diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 7188f0c6b1a..4ab5cae63bc 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -219,6 +219,7 @@ automatic splitting at root level, if root level element is an array. {pull}3415 - Add support for Okta debug attributes, `risk_reasons`, `risk_behaviors` and `factor`. {issue}33677[33677] {pull}34508[34508] - Fill okta.request.ip_chain.* as a flattened object in Okta module. {pull}34621[34621] - Fixed GCS log format issues. {pull}34659[34659] +- Add nginx.ingress_controller.upstream.ip to related.ip {issue}34645[34645] {pull}34672[34672] *Auditbeat* diff --git a/filebeat/module/nginx/ingress_controller/ingest/pipeline.yml b/filebeat/module/nginx/ingress_controller/ingest/pipeline.yml index 4e682c0261e..ca000547e90 100644 --- a/filebeat/module/nginx/ingress_controller/ingest/pipeline.yml +++ b/filebeat/module/nginx/ingress_controller/ingest/pipeline.yml @@ -291,10 +291,17 @@ processors: field: related.ip value: "{{source.ip}}" if: "ctx?.source?.ip != null" + allow_duplicates: false - append: field: related.ip value: "{{destination.ip}}" if: "ctx?.destination?.ip != null" + allow_duplicates: false + - append: + field: related.ip + value: "{{nginx.ingress_controller.upstream.ip}}" + if: "ctx?.nginx?.ingress_controller?.upstream?.ip != null" + allow_duplicates: false - append: field: related.user value: "{{user.name}}" diff --git a/filebeat/module/nginx/ingress_controller/test/test.log-expected.json b/filebeat/module/nginx/ingress_controller/test/test.log-expected.json index 16aa75c2838..77a2918fd02 100644 --- a/filebeat/module/nginx/ingress_controller/test/test.log-expected.json +++ b/filebeat/module/nginx/ingress_controller/test/test.log-expected.json @@ -47,7 +47,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -107,7 +108,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -167,7 +169,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -227,7 +230,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -365,7 +369,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -425,7 +430,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -489,7 +495,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -553,7 +560,8 @@ "172.17.0.6:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.6" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -617,7 +625,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -681,7 +690,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -745,7 +755,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -809,7 +820,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -872,7 +884,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -936,7 +949,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -1000,7 +1014,8 @@ "172.17.0.6:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.6" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -1064,7 +1079,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -1128,7 +1144,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -1189,7 +1206,8 @@ "172.17.0.6:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.6" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -1252,7 +1270,8 @@ "172.17.0.5:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.5" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -1316,7 +1335,8 @@ "172.17.0.6:8080" ], "related.ip": [ - "192.168.64.1" + "192.168.64.1", + "172.17.0.6" ], "service.type": "nginx", "source.address": "192.168.64.1", @@ -1383,7 +1403,8 @@ "172.17.0.7:8080" ], "related.ip": [ - "192.168.64.14" + "192.168.64.14", + "172.17.0.7" ], "service.type": "nginx", "source.address": "192.168.64.14", @@ -1450,7 +1471,8 @@ "172.17.0.7:8080" ], "related.ip": [ - "192.168.64.14" + "192.168.64.14", + "172.17.0.7" ], "service.type": "nginx", "source.address": "192.168.64.14", @@ -1681,4 +1703,4 @@ "user_agent.os.version": "10.15.7", "user_agent.version": "104.0.0.0" } -] \ No newline at end of file +]