[cef] Add time zone config option (elastic#1723)

Expose the `timezone` config option for the `decode_cef` processor. It is an IANA time zone or time offset (e.g. `+0200`) to use when interpreting timestamps without a time zone in the CEF message. Relates: elastic/beats#27727
build-security · Sep 27, 2021 · ad5eacf · ad5eacf
1 parent 9de3a57
commit ad5eacf
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 1 deletion.
diff --git a/packages/cef/changelog.yml b/packages/cef/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.2.0"
+  changes:
+    - description: Add CEF time zone config option.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/1723
 - version: "1.1.0"
   changes:
     - description: Update to ECS 1.12.0

diff --git a/packages/cef/data_stream/log/_dev/test/system/test-logfile-config.yml b/packages/cef/data_stream/log/_dev/test/system/test-logfile-config.yml
@@ -4,3 +4,4 @@ data_stream:
   vars:
     paths:
       - "{{SERVICE_LOGS_DIR}}/*.log"
+    decode_cef_timezone: UTC
diff --git a/packages/cef/data_stream/log/agent/stream/log.yml.hbs b/packages/cef/data_stream/log/agent/stream/log.yml.hbs
@@ -19,6 +19,9 @@ processors:
       - {from: "message", to: "event.original"}
 - decode_cef:
     field: event.original
+{{#if decode_cef_timezone}}
+    timezone: {{ decode_cef_timezone }}
+{{/if}}
 {{#if processors}}
 {{processors}}
 {{/if}}
diff --git a/packages/cef/data_stream/log/agent/stream/udp.yml.hbs b/packages/cef/data_stream/log/agent/stream/udp.yml.hbs
@@ -15,6 +15,9 @@ processors:
       - {from: "message", to: "event.original"}
 - decode_cef:
     field: event.original
+{{#if decode_cef_timezone}}
+    timezone: {{ decode_cef_timezone }}
+{{/if}}
 {{#if processors}}
 {{processors}}
 {{/if}}
diff --git a/packages/cef/data_stream/log/manifest.yml b/packages/cef/data_stream/log/manifest.yml
@@ -14,6 +14,13 @@ streams:
         show_user: true
         default:
           - /var/log/cef.log
+      - name: decode_cef_timezone
+        type: text
+        title: CEF Timezone
+        multi: false
+        required: false
+        show_user: false
+        description: IANA time zone or time offset (e.g. `+0200`) to use when interpreting timestamps without a time zone in the CEF message.
       - name: tags
         type: text
         title: Tags
@@ -62,6 +69,13 @@ streams:
         required: true
         show_user: true
         default: 9003
+      - name: decode_cef_timezone
+        type: text
+        title: CEF Timezone
+        multi: false
+        required: false
+        show_user: false
+        description: IANA time zone or time offset (e.g. `+0200`) to use when interpreting timestamps without a time zone in the CEF message.
       - name: tags
         type: text
         title: Tags

diff --git a/packages/cef/manifest.yml b/packages/cef/manifest.yml
@@ -1,6 +1,6 @@
 name: cef
 title: CEF
-version: 1.1.0
+version: 1.2.0
 release: ga
 description: This Elastic integration collects logs in common event format (CEF)
 type: integration
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,3 +4,4 @@ data_stream: @@
       vars:
         paths:
           - "{{SERVICE_LOGS_DIR}}/*.log"
+        decode_cef_timezone: UTC