat netflow input to include those fields.

Why is it important?

By adding the field mapping it ensure that fields are mapped to the correct Elasticsearch data type (like ip).

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Jan 31, 2021

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jan 31, 2021
@andrewkroh andrewkroh force-pushed the feature/fb/netflow-vendor-fields-yml branch from 51a8bd7 to 9939270 Compare January 31, 2021 15:56
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Jan 31, 2021
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Pull request #23773 updated

  • Start Time: 2021-02-12T20:41:08.223+0000

  • Duration: 48 min 17 sec

  • Commit: a4699b2

Test stats 🧪

Test Results
Failed 0
Passed 13009
Skipped 2033
Total 15042

Trends 🧪

Image of Build Times

Image of Tests

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 13009
Skipped 2033
Total 15042

@andrewkroh andrewkroh force-pushed the feature/fb/netflow-vendor-fields-yml branch from 9939270 to c145288 Compare February 1, 2021 12:45
@andrewkroh andrewkroh removed the needs_backport PR is waiting to be backported to other branches. label Feb 1, 2021
andrewkroh
andrewkroh commented Feb 1, 2021
View reviewed changes
x-pack/filebeat/input/netflow/doc.go Outdated
Copy link
Copy Markdown
Member Author

@andrewkroh andrewkroh Feb 1, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this approach of appending won't work b/c we need to merge the fields together to avoid duplicates.

@andrewkroh andrewkroh removed the review label Feb 1, 2021
@andrewkroh andrewkroh force-pushed the feature/fb/netflow-vendor-fields-yml branch from 596e848 to a166af7 Compare February 12, 2021 20:25
@andrewkroh andrewkroh requested a review from adriansr February 14, 2021 21:33
adriansr
adriansr approved these changes Feb 16, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@adriansr adriansr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@andrewkroh andrewkroh merged commit b8ff649 into elastic:master Feb 16, 2021
@andrewkroh andrewkroh mentioned this pull request Feb 16, 2021
Merged
2 tasks
v1v added a commit to v1v/beats that referenced this pull request Feb 17, 2021
@v1v
Merge remote-tracking branch 'upstream/master' into feature/packaging…
e737d7e 
…-arm

* upstream/master:
  [CI] install docker-compose with retry (elastic#24069)
  Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes elastic#24051 (elastic#24052)
  updating manifest files for filebeat threatintel module (elastic#24074)
  Add Zeek Signatures (elastic#23772)
  Update Beats to ECS 1.8.0 (elastic#23465)
  Support running Docker logging plugin on ARM64 (elastic#24034)
  Fix ec2 metricset fields.yml and add integration test (elastic#23726)
  Only build targz and zip versions of Beats if PACKAGES is set in agent (elastic#24060)
  [Filebeat] Add field definitions for known Netflow/IPFIX vendor fields (elastic#23773)
  [Elastic Agent] Enroll with Fleet Server (elastic#23865)
  [Filebeat] Convert logstash logEvent.action objects to strings (elastic#23944)
  [Ingest Management] Fix reloading of log level for services (elastic#24055)
  Add Agent standalone k8s manifest (elastic#23679)
v1v added a commit to v1v/beats that referenced this pull request Feb 17, 2021
@v1v
Merge remote-tracking branch 'upstream/master' into feature/retry-win…
e977e49 
…dows-7

* upstream/master: (332 commits)
  Use ECS v1.8.0 (elastic#24086)
  Add support for postgresql csv logs (elastic#23334)
  [Heartbeat] Refactor config system (elastic#23467)
  [CI] install docker-compose with retry (elastic#24069)
  Add nodes to filebeat-kubernetes.yaml ClusterRole - fixes elastic#24051 (elastic#24052)
  updating manifest files for filebeat threatintel module (elastic#24074)
  Add Zeek Signatures (elastic#23772)
  Update Beats to ECS 1.8.0 (elastic#23465)
  Support running Docker logging plugin on ARM64 (elastic#24034)
  Fix ec2 metricset fields.yml and add integration test (elastic#23726)
  Only build targz and zip versions of Beats if PACKAGES is set in agent (elastic#24060)
  [Filebeat] Add field definitions for known Netflow/IPFIX vendor fields (elastic#23773)
  [Elastic Agent] Enroll with Fleet Server (elastic#23865)
  [Filebeat] Convert logstash logEvent.action objects to strings (elastic#23944)
  [Ingest Management] Fix reloading of log level for services (elastic#24055)
  Add Agent standalone k8s manifest (elastic#23679)
  [Metricbeat][Kubernetes] Extend state_node with more conditions (elastic#23905)
  [CI] googleStorageUploadExt step (elastic#24048)
  Check fields are documented for aws metricsets (elastic#23887)
  Update go-concert to 0.1.0 (elastic#23770)
  ...
andrewkroh added a commit to elastic/integrations that referenced this pull request Mar 4, 2021
@andrewkroh
Update fields for Netflow module (#697)
903d237 
* Update fields for Netflow module

Updates the vendor fields as a result of elastic/beats#23773.

* Update changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@adriansr adriansr adriansr approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement Filebeat Filebeat

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Filebeat] Missing netflow field definitions for vendor fields

3 participants

@andrewkroh @elasticmachine @adriansr