-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filebeat: Fix o365 module issues #18948
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
adriansr
changed the title
Fix o365 module issues [draft]
Filebeat: Fix o365 module issues
Jun 8, 2020
adriansr
added
review
and removed
in progress
Pull request is currently in progress.
labels
Jun 8, 2020
Pinging @elastic/siem (Team:SIEM) |
andrewkroh
approved these changes
Jun 8, 2020
adriansr
added a commit
to adriansr/beats
that referenced
this pull request
Jun 9, 2020
- Fix scary data-loss warning on startup - Avoid API errors being processed by the JS pipeline - Fix dissect error about overiding client.port - Fix module passing API settings to the input - Document max_period using the right units (cherry picked from commit 83bbd57)
adriansr
added a commit
to adriansr/beats
that referenced
this pull request
Jun 9, 2020
- Fix scary data-loss warning on startup - Avoid API errors being processed by the JS pipeline - Fix dissect error about overiding client.port - Fix module passing API settings to the input - Document max_period using the right units (cherry picked from commit 83bbd57)
adriansr
added a commit
to adriansr/beats
that referenced
this pull request
Jun 9, 2020
- Fix scary data-loss warning on startup - Avoid API errors being processed by the JS pipeline - Fix dissect error about overiding client.port - Fix module passing API settings to the input - Document max_period using the right units (cherry picked from commit 83bbd57)
adriansr
pushed a commit
that referenced
this pull request
Jun 9, 2020
I think it would be good to get some extra information around the max_retention setting, to make it clear that unless the tenant itself has a longer retention period, then 7 days is going to be all that you can fetch. Follow-on from investigation behind #18948
adriansr
pushed a commit
to adriansr/beats
that referenced
this pull request
Jun 9, 2020
I think it would be good to get some extra information around the max_retention setting, to make it clear that unless the tenant itself has a longer retention period, then 7 days is going to be all that you can fetch. Follow-on from investigation behind elastic#18948 (cherry picked from commit 05935ee)
adriansr
pushed a commit
to adriansr/beats
that referenced
this pull request
Jun 9, 2020
I think it would be good to get some extra information around the max_retention setting, to make it clear that unless the tenant itself has a longer retention period, then 7 days is going to be all that you can fetch. Follow-on from investigation behind elastic#18948 (cherry picked from commit 05935ee)
adriansr
added a commit
that referenced
this pull request
Jun 9, 2020
* Filebeat: Fix o365 module issues (#18948) - Fix scary data-loss warning on startup - Avoid API errors being processed by the JS pipeline - Fix dissect error about overiding client.port - Fix module passing API settings to the input - Document max_period using the right units (cherry picked from commit 83bbd57)
adriansr
added a commit
that referenced
this pull request
Jun 9, 2020
* Filebeat: Fix o365 module issues (#18948) - Fix scary data-loss warning on startup - Avoid API errors being processed by the JS pipeline - Fix dissect error about overiding client.port - Fix module passing API settings to the input - Document max_period using the right units (cherry picked from commit 83bbd57)
adriansr
added a commit
that referenced
this pull request
Jun 9, 2020
I think it would be good to get some extra information around the max_retention setting, to make it clear that unless the tenant itself has a longer retention period, then 7 days is going to be all that you can fetch. Follow-on from investigation behind #18948 (cherry picked from commit 05935ee) Co-authored-by: AndyHunt66 <[email protected]>
adriansr
added a commit
that referenced
this pull request
Jun 9, 2020
- Fix scary data-loss warning on startup - Avoid API errors being processed by the JS pipeline - Fix dissect error about overiding client.port - Fix module passing API settings to the input - Document max_period using the right units (cherry picked from commit 83bbd57)
adriansr
added a commit
that referenced
this pull request
Jun 9, 2020
I think it would be good to get some extra information around the max_retention setting, to make it clear that unless the tenant itself has a longer retention period, then 7 days is going to be all that you can fetch. Follow-on from investigation behind #18948 (cherry picked from commit 05935ee) Co-authored-by: AndyHunt66 <[email protected]>
melchiormoulin
pushed a commit
to melchiormoulin/beats
that referenced
this pull request
Oct 14, 2020
- Fix scary data-loss warning on startup - Avoid API errors being processed by the JS pipeline - Fix dissect error about overiding client.port - Fix module passing API settings to the input - Document max_period using the right units
melchiormoulin
pushed a commit
to melchiormoulin/beats
that referenced
this pull request
Oct 14, 2020
I think it would be good to get some extra information around the max_retention setting, to make it clear that unless the tenant itself has a longer retention period, then 7 days is going to be all that you can fetch. Follow-on from investigation behind elastic#18948
leweafan
pushed a commit
to leweafan/beats
that referenced
this pull request
Apr 28, 2023
…lastic#19063) * Filebeat: Fix o365 module issues (elastic#18948) - Fix scary data-loss warning on startup - Avoid API errors being processed by the JS pipeline - Fix dissect error about overiding client.port - Fix module passing API settings to the input - Document max_period using the right units (cherry picked from commit b99a73c)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Assorted fixes to the o365 module:
Ingestion pipeline errors from o365audit input need not to go through the JS pipeline, it'll add more errors and noise.
Prevent dissect error about overriding client.port
Fix how API settings are passed to the o365 input
Passing low-level API settings between module and input was broken.
The sample conf will use
7d
which is not valid as hours is the largest supported unit.