Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Convert processor supports validation of IPv4/IPv6 addresses #69989

Merged
merged 2 commits into from
Mar 18, 2021
Merged

Convert processor supports validation of IPv4/IPv6 addresses #69989

merged 2 commits into from
Mar 18, 2021

Conversation

danhermann
Copy link
Contributor

@danhermann danhermann commented Mar 4, 2021
edited
Loading

Adds a new type to the convert processor that validates IPv4/IPv6 addresses. Useful for guaranteeing that a particular field value can be mapped to an Elasticsearch ip field type. This is similar to the Beats processor functionality (described here) in which "the convert processor supports a psuedo-type for IPs. It doesn't really change the data type, but it will fail the "conversion" if the value is not an IP."

E.g.:

PUT _ingest/pipeline/ip_convert
{
  "processors": [
    {
      "convert": {
        "field": "source",
        "target_field": "source_ip",
        "type": "ip",
        "ignore_failure": true
      }
    }
  ]
}

# does not populate source_ip because invalid IP
POST /my-ip-test/_doc?pipeline=ip_convert
{
    "source" : "not_a_valid_ip"
}

# results in the following document (does not fail ingest pipeline because ignore_failure is set to true):
{
    "source" : "not_a_valid_ip"
}

# does populate source_ip because valid IP
POST /my-ip-test/_doc?pipeline=ip_convert
{
    "source" : "192.168.1.2"
}

# results in the following document (note that source_ip is still a string value):
{
    "source" : "192.168.1.2",
    "source_ip" : "192.168.1.2"
}

Resolves #36145

@danhermann danhermann added >feature :Data Management/Ingest Node Execution or management of Ingest Pipelines including GeoIP v8.0.0 v7.13.0 labels Mar 4, 2021
@elasticmachine elasticmachine added the Team:Data Management Meta label for data/management team label Mar 4, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-core-features (Team:Core/Features)

@danhermann
Copy link
Contributor Author

@andrewkroh and @geekpete, I would appreciate it if you and/or other interested parties could verify that this works for the use cases you described in #36145.

@danhermann
Copy link
Contributor Author

@elasticmachine update branch

@andrewkroh
Copy link
Member

Thanks @danhermann, this looks like what I expected. One question, since this writes an InetAddress as opposed to a string into the event, will any of the downstream processors like geoip have issues accepting that value type?

@danhermann
Copy link
Contributor Author

Thanks @danhermann, this looks like what I expected. One question, since this writes an InetAddress as opposed to a string into the event, will any of the downstream processors like geoip have issues accepting that value type?

Actually, it parses the string into an InetAddress just to validate it. If successful, it sets the original string as the value and discards the InetAddress. If unsuccessful, it fails although the failure can be suppressed with the ignore_failure option.

andrewkroh
andrewkroh approved these changes Mar 5, 2021
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jbaiera jbaiera self-requested a review March 11, 2021 16:39
jbaiera
jbaiera approved these changes Mar 16, 2021
View reviewed changes
Copy link
Member

@jbaiera jbaiera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@danhermann
Copy link
Contributor Author

Thanks, @jbaiera!

@danhermann danhermann merged commit 2c3f297 into elastic:master Mar 18, 2021
@danhermann danhermann deleted the 36145_convert_ip_addresses branch March 18, 2021 06:19
This was referenced Mar 19, 2021
Merged
Merged
danhermann added a commit to danhermann/elasticsearch that referenced this pull request Apr 5, 2021
@danhermann
Convert processor supports validation of IPv4/IPv6 addresses (elastic…
9d20cb6 
…#69989)
@danhermann danhermann mentioned this pull request Apr 5, 2021
Merged
danhermann added a commit that referenced this pull request Apr 5, 2021
@danhermann
Convert processor supports validation of IPv4/IPv6 addresses (#69989) (
dc5cc1c 
…#71285)
@danhermann
Copy link
Contributor Author

cc: @elastic/es-ui in case auto-complete needs to be updated to accommodate this new type value.

@alisonelizabeth alisonelizabeth mentioned this pull request Apr 19, 2021
Closed
@alisonelizabeth
Copy link
Contributor

Thanks @danhermann! Opened elastic/kibana#97461 to add support in Kibana.

@stevejgordon stevejgordon mentioned this pull request Apr 21, 2021
Closed
62 tasks
@joegallo joegallo mentioned this pull request Jun 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

@jbaiera jbaiera jbaiera approved these changes

Assignees
No one assigned
Labels
:Data Management/Ingest Node Execution or management of Ingest Pipelines including GeoIP >feature Team:Data Management Meta label for data/management team v7.13.0 v8.0.0-alpha1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add IP to supported types for Convert ingest processor
6 participants
@danhermann @elasticmachine @andrewkroh @alisonelizabeth @jbaiera @jakelandis