Skip to content

[windows.powershell_operational] Handle ContextInfo containing multi-line values#16013

Merged
marc-gr merged 3 commits intomainfrom
windows-contextinfo
Mar 19, 2026
Merged

[windows.powershell_operational] Handle ContextInfo containing multi-line values#16013
marc-gr merged 3 commits intomainfrom
windows-contextinfo

Conversation

@btrieger
Copy link
Copy Markdown
Contributor

@btrieger btrieger commented Nov 18, 2025

Proposed commit message

See title

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

@btrieger btrieger requested a review from a team as a code owner November 18, 2025 17:32
@btrieger btrieger added the bugfix Pull request that fixes a bug issue label Nov 18, 2025
@btrieger btrieger requested a review from a team as a code owner November 18, 2025 17:34
@btrieger
Copy link
Copy Markdown
Contributor Author

btrieger commented Nov 18, 2025

Added two sample events one with back to back new lines and one without as the original record I was trying to fix had two which caused further issues

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Nov 18, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@andrewkroh andrewkroh added the Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] label Nov 18, 2025
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Nov 18, 2025

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

@pierrehilbert pierrehilbert added the Team:Elastic-Agent-Data-Plane Agent Data Plane team [elastic/elastic-agent-data-plane] label Nov 19, 2025
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Nov 19, 2025

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@pierrehilbert pierrehilbert requested review from VihasMakwana and removed request for andrzej-stencel November 19, 2025 07:52
leehinman
leehinman approved these changes Dec 17, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@leehinman leehinman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changelog/manifest conflict needs to be fixed. but pipeline changes LGTM

@botelastic
Copy link
Copy Markdown

botelastic bot commented Feb 27, 2026

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Feb 27, 2026
btrieger and others added 3 commits March 19, 2026 14:49
@btrieger @marc-gr
Account for spaces within ContextInfo values
f639547
@btrieger @marc-gr
Add changelog and bump version
a1f0c8c
@marc-gr
fix: revert unrelated AppLocker change, apply ContextInfo fix to forw…
50a5257 
…arded pipeline

- Revert accidental reorder of message/log in applocker test expected output
- Apply field_split fix to forwarded powershell_operational pipeline for consistency
@marc-gr marc-gr force-pushed the windows-contextinfo branch from 36a7de0 to 50a5257 Compare March 19, 2026 13:56
@botelastic botelastic bot removed the Stalled label Mar 19, 2026
@marc-gr marc-gr enabled auto-merge (squash) March 19, 2026 13:56
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Mar 19, 2026

💚 Build Succeeded

History

@marc-gr marc-gr merged commit 0743440 into main Mar 19, 2026
9 checks passed
@marc-gr marc-gr deleted the windows-contextinfo branch March 19, 2026 14:22
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Mar 19, 2026

Package windows - 3.6.1 containing this change is available at https://epr.elastic.co/package/windows/3.6.1/

srilumpa pushed a commit to srilumpa/elastic-integrations that referenced this pull request Mar 23, 2026
@btrieger @marc-gr @srilumpa
[windows.powershell_operational] Handle ContextInfo containing multi-…
c02c28e 
…line values (elastic#16013)

* Account for spaces within ContextInfo values

* Add changelog and bump version

* fix: revert unrelated AppLocker change, apply ContextInfo fix to forwarded pipeline

- Revert accidental reorder of message/log in applocker test expected output
- Apply field_split fix to forwarded powershell_operational pipeline for consistency

---------

Co-authored-by: Marc Guasch <marc.guasch@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marc-gr marc-gr marc-gr approved these changes

@leehinman leehinman leehinman approved these changes

@VihasMakwana VihasMakwana VihasMakwana approved these changes

Assignees

No one assigned

Labels

bugfix Pull request that fixes a bug issue Integration:windows Windows Team:Elastic-Agent-Data-Plane Agent Data Plane team [elastic/elastic-agent-data-plane] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[windows.powershell_operational] Handle ContextInfo containing multi-line values

7 participants

@btrieger @elasticmachine @marc-gr @leehinman @VihasMakwana @pierrehilbert @andrewkroh