Skip to content

Commit

Permalink
[Filebeat] Fix Okta ingest pipeline (elastic#20454)
Browse files Browse the repository at this point in the history
* Fix ingest pipeline

* Add changelog entry
  • Loading branch information
Andrew Stucki authored Aug 6, 2020
1 parent f3fe010 commit 5fdcb1c
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -232,6 +232,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fix millisecond timestamp normalization issues in CrowdStrike module {issue}20035[20035], {pull}20138[20138]
- Fix support for message code 106100 in Cisco ASA and FTD. {issue}19350[19350] {pull}20245[20245]
- Fix `fortinet` setting `event.timezone` to the system one when no `tz` field present {pull}20273[20273]
- Fix `okta` geoip lookup in pipeline for `destination.ip` {pull}20454[20454]

*Heartbeat*

Expand Down
6 changes: 3 additions & 3 deletions x-pack/filebeat/module/okta/system/ingest/pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ description: Pipeline for Okta system logs.
processors:
- set:
field: event.ingested
value: '{{_ingest.timestamp}}'
value: "{{_ingest.timestamp}}"
- user_agent:
field: user_agent.original
ignore_missing: true
Expand All @@ -13,7 +13,7 @@ processors:
ignore_missing: true
- geoip:
field: destination.ip
target_field: source.geo
target_field: destination.geo
ignore_missing: true
- geoip:
database_file: GeoLite2-ASN.mmdb
Expand Down Expand Up @@ -51,4 +51,4 @@ processors:
on_failure:
- set:
field: error.message
value: '{{ _ingest.on_failure_message }}'
value: "{{ _ingest.on_failure_message }}"

0 comments on commit 5fdcb1c

Please sign in to comment.