Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[System Integration] Implement ignore_older for System integration Logs #3149

Closed
Tracked by #3147
nimarezainia opened this issue Apr 20, 2022 · 5 comments
Closed
Tracked by #3147

[System Integration] Implement ignore_older for System integration Logs #3149

nimarezainia opened this issue Apr 20, 2022 · 5 comments
Assignees
@fearful-symmetry
Labels
estimation:Day Task that represents a day of work. Integration:system System QA:Needs Validation Needs validation by the QA Team Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team [elastic/elastic-agent-data-plane] v8.4.0

Comments

@nimarezainia
Copy link
Contributor

Details are in #3147

Implement ignore_older for the following event logs:

  • System auth logs
  • System syslog logs
  • Windows application logs
  • Security Channel
  • Windows system logs
@nimarezainia nimarezainia added Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team [elastic/elastic-agent-data-plane] 8.4-candidate labels Apr 20, 2022
@elasticmachine
Copy link

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@nimarezainia nimarezainia mentioned this issue Apr 20, 2022
Closed
3 tasks
@jlind23 jlind23 added estimation:Day Task that represents a day of work. v8.4.0 and removed 8.4-candidate labels May 24, 2022
@cmacknz cmacknz assigned fearful-symmetry and unassigned belimawr Jun 21, 2022
@jlind23 jlind23 added the QA:Needs Validation Needs validation by the QA Team label Jun 29, 2022
@jlind23
Copy link
Contributor

jlind23 commented Jul 18, 2022

Closed by #3691

@jlind23 jlind23 closed this as completed Jul 18, 2022
@amolnater-qasource
Copy link

Hi @jlind23 @nimarezainia
We have revalidated this feature on latest 8.4 Snapshot and had below observations:
Ignore events older than field is available for:

  • Windows application logs
  • Security Channel
  • Windows system logs

Screenshots:
7
8
9

Further Ignore events older than field is not available for below event logs:

  • System auth logs
  • System syslog logs

Could you please confirm if this is expected?

Screenshots:
11
10

Could you please confirm if any other testing is required for this field from our end?

Build details:
BUILD: 54585
COMMIT: f9e2ed4d9f38424676a558c34b74f0a031746c9e

Please let us know if we are missing anything here.
Thanks

@jlind23
Copy link
Contributor

jlind23 commented Jul 19, 2022

@amolnater-qasource as soon as this PR will be merged by @fearful-symmetry then System auth logs and System syslog logs will be working out perfectly.

@amolnater-qasource
Copy link

Hi @jlind23
Thank you for the feedback, we will be revalidating this once #3691 PR will be merged.

Thanks!

@amolnater-qasource amolnater-qasource mentioned this issue Aug 9, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fearful-symmetry fearful-symmetry

Labels
estimation:Day Task that represents a day of work. Integration:system System QA:Needs Validation Needs validation by the QA Team Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team [elastic/elastic-agent-data-plane] v8.4.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@belimawr @andrewkroh @fearful-symmetry @nimarezainia @elasticmachine @jlind23 @amolnater-qasource