Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.13](backport #38917) [filebeat][threatintel] MISP splitting fix for empty responses #38928

Merged
merged 3 commits into from
Apr 18, 2024
Merged

[8.13](backport #38917) [filebeat][threatintel] MISP splitting fix for empty responses #38928

merged 3 commits into from
Apr 18, 2024

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Apr 15, 2024
edited by zube bot
Loading

Proposed commit message

[filebeat][threatintel] MISP splitting fix for empty responses (#)

Two fixes related to empty server responses:

- Set `response.split.ignore_empty_value` to `true` to avoid indexing
  `{response:[]}`, which is the MISP server's empty response body.
  According to the `response.split` [documentation][1], "If the split
  target is empty the parent document will be kept. If documents with
  empty splits should be dropped, the `ignore_empty_value` option should
  be set to `true`."

- Use the null-safe operator for a chained method invocation following a
  null-safe field access. All other null-safe operator usages were also
  reviewed and corrected where necessary.

[1]: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#response-split

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

Related issues

@mergify mergify bot requested a review from a team as a code owner April 15, 2024 09:14
@mergify mergify bot added the backport label Apr 15, 2024
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Apr 15, 2024
@elasticmachine
Copy link
Collaborator

elasticmachine commented Apr 15, 2024
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2024-04-18T04:17:54.937+0000

  • Duration: 137 min 39 sec

Test stats 🧪

Test Results
Failed 0
Passed 3334
Skipped 180
Total 3514

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@chrisberkhout
[filebeat][threatintel] MISP splitting fix for empty responses (#38917)
84dd9fc 
Two fixes related to empty server responses:

- Set `response.split.ignore_empty_value` to `true` to avoid indexing
  `{response:[]}`, which is the MISP server's empty response body.
  According to the `response.split` [documentation][1], "If the split
  target is empty the parent document will be kept. If documents with
  empty splits should be dropped, the `ignore_empty_value` option should
  be set to `true`."

- Use the null-safe operator for a chained method invocation following a
  null-safe field access. All other null-safe operator usages were also
  reviewed and corrected where necessary.

[1]: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#response-split

---------

Co-authored-by: Dan Kortschak <[email protected]>
(cherry picked from commit 692658c)
@chrisberkhout chrisberkhout force-pushed the mergify/bp/8.13/pr-38917 branch from 2350f54 to 84dd9fc Compare April 15, 2024 11:51
@chrisberkhout chrisberkhout added bugfix Team:Security-Service Integrations Security Service Integrations Team labels Apr 15, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Apr 15, 2024
@mergify Mergify
Copy link
Contributor Author

mergify bot commented Apr 17, 2024

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b mergify/bp/8.13/pr-38917 upstream/mergify/bp/8.13/pr-38917
git merge upstream/8.13
git push upstream mergify/bp/8.13/pr-38917

@chrisberkhout chrisberkhout enabled auto-merge (squash) April 18, 2024 04:18
@chrisberkhout chrisberkhout disabled auto-merge April 18, 2024 04:19
@chrisberkhout chrisberkhout enabled auto-merge (squash) April 18, 2024 04:20
@chrisberkhout chrisberkhout merged commit 888c466 into 8.13 Apr 18, 2024
22 checks passed
@chrisberkhout chrisberkhout deleted the mergify/bp/8.13/pr-38917 branch April 18, 2024 06:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisberkhout chrisberkhout chrisberkhout approved these changes

Assignees

@chrisberkhout chrisberkhout

Labels
backport bugfix Team:Security-Service Integrations Security Service Integrations Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@elasticmachine @chrisberkhout