Skip to content

Add more geo ip keys to filter for serverless#1517

Merged
mrodm merged 1 commit intoelastic:mainfrom
mrodm:update_geoip_fields_to_skip
Oct 19, 2023
Merged

Add more geo ip keys to filter for serverless#1517
mrodm merged 1 commit intoelastic:mainfrom
mrodm:update_geoip_fields_to_skip

Conversation

@mrodm
Copy link
Copy Markdown
Contributor

@mrodm mrodm commented Oct 19, 2023

This PR adds two more keys to the filetered GeoIP keys.
Found that netskope package is using GeoIP fields under netskope.alerts and netskope.events objects

Example of the errors found while executing elastic-package test pipeline -v:

netskope/alerts test-alerts.log:
--- want
+++ got
@@ -671,16 +671,16 @@
                     },
                     "user": {
                         "geo": {
-                            "city_name": "London",
+                            "city_name": "Cheltenham",
                             "continent_name": "Europe",
                             "country_iso_code": "GB",
                             "country_name": "United Kingdom",
                             "location": {
-                                "lat": 51.5142,
-                                "lon": -0.0931
+                                "lat": 51.9037,
+                                "lon": -2.0848
                             },
-                            "region_iso_code": "GB-ENG",
-                            "region_name": "England"
+                            "region_iso_code": "GB-GLS",
+                            "region_name": "Gloucestershire"
                         },
                         "ip": "81.2.69.143"

@mrodm mrodm self-assigned this Oct 19, 2023
jsoriano
jsoriano approved these changes Oct 19, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@jsoriano jsoriano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM while we find out another solution for these fieds.

@mrodm mrodm marked this pull request as ready for review October 19, 2023 11:36
@mrodm
Copy link
Copy Markdown
Contributor Author

mrodm commented Oct 19, 2023

/test

@elasticmachine
Copy link
Copy Markdown
Collaborator

elasticmachine commented Oct 19, 2023

💚 Build Succeeded

History

cc @mrodm

@mrodm mrodm changed the title Add more geo ip keys to filter Add more geo ip keys to filter for serverless Oct 19, 2023
@mrodm mrodm merged commit 8042059 into elastic:main Oct 19, 2023
@mrodm mrodm deleted the update_geoip_fields_to_skip branch October 19, 2023 13:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsoriano jsoriano jsoriano approved these changes

Assignees

@mrodm mrodm

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mrodm @elasticmachine @jsoriano