[7.x](backport #27727) [Filebeat] Add timezone config option to decode_cef and syslog input#27780
Merged
andrewkroh merged 1 commit into7.xfrom Sep 9, 2021
Merged
[7.x](backport #27727) [Filebeat] Add timezone config option to decode_cef and syslog input#27780andrewkroh merged 1 commit into7.xfrom
andrewkroh merged 1 commit into7.xfrom
Conversation
|
This pull request doesn't have a |
Member
|
@Mergifyio rebase |
…27727) CEF message that contain timestamps without a timezone were parsed as UTC. The time zone was not configurable. This adds a `timezone` option to the decode_cef processor and cef module to allow the time zone to be specified when a timestamp does not contain an offset or zone. CEF:0|Aruba Networks|ClearPass|6.8.7.120583|2002|RADIUS Accounting|1|rt=Aug 04 2021 11:31:15 Note that the CEF module receives messages using the syslog input. The syslog input does not have a configurable time zone and always assumes timestamps without time zones are given in the machine's local time zone. This change won't affect how the syslog envelop's time stamp is parsed by the module. This also replaces the deprecated `import "4d63.com/tz"` with Go's relatively new built-in `time/tzdata` package. The `timestamp` processor was updated. While I was adding the a timezone config type I made the syslog input's timezone configurable too. Fixes #27232 (cherry picked from commit b3497ca)
Contributor
Author
|
Command
|
8eeb377 to
1c99541
Compare
Contributor
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automatic backport of pull request #27727 done by Mergify.
Mergify commands and options
More conditions and actions can be found in the documentation.
You can also trigger Mergify actions by commenting on this pull request:
@Mergifyio refreshwill re-evaluate the rules@Mergifyio rebasewill rebase this PR on its base branch@Mergifyio updatewill merge the base branch into this PR@Mergifyio backport <destination>will backport this PR on<destination>branchAdditionally, on Mergify dashboard you can:
Finally, you can contact us on https://mergify.io/