-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[filebeat] Add preserve_original_event option to o365audit input #26273
Conversation
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
cc22fcb
to
b8e0944
Compare
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, though a test would be handy I think
) * Add preserve_original_event option to o365audit input * Use String method from MapStr * Add test (cherry picked from commit 08eaadb)
) (#26288) * Add preserve_original_event option to o365audit input * Use String method from MapStr * Add test (cherry picked from commit 08eaadb) Co-authored-by: Marc Guasch <[email protected]>
…stic#26273) * Add preserve_original_event option to o365audit input * Use String method from MapStr * Add test
* master: (26 commits) Report total and free CPU for vSphere virtual machines (elastic#26167) [filebeat] Add preserve_original_event option to o365audit input (elastic#26273) Change xml processor names in script processor to match convention (elastic#26263) [Oracle] Fixing default values for paths in config template (elastic#26276) Add more ECS fields to logs (elastic#25998) [Heartbeat] Fix broken invocation of synth package (elastic#26228) rename sqs file name (elastic#26227) Populate the agent action result if there is no matching action handlers (elastic#26152) Add ISO8601 as supported timestamp type (elastic#25564) Move Filebeat azure module to GA (elastic#26168) Filebeat azure module pipeline fixes and changes (elastic#26148) libbeat: monitor version (elastic#26214) Add new parser to filestream input: container (elastic#26115) [Metricbeat] Add state_statefulset replicas.ready (elastic#26088) Disable test processors system test for windows 10 (elastic#26216) Fix startup with failing configuration (elastic#26126) Remove 32 bits version of Elastic Agent. (elastic#25708) Chane fleetmode detection to ony use management.enabled (elastic#26180) Make `filestream` input GA (elastic#26127) libbeat/idxmgmt/ilm: fix alias creation (elastic#26146) ...
What does this PR do?
Adds
preserve_original_event
option too365audit
input.Why is it important?
Being able to opt in to have
event.original
populate adds consistency with other inputs.Checklist
CHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.