Skip to content

[zeek] Make event.original optional#992

Merged
marc-gr merged 2 commits intoelastic:masterfrom
marc-gr:zeek-eventoriginal
Jun 8, 2021
Merged

[zeek] Make event.original optional#992
marc-gr merged 2 commits intoelastic:masterfrom
marc-gr:zeek-eventoriginal

Conversation

@marc-gr
Copy link
Copy Markdown
Contributor

@marc-gr marc-gr commented May 14, 2021

What does this PR do?

Make event.original optional

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.

Related issues

Screenshots

image

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented May 14, 2021

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@marc-gr marc-gr force-pushed the zeek-eventoriginal branch from 2fdc629 to dbe1051 Compare May 14, 2021 14:11
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented May 14, 2021
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Pull request #992 updated

  • Start Time: 2021-06-08T08:38:53.661+0000

  • Duration: 33 min 50 sec

  • Commit: 357d9c5

Test stats 🧪

Test Results
Failed 0
Passed 155
Skipped 0
Total 155

Trends 🧪

Image of Build Times

Image of Tests

@marc-gr marc-gr mentioned this pull request May 14, 2021
Closed
43 tasks
@marc-gr marc-gr force-pushed the zeek-eventoriginal branch from dbe1051 to bbd4e3e Compare June 3, 2021 13:48
@marc-gr marc-gr force-pushed the zeek-eventoriginal branch from bbd4e3e to 6269436 Compare June 8, 2021 08:32
P1llus
P1llus reviewed Jun 8, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@P1llus P1llus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, small nitpick, you could change the description for:
description: Drop if no Splunk or log data present.
To the fact that it only drops if the data is from Splunk, since there is no empty values from zeek directly.

@marc-gr marc-gr merged commit 5a22e91 into elastic:master Jun 8, 2021
@marc-gr marc-gr deleted the zeek-eventoriginal branch June 8, 2021 09:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@P1llus P1llus P1llus left review comments

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@marc-gr @elasticmachine @andrewkroh @P1llus