Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix azure fields names #14098

Merged
merged 9 commits into from
Oct 18, 2019
Merged

Fix azure fields names #14098

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
9512778
Fix azure fields names
narph Oct 16, 2019
23d4316
Add changelog entry
narph Oct 16, 2019
f1437e0
Merge branch 'master' into fix-filebeat-azure-fields
narph Oct 17, 2019
074521e
Add claims fields
narph Oct 17, 2019
d1d0274
Add "claims.name" field (dashboards)
narph Oct 17, 2019
d3a610b
Create claims_initiated_by object
narph Oct 17, 2019
694e8ad
REmove dummy pipeline file
narph Oct 17, 2019
bc0df18
Merge branch 'master' into fix-filebeat-azure-fields
narph Oct 18, 2019
6d70575
Fix condition on category and initiated_by fields
narph Oct 18, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fix cisco module's asa and ftd filesets parsing of domain names where an IP address is expected. {issue}14034[14034]
- Fixed increased memory usage with large files when multiline pattern does not match. {issue}14068[14068]
- panw module: Use geo.name instead of geo.country_iso_code for free-form location. {issue}13272[13272]
- Fix azure fields names. {pull}14098[14098]

*Heartbeat*

Expand Down
18 changes: 14 additions & 4 deletions filebeat/docs/fields.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1559,7 +1559,17 @@ type: keyword

--

*`azure.resource.type`*::
*`azure.resource.provider`*::
+
--
Resource type/namespace


type: keyword

--

*`azure.resource.namespace`*::
+
--
Resource type/namespace
Expand Down Expand Up @@ -1589,21 +1599,21 @@ Fields for Azure activity logs.
[float]
=== identity

The canonical user ID of the owner of the source bucket.
Identity



[float]
=== authorization

Node allocatable pods
Authorization



[float]
=== evidence

Node allocatable pods
Evidence



Expand Down
6 changes: 5 additions & 1 deletion x-pack/filebeat/module/azure/_meta/fields.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,11 @@
type: keyword
description: >
Resource group
- name: type
- name: provider
type: keyword
description: >
Resource type/namespace
- name: namespace
type: keyword
description: >
Resource type/namespace
Expand Down
6 changes: 3 additions & 3 deletions x-pack/filebeat/module/azure/activitylogs/_meta/fields.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,17 @@
- name: identity
type: group
description: >
The canonical user ID of the owner of the source bucket.
Identity
fields:
- name: authorization
type: group
description: >
Node allocatable pods
Authorization
fields:
- name: evidence
type: group
description: >
Node allocatable pods
Evidence
fields:
- name: role_assignment_scope
type: keyword
Expand Down
2 changes: 1 addition & 1 deletion x-pack/filebeat/module/azure/activitylogs/test/activity_log_expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@
"azure" : {
"subscription_id" : "2a7e2503-d7e2-405a-a84c-c333b9f7cb73",
"resource" : {
"resource_group" : "SA-HEMANT",
"group" : "SA-HEMANT",
"provider" : "MICROSOFT.EVENTHUB",
"namespace" : "AZURELSEVENTS",
"id" : "/SUBSCRIPTIONS/2a7e2503-d7e2-405a-a84c-c333b9f7cb73/RESOURCEGROUPS/SA-HEMANT/PROVIDERS/MICROSOFT.EVENTHUB/NAMESPACES/AZURELSEVENTS/AUTHORIZATIONRULES/ROOTMANAGESHAREDACCESSKEY",
Expand Down
4 changes: 2 additions & 2 deletions x-pack/filebeat/module/azure/azure-shared-pipeline.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
{
"grok": {
"field": "azure.resource_id",
"patterns": ["/SUBSCRIPTIONS/%{SUBID:azure.subscription_id}/RESOURCEGROUPS/%{GROUPID:azure.resource.resource_group}/PROVIDERS/%{PROVIDERNAME:azure.resource.provider}/NAMESPACES/%{NAMESPACE:azure.resource.namespace}/AUTHORIZATIONRULES/%{RULE:azure.resource.authorization_rule}"],
"patterns": ["/SUBSCRIPTIONS/%{SUBID:azure.subscription_id}/RESOURCEGROUPS/%{GROUPID:azure.resource.group}/PROVIDERS/%{PROVIDERNAME:azure.resource.provider}/NAMESPACES/%{NAMESPACE:azure.resource.namespace}/AUTHORIZATIONRULES/%{RULE:azure.resource.authorization_rule}"],
"pattern_definitions" : {
"SUBID" : "(\\{){0,1}[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}(\\}){0,1}",
"GROUPID" : ".+",
Expand All @@ -24,7 +24,7 @@
{
"grok": {
"field": "azure.resource_id",
"patterns": ["/SUBSCRIPTIONS/%{SUBID:azure.subscription_id}/RESOURCEGROUPS/%{GROUPID:azure.resource.resource_group}/PROVIDERS/%{PROVIDERNAME:azure.resource.provider}/%{NAME:azure.resource.name}"],
"patterns": ["/SUBSCRIPTIONS/%{SUBID:azure.subscription_id}/RESOURCEGROUPS/%{GROUPID:azure.resource.group}/PROVIDERS/%{PROVIDERNAME:azure.resource.provider}/%{NAME:azure.resource.name}"],
"pattern_definitions" : {
"SUBID" : "(\\{){0,1}[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}(\\}){0,1}",
"GROUPID" : ".+",
Expand Down
2 changes: 1 addition & 1 deletion x-pack/filebeat/module/azure/fields.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.