Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AWS] Update AWS cloud.region parsing #4024

Merged
merged 2 commits into from
Aug 22, 2022
Merged

[AWS] Update AWS cloud.region parsing #4024

merged 2 commits into from
Aug 22, 2022

Conversation

legoguy1000
Copy link
Contributor

What does this PR do?

The AWS-S3 input sets the cloud.region field to the region the S3 bucket is located. This is not always the same as the region the event originated per https://discuss.elastic.co/t/filebeat-aws-cloudtrail-processor-parses-incorrect-aws-region-from-logs/312150. The current ingest pipelines only use a rename processor which doesn't work if the field already exists. This changes the processor a set to override from the input. Also adds additional parsing for datastreams that don't already have cloud.region set.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@legoguy1000 legoguy1000 requested a review from a team as a code owner August 17, 2022 22:04
@elasticmachine
Copy link

elasticmachine commented Aug 17, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-08-18T21:19:02.035+0000

  • Duration: 33 min 41 sec

Test stats 🧪

Test Results
Failed 0
Passed 162
Skipped 2
Total 164

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@sypste sypste mentioned this pull request Aug 18, 2022
Closed
@sypste
Copy link

sypste commented Aug 18, 2022
edited
Loading

Relates to elastic/beats#32703

@kaiyan-sheng
Copy link
Contributor

/test

@kaiyan-sheng kaiyan-sheng requested a review from a team August 18, 2022 21:19
@elasticmachine
Copy link

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (13/13) 💚
Files 92.857% (13/14)
Classes 92.857% (13/14)
Methods 84.232% (203/241)
Lines 95.697% (5204/5438)
Conditionals 100.0% (0/0) 💚

@kaiyan-sheng kaiyan-sheng merged commit 4b57b9a into elastic:main Aug 22, 2022
kaiyan-sheng
kaiyan-sheng reviewed Aug 22, 2022
View reviewed changes
packages/aws/data_stream/s3access/elasticsearch/ingest_pipeline/default.yml
ignore_missing: true
ignore_failure: true
patterns:
- ^%{DATA}s3\.%{DATA:cloud.region}\.%{DATA}$
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@legoguy1000 Should we add a check to see if aws.s3acccess.host_header exists?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isnt that the idea of the ignore_missing??

@kaiyan-sheng kaiyan-sheng mentioned this pull request Aug 22, 2022
Merged
6 tasks
@legoguy1000 legoguy1000 deleted the aws-region-update branch August 23, 2022 00:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

@efd6 efd6 efd6 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@legoguy1000 @elasticmachine @sypste @kaiyan-sheng @efd6