Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[filebeat][decode_cef] Add hyphen support #40427

Merged
merged 11 commits into from
Aug 12, 2024
Merged

[filebeat][decode_cef] Add hyphen support #40427

merged 11 commits into from
Aug 12, 2024

Conversation

vinit-chauhan
Copy link
Contributor

@vinit-chauhan vinit-chauhan commented Aug 4, 2024
edited
Loading

Proposed commit message

This PR Adds support for - in the extension keys.
To do this, I have updated the cef.rl file and used go generate to generate parser.go and parser_recover.go.
Moreover, I have also added .ri file to gitignore file as they are intermediate files generated by regel.

Note: I've also updated the go generate directive to use regel-go as the latest version is not supporting -Z flag

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Tests Passing
image

Logs

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Aug 4, 2024
@mergify Mergify
Copy link
Contributor

mergify bot commented Aug 4, 2024

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @vinit-chauhan? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@vinit-chauhan vinit-chauhan marked this pull request as ready for review August 4, 2024 19:46
@vinit-chauhan vinit-chauhan requested a review from a team as a code owner August 4, 2024 19:46
@andrewkroh andrewkroh added enhancement Filebeat Filebeat Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution labels Aug 6, 2024
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Aug 6, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

andrewkroh
andrewkroh reviewed Aug 6, 2024
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

CHANGELOG-developer.next.asciidoc Outdated Show resolved Hide resolved
@mergify Mergify
Copy link
Contributor

mergify bot commented Aug 9, 2024

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b add_hyphen_support upstream/add_hyphen_support
git merge upstream/main
git push upstream add_hyphen_support

@vinit-chauhan
Copy link
Contributor Author

Hey @andrewkroh - are we waiting for code owners' review?

@andrewkroh
Copy link
Member

Yeah, I was giving the little time in case anyone from @elastic/sec-deployment-and-devices wanted to comment. I'll merge it after CI finishes today.

@andrewkroh andrewkroh enabled auto-merge (squash) August 9, 2024 17:38
@andrewkroh andrewkroh added the backport-skip Skip notification from the automated backport with mergify label Aug 9, 2024
@andrewkroh
Copy link
Member

run docs-build

pkoutsovasilis
pkoutsovasilis approved these changes Aug 12, 2024
View reviewed changes
Copy link
Contributor

@pkoutsovasilis pkoutsovasilis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this contribution @vinit-chauhan! LGTM

@pkoutsovasilis
Copy link
Contributor

run docs-build

@pkoutsovasilis
Copy link
Contributor

/test

@andrewkroh andrewkroh merged commit e4012a2 into elastic:main Aug 12, 2024
19 checks passed
vinit-chauhan added a commit to vinit-chauhan/beats that referenced this pull request Aug 13, 2024
@vinit-chauhan
[filebeat][decode_cef] Allow hyphens in extension key (elastic#40427)
9f238af 
This adds support for hyphens (`-`) in extension keys. The CEF spec says that extension keys alphanumeric. So this is a deviation, but a minor one that is inline with past deviations to allow dots in extension keys. 

I have also added .ri file to gitignore file as they are intermediate files generated by regel.

Closes elastic#40348
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh left review comments

@pkoutsovasilis pkoutsovasilis pkoutsovasilis approved these changes

Assignees

@vinit-chauhan vinit-chauhan

Labels
backport-skip Skip notification from the automated backport with mergify enhancement Filebeat Filebeat Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[filebeat][decode_cef] Unable to parse fields containing hyphen -
4 participants
@vinit-chauhan @elasticmachine @andrewkroh @pkoutsovasilis