Skip to content

[enhancement][filebeat/decode_cef] Add option to ignore missing values (backport #40268)#40535

Merged
andrewkroh merged 1 commit into8.15from
mergify/bp/8.15/pr-40268
Aug 15, 2024
Merged

[enhancement][filebeat/decode_cef] Add option to ignore missing values (backport #40268)#40535
andrewkroh merged 1 commit into8.15from
mergify/bp/8.15/pr-40268

Conversation

@mergify
Copy link
Copy Markdown
Contributor

@mergify mergify bot commented Aug 15, 2024

Proposed commit message

Added option to ignore empty values in the decode_cef processor.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

In the decode cef processor, when there are emply values in the extensions section, we get failure in log parsing. This PR provides a flag in decode_cef config to override this default behavior and ignore the fields with empty value.

Screenshots

decode_cef tests
image

cef module tests
image

Logs

This is an automatic backport of pull request #40268 done by [Mergify](https://mergify.com).

@vinit-chauhan @mergify
filebeat/decode_cef - Add option to ignore empty values (#40268)
f0606c6 
Added option to ignore empty values in the decode_cef processor.

In the decode_cef processor, when there are empty values in the extensions section, we get errors during log parsing. This change provides a flag in decode_cef config to override this default behavior and ignore the fields with empty value. Some example errors that this helps handle are:

    error in field 'cn1': strconv.ParseInt: parsing "": invalid syntax
    error in field 'destinationTranslatedAddress': value is not a valid IP address

Closes #40236

(cherry picked from commit dd671a6)
@mergify mergify bot requested a review from a team as a code owner August 15, 2024 13:51
@mergify mergify bot mentioned this pull request Aug 15, 2024
Merged
6 tasks
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Aug 15, 2024
@botelastic
Copy link
Copy Markdown

botelastic bot commented Aug 15, 2024

This pull request doesn't have a Team:<team> label.

@andrewkroh andrewkroh enabled auto-merge (squash) August 15, 2024 13:55
@andrewkroh andrewkroh merged commit 4d08973 into 8.15 Aug 15, 2024
@andrewkroh andrewkroh deleted the mergify/bp/8.15/pr-40268 branch August 15, 2024 15:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

No one assigned

Labels

needs_team Indicates that the issue/PR needs a Team:* label

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@andrewkroh @vinit-chauhan