Skip to content

Include user_agent.version in dynamic_fields (pipeline tests)#12033

Merged
mrodm merged 0 commit intoelastic:mainfrom
mrodm:add-regex-user_agent.version
Dec 16, 2024
Merged

Include user_agent.version in dynamic_fields (pipeline tests)#12033
mrodm merged 0 commit intoelastic:mainfrom
mrodm:add-regex-user_agent.version

Conversation

@mrodm
Copy link
Copy Markdown
Collaborator

@mrodm mrodm commented Dec 9, 2024
edited
Loading

Proposed commit message

Include a new dynamic field for user_agent.version in order to accept versions with a trailing dot.

Related issue: elastic/elasticsearch#116950

This regex needs to accept values like these ones (examples from apache and iis package):

  • 15.0.a2
  • 50.0.
  • 50.0
  • 7.79.1
  • 54.0.2840.98
  • 2016

Builds failing:

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

How to test this PR locally

Related issues

@mrodm mrodm self-assigned this Dec 9, 2024
mrodm
mrodm commented Dec 9, 2024
View reviewed changes
packages/barracuda/data_stream/waf/_dev/test/pipeline/test-access.log-config.yml Outdated
Copy link
Copy Markdown
Collaborator Author

@mrodm mrodm Dec 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is pipeline test where user_agent.version contains the value 2016 too.
Same happens in iis package.

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Dec 9, 2024
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@mrodm
Copy link
Copy Markdown
Collaborator Author

mrodm commented Dec 10, 2024

There is still some issue unrelated to this change in sophos.
Example of the failure:

test case failed: Expected results are different from actual ones: --- want
+++ got
@@ -4438,7 +4438,7 @@
                     "branch_name": "Gaurav Patel",
                     "device": "SFW",
                     "device_name": "XG125w",
-                    "eventtime": "2017-03-16T10:56:01.000Z",
+                    "eventtime": "2017-03-16T12:56:01.000Z",
                     "log_component": "RED",
                     "log_id": "066811618014",
                     "log_subtype": "System",

@mrodm mrodm marked this pull request as ready for review December 10, 2024 11:39
@mrodm mrodm requested review from a team as code owners December 10, 2024 11:39
@andrewkroh andrewkroh added Integration:imperva_cloud_waf Imperva Cloud WAF Integration:okta Okta Integration:sophos Sophos Integration:slack Slack Logs (Community supported) Integration:suricata Suricata Integration:auth0 Auth0 Integration:forcepoint_web Forcepoint Web Security (Community supported) Integration:forgerock ForgeRock Integration:cisco_meraki Cisco Meraki Integration:aws AWS Integration:o365 Microsoft Office 365 Integration:iis IIS Integration:nginx_ingress_controller Nginx Ingress Controller Logs Integration:fortinet_fortiproxy Fortinet FortiProxy Integration:proofpoint_tap Proofpoint TAP Integration:barracuda Barracuda Web Application Firewall Integration:apache Apache HTTP Server Integration:gcp Google Cloud Platform labels Dec 10, 2024
@andrewkroh andrewkroh added Integration:github GitHub Integration:trend_micro_vision_one TrendAI Vision One Integration:modsecurity ModSecurity Audit (Community supported) Integration:netskope Netskope Integration:nginx Nginx Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices] Team:Cloudnative-Monitoring Cloud Native Monitoring team [elastic/obs-cloudnative-monitoring] labels Dec 10, 2024
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Dec 10, 2024

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Dec 10, 2024

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@jsoriano
Copy link
Copy Markdown
Member

jsoriano commented Dec 10, 2024

There is still some issue unrelated to this change in sophos.

We can investigate this as a separate issue.

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Dec 11, 2024

💚 Build Succeeded

History

  • 💚 Build #19284 succeeded 62aea172212a3894b04d25138192ade27e2a35b5
  • 💔 Build #19224 failed 9bb99ddbdfd3ba3154f8413f31d673951d85e56d
  • 💔 Build #19218 failed f76d66bf388c29fc757083453969bf23ac189d94

cc @mrodm

@elastic-sonarqube
Copy link
Copy Markdown

elastic-sonarqube bot commented Dec 11, 2024

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@mjwolf
Copy link
Copy Markdown
Contributor

mjwolf commented Dec 12, 2024

There is still some issue unrelated to this change in sophos.

We can investigate this as a separate issue.

This failure is being addressed with #11873

@mrodm mrodm mentioned this pull request Dec 13, 2024
Merged
@mrodm
Copy link
Copy Markdown
Collaborator Author

mrodm commented Dec 16, 2024

Hi @elastic/obs-cloudnative-monitoring and @elastic/obs-infraobs-integrations !
We are going to merge this Pull Request to fix the test issues that have been raised in the latest daily builds.

Example of build with tests failing (8.18.0-SNAPSHOT): https://buildkite.com/elastic/integrations/builds/19186

cc @elastic/ecosystem

@mrodm mrodm merged commit 24b79b1 into elastic:main Dec 16, 2024
@mrodm mrodm deleted the add-regex-user_agent.version branch December 16, 2024 11:25
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@mrodm
Include user_agent.version in dynamic_fields (pipeline tests) (elas…
ec61799 
…tic#12033)

Include a new dynamic field for user_agent.version in pipeline tests
in order to accept versions values with a trailing dot.
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@mrodm
Include user_agent.version in dynamic_fields (pipeline tests) (elas…
0e7e10c 
…tic#12033)

Include a new dynamic field for user_agent.version in pipeline tests
in order to accept versions values with a trailing dot.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsoriano jsoriano jsoriano approved these changes

@mjwolf mjwolf mjwolf approved these changes

@kcreddy kcreddy kcreddy approved these changes

@tetianakravchenko tetianakravchenko Awaiting requested review from tetianakravchenko tetianakravchenko was automatically assigned from elastic/obs-cloudnative-monitoring

@constanca-m constanca-m Awaiting requested review from constanca-m constanca-m was automatically assigned from elastic/obs-cloudnative-monitoring

Assignees

@mrodm mrodm

Labels

Integration:apache Apache HTTP Server Integration:auth0 Auth0 Integration:aws AWS Integration:barracuda Barracuda Web Application Firewall Integration:cisco_meraki Cisco Meraki Integration:forcepoint_web Forcepoint Web Security (Community supported) Integration:forgerock ForgeRock Integration:fortinet_fortiproxy Fortinet FortiProxy Integration:gcp Google Cloud Platform Integration:github GitHub Integration:iis IIS Integration:imperva_cloud_waf Imperva Cloud WAF Integration:modsecurity ModSecurity Audit (Community supported) Integration:netskope Netskope Integration:nginx_ingress_controller Nginx Ingress Controller Logs Integration:nginx Nginx Integration:o365 Microsoft Office 365 Integration:okta Okta Integration:proofpoint_tap Proofpoint TAP Integration:slack Slack Logs (Community supported) Integration:sophos Sophos Integration:suricata Suricata Integration:trend_micro_vision_one TrendAI Vision One Team:Cloudnative-Monitoring Cloud Native Monitoring team [elastic/obs-cloudnative-monitoring] Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Failing pipeline tests due to user_agent.version values

6 participants

@mrodm @elasticmachine @jsoriano @mjwolf @kcreddy @andrewkroh