Match timestamps without year in pipeline tests with regex (#4984)

- Timestamps that are parsed without a year (such as those on BSD-style syslog messages) will have their expected values inherit the year the expected files are generated in. This means that tests will only pass in the year that the expected files are generated. - The relevant timestamp field (@timestamp, for example) has been added to the pipeline test config as a dynamic field, and a regex pattern is used to match the expected format of the timestamp.
elastic · Jan 13, 2023 · 1b81b78 · 1b81b78
1 parent 546ab70
commit 1b81b78
Show file tree

Hide file tree

Showing 9 changed files with 18 additions and 0 deletions.
diff --git a/packages/cisco_aironet/data_stream/log/_dev/test/pipeline/test-common-config.yml b/packages/cisco_aironet/data_stream/log/_dev/test/pipeline/test-common-config.yml
@@ -1,3 +1,5 @@
+dynamic_fields:
+  "@timestamp": "^[0-9]{4}(-[0-9]{2}){2}T[0-9]{2}(:[0-9]{2}){2}\\.[0-9]{3}"
 fields:
   tags:
     - preserve_original_event
diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-common-config.yml b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-common-config.yml
@@ -1,3 +1,5 @@
+dynamic_fields:
+  "@timestamp": "^[0-9]{4}(-[0-9]{2}){2}T[0-9]{2}(:[0-9]{2}){2}\\.[0-9]{3}"
 fields:
   tags:
     - preserve_original_event
diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-common-config.yml b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-common-config.yml
@@ -1,5 +1,6 @@
 dynamic_fields:
   event.ingested: ".*"
+  "@timestamp": "^[0-9]{4}(-[0-9]{2}){2}T[0-9]{2}(:[0-9]{2}){2}\\.[0-9]{3}"
 fields:
   tags:
     - preserve_original_event
diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-common-config.yml b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-common-config.yml
@@ -1,3 +1,5 @@
+dynamic_fields:
+  "@timestamp": "^[0-9]{4}(-[0-9]{2}){2}T[0-9]{2}(:[0-9]{2}){2}\\.[0-9]{3}"
 fields:
   tags:
     - preserve_original_event
diff --git a/...ages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-config.yml b/...ages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-config.yml
@@ -1,3 +1,5 @@
+dynamic_fields:
+  "@timestamp": "^[0-9]{4}(-[0-9]{2}){2}T[0-9]{2}(:[0-9]{2}){2}\\.[0-9]{3}"
 fields:
   tags:
     - preserve_original_event
diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-common-config.yml b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-common-config.yml
@@ -1,3 +1,6 @@
+dynamic_fields:
+  "event.created": "^[0-9]{4}(-[0-9]{2}){2}T[0-9]{2}(:[0-9]{2}){2}\\.[0-9]{3}"
+  "@timestamp": "^[0-9]{4}(-[0-9]{2}){2}T[0-9]{2}(:[0-9]{2}){2}\\.[0-9]{3}"
 fields:
   tags:
     - preserve_original_event
diff --git a/packages/pfsense/data_stream/log/_dev/test/pipeline/test-common-config.yml b/packages/pfsense/data_stream/log/_dev/test/pipeline/test-common-config.yml
@@ -1,3 +1,5 @@
+dynamic_fields:
+  "@timestamp": "^[0-9]{4}(-[0-9]{2}){2}T[0-9]{2}(:[0-9]{2}){2}\\.[0-9]{3}"
 fields:
   tags:
     - preserve_original_event

diff --git a/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-common-config.yml b/packages/symantec_endpoint/data_stream/log/_dev/test/pipeline/test-common-config.yml
@@ -1,3 +1,5 @@
+dynamic_fields:
+  "@timestamp": "^[0-9]{4}(-[0-9]{2}){2}T[0-9]{2}(:[0-9]{2}){2}\\.[0-9]{3}"
 fields:
   tags:
     - forwarded

diff --git a/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-common-config.yml b/packages/zscaler_zia/data_stream/alerts/_dev/test/pipeline/test-common-config.yml
@@ -1,3 +1,5 @@
+dynamic_fields:
+  "@timestamp": "^[0-9]{4}(-[0-9]{2}){2}T[0-9]{2}(:[0-9]{2}){2}\\.[0-9]{3}"
 fields:
   tags:
     - preserve_original_event