[Filebeat] Add text & flattened fields in aws cloudtrail fileset #19121

leehinman · 2020-06-11T02:35:03Z

What does this PR do?

AWS cloudtrail events have the following fields where the subfields
are highley variable: requestParameters, responseElements,
additionalEventData and serviceEventDetails. This PR adds a text
multi_field to the existing fields and adds a new flattened field.

multi_fields added to following fields:

aws.cloudtrail.request_parameters
aws.cloudtrail.response_elements
aws.cloudtrail.additiona_eventdata
aws.cloudtrail.service_event_details

flattened version of the fields are stored here:

aws.cloudtrail.flattened.request_parameters
aws.cloudtrail.flattened.response_elements
aws.cloudtrail.flattened.additiona_eventdata
aws.cloudtrail.flattened.service_event_details

Why is it important?

The string representation of the highly variable subfields wasn't
meeting everyones needs. The text multi field and flattened objects
should make searching on these fields much easier.

Checklist

My code follows the style guidelines of this project
I have commented my code, particularly in hard-to-understand areas
I have made corresponding changes to the documentation
~~- [ ] I have made corresponding change to the default configuration files~~
I have added tests that prove my fix is effective or that my feature works
I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

GENERATE=true TESTING_FILEBEAT_MODULES=aws mage -v pythonIntegTest

Related issues

Closes [filebeat][aws][cloudtrail] accessKeyId should be searchable #18866

elasticmachine · 2020-06-11T02:35:05Z

Pinging @elastic/siem (Team:SIEM)

elasticmachine · 2020-06-11T02:39:35Z

💔 Build Failed

Expand to view the summary

Build stats

Build Cause: [Pull request #19121 updated]
Start Time: 2020-07-09T14:46:15.328+0000
Duration: 100 min 32 sec

Test stats 🧪

Test	Results
Failed	0
Passed	9299
Skipped	1555
Total	10854

Steps errors

Expand to view the steps failures

Name: Report to Codecov
- Description: curl -sSLo codecov https://codecov.io/bash for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat do FILE="${i}/build/coverage/full.cov" if [ -f "${FILE}" ]; then bash codecov -f "${FILE}" fi done
- Duration: 2 min 22 sec
- Start Time: 2020-07-09T15:44:01.379+0000
- log
Name: Notifies GitHub of the status of a Pull Request
- Description:
- Duration: 0 min 10 sec
- Start Time: 2020-07-09T15:37:36.768+0000
- log
Name: Recursively delete the current directory from the workspace
- Description: {"message":"API rate limit exceeded for user ID 15837671.","documentation_url":"https://developer.gi
- Duration: 0 min 9 sec
- Start Time: 2020-07-09T15:37:51.278+0000
- log
Name: Report to Codecov
- Description: curl -sSLo codecov https://codecov.io/bash for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat do FILE="${i}/build/coverage/full.cov" if [ -f "${FILE}" ]; then bash codecov -f "${FILE}" fi done
- Duration: 2 min 22 sec
- Start Time: 2020-07-09T15:51:32.976+0000
- log

Log output

Expand to view the last 100 lines of log output

[2020-07-09T16:23:39.935Z]   Experimental:     false
[2020-07-09T16:23:39.935Z]  containerd:
[2020-07-09T16:23:39.935Z]   Version:          v1.2.10
[2020-07-09T16:23:39.935Z]   GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
[2020-07-09T16:23:39.935Z]  runc:
[2020-07-09T16:23:39.935Z]   Version:          1.0.0-rc8+dev
[2020-07-09T16:23:39.935Z]   GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
[2020-07-09T16:23:39.935Z]  docker-init:
[2020-07-09T16:23:39.935Z]   Version:          0.18.0
[2020-07-09T16:23:39.935Z]   GitCommit:        fec3683
[2020-07-09T16:25:20.181Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats
[2020-07-09T16:25:20.492Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-07-09T16:25:20.504Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Lint
[2020-07-09T16:25:20.604Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Elastic-Agent-x-pack
[2020-07-09T16:25:20.701Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Winlogbeat-oss
[2020-07-09T16:25:20.804Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Auditbeat-crosscompile
[2020-07-09T16:25:20.895Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Dockerlogbeat
[2020-07-09T16:25:20.990Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Journalbeat-oss
[2020-07-09T16:25:21.080Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Functionbeat-x-pack
[2020-07-09T16:25:21.170Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Generators-Metricbeat-Linux
[2020-07-09T16:25:21.264Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Elastic-Agent-Mac-OS-X
[2020-07-09T16:25:21.377Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Elastic-Agent-x-pack-Windows
[2020-07-09T16:25:21.476Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Filebeat-x-pack-Mac-OS-X
[2020-07-09T16:25:21.567Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Metricbeat-OSS-Unit-tests
[2020-07-09T16:25:21.676Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Auditbeat-x-pack-Windows
[2020-07-09T16:25:21.772Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Auditbeat-x-pack
[2020-07-09T16:25:21.878Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Auditbeat-x-pack-Mac-OS-X
[2020-07-09T16:25:21.964Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Auditbeat-oss-Windows
[2020-07-09T16:25:22.066Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Winlogbeat-Windows-x-pack
[2020-07-09T16:25:22.149Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Filebeat-x-pack-Windows
[2020-07-09T16:25:22.244Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Metricbeat-x-pack-Mac-OS-X
[2020-07-09T16:25:22.326Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Metricbeat-crosscompile
[2020-07-09T16:25:22.426Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Metricbeat-Mac-OS-X
[2020-07-09T16:25:22.550Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Heartbeat-oss
[2020-07-09T16:25:22.655Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Libbeat-x-pack
[2020-07-09T16:25:22.749Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Filebeat-Windows
[2020-07-09T16:25:22.833Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Winlogbeat-Windows
[2020-07-09T16:25:22.935Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Metricbeat-x-pack
[2020-07-09T16:25:23.029Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Auditbeat-oss-Mac-OS-X
[2020-07-09T16:25:23.134Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Metricbeat-x-pack-Windows
[2020-07-09T16:25:23.237Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Auditbeat-oss-Linux
[2020-07-09T16:25:23.338Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Metricbeat-Windows
[2020-07-09T16:25:23.432Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Packetbeat-oss
[2020-07-09T16:25:23.532Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Filebeat-x-pack
[2020-07-09T16:25:23.633Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Functionbeat-Mac-OS-X-x-pack
[2020-07-09T16:25:23.729Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Filebeat-Mac-OS-X
[2020-07-09T16:25:23.825Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Generators-Beat-Linux
[2020-07-09T16:25:23.907Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Heartbeat-Mac-OS-X
[2020-07-09T16:25:23.996Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests
[2020-07-09T16:25:24.095Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Functionbeat-Windows
[2020-07-09T16:25:24.180Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Filebeat-oss
[2020-07-09T16:25:24.261Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Metricbeat-Python-integration-tests
[2020-07-09T16:25:24.353Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Libbeat-oss
[2020-07-09T16:25:24.489Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Libbeat-crosscompile
[2020-07-09T16:25:24.602Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Libbeat-stress-tests
[2020-07-09T16:25:24.711Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Generators-Metricbeat-Mac-OS-X
[2020-07-09T16:25:24.807Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Generators-Beat-Mac-OS-X
[2020-07-09T16:25:25.180Z] + cat
[2020-07-09T16:25:25.180Z] + /usr/local/bin/runbld ./runbld-script
[2020-07-09T16:25:25.180Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-07-09T16:25:31.775Z] runbld>>> runbld started
[2020-07-09T16:25:31.775Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-07-09T16:25:33.161Z] runbld>>> The following profiles matched the job 'Beats/beats-beats-mbp/PR-19121' in order of occurrence in the config (last value wins).
[2020-07-09T16:25:34.548Z] runbld>>> Debug logging enabled.
[2020-07-09T16:25:34.548Z] runbld>>> Storing result
[2020-07-09T16:25:34.548Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-07-09T16:25:34.548Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200709162534-9C2796B4
[2020-07-09T16:25:34.548Z] runbld>>> Adding system facts.
[2020-07-09T16:25:35.502Z] runbld>>> Adding vcs info for the latest commit:  cf0ec3d37577b6f8ea3f3b44e2cb6e7016e3b805
[2020-07-09T16:25:35.502Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-07-09T16:25:35.502Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-07-09T16:25:35.762Z] + echo 'Processing JUnit reports with runbld...'
[2020-07-09T16:25:35.762Z] Processing JUnit reports with runbld...
[2020-07-09T16:25:36.023Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-07-09T16:25:36.023Z] runbld>>> DURATION: 27ms
[2020-07-09T16:25:36.023Z] runbld>>> STDOUT: 40 bytes
[2020-07-09T16:25:36.023Z] runbld>>> STDERR: 49 bytes
[2020-07-09T16:25:36.023Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-07-09T16:25:36.023Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats
[2020-07-09T16:25:36.972Z] runbld>>> Storing build metadata: 
[2020-07-09T16:25:37.231Z] runbld>>> Adding test report.
[2020-07-09T16:25:37.231Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats
[2020-07-09T16:25:37.812Z] runbld>>> Found 93 test output files
[2020-07-09T16:25:39.723Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests/metricbeat/build/TEST-go-integration-graphite.xml
[2020-07-09T16:25:39.724Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests/metricbeat/build/TEST-go-integration-windows.xml
[2020-07-09T16:25:39.985Z] runbld>>> Test output logs contained: Errors: 0 Failures: 0 Tests: 10708 Skipped: 1331
[2020-07-09T16:25:40.244Z] runbld>>> Storing result
[2020-07-09T16:25:40.244Z] runbld>>> FAILURES: 0
[2020-07-09T16:25:40.504Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-07-09T16:25:40.504Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200709162534-9C2796B4
[2020-07-09T16:25:40.764Z] runbld>>> Email notification disabled by environment variable.
[2020-07-09T16:25:40.764Z] runbld>>> Slack notification disabled by environment variable.
[2020-07-09T16:25:46.296Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19121
[2020-07-09T16:25:46.410Z] [INFO] getVaultSecret: Getting secrets
[2020-07-09T16:25:46.484Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-07-09T16:25:47.248Z] + chmod 755 generate-build-data.sh
[2020-07-09T16:25:47.248Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-19121/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-19121/runs/20 FAILURE 5971658
[2020-07-09T16:25:47.248Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-19121/runs/20/steps/?limit=10000 -o steps-info.json
[2020-07-09T16:25:50.477Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-19121/runs/20/tests/?status=FAILED -o tests-errors.json
[2020-07-09T16:25:51.849Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-19121/runs/20/log/ -o pipeline-log.txt

andrewkroh

LGTM.

x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml

leehinman · 2020-07-06T13:41:13Z

run tests

AWS cloudtrail events have the following fields where the subfields are highley variable: requestParameters, responseElements, additionalEventData and serviceEventDetails. multi_fields added to following fields - aws.cloudtrail.request_parameters - aws.cloudtrail.response_elements - aws.cloudtrail.additiona_eventdata - aws.cloudtrail.service_event_details flattened version of the fields are stored here: - aws.cloudtrail.flattened.request_parameters - aws.cloudtrail.flattened.response_elements - aws.cloudtrail.flattened.additiona_eventdata - aws.cloudtrail.flattened.service_event_details Closes elastic#18866

AWS cloudtrail events have the following fields where the subfields are highley variable: requestParameters, responseElements, additionalEventData and serviceEventDetails. multi_fields added to following fields - aws.cloudtrail.request_parameters - aws.cloudtrail.response_elements - aws.cloudtrail.additiona_eventdata - aws.cloudtrail.service_event_details flattened version of the fields are stored here: - aws.cloudtrail.flattened.request_parameters - aws.cloudtrail.flattened.response_elements - aws.cloudtrail.flattened.additiona_eventdata - aws.cloudtrail.flattened.service_event_details Closes elastic#18866 (cherry picked from commit d16ecc9)

* upstream/master: Add text & flattened fields in aws cloudtrail fileset (elastic#19121)

* upstream/master: Fix parsing timestamp in Filebeat registry tests (elastic#19796) Add text & flattened fields in aws cloudtrail fileset (elastic#19121)

* upstream/master: [CI] support windows-2012 (elastic#19773) Do not update go.mod during packaging and testing (elastic#19823) Fix typo in ILM warning message (elastic#19819) [Winlogbeat] Remove beta tag from Powershell and Security modules (elastic#19817) feat: move the multibranch pipeline job to the beats repo (elastic#19698) Fix parsing timestamp in Filebeat registry tests (elastic#19796) Add text & flattened fields in aws cloudtrail fileset (elastic#19121)

AWS cloudtrail events have the following fields where the subfields are highley variable: requestParameters, responseElements, additionalEventData and serviceEventDetails. multi_fields added to following fields - aws.cloudtrail.request_parameters - aws.cloudtrail.response_elements - aws.cloudtrail.additiona_eventdata - aws.cloudtrail.service_event_details flattened version of the fields are stored here: - aws.cloudtrail.flattened.request_parameters - aws.cloudtrail.flattened.response_elements - aws.cloudtrail.flattened.additiona_eventdata - aws.cloudtrail.flattened.service_event_details Closes #18866 (cherry picked from commit d16ecc9)

AWS cloudtrail events have the following fields where the subfields are highley variable: requestParameters, responseElements, additionalEventData and serviceEventDetails. multi_fields added to following fields - aws.cloudtrail.request_parameters - aws.cloudtrail.response_elements - aws.cloudtrail.additiona_eventdata - aws.cloudtrail.service_event_details flattened version of the fields are stored here: - aws.cloudtrail.flattened.request_parameters - aws.cloudtrail.flattened.response_elements - aws.cloudtrail.flattened.additiona_eventdata - aws.cloudtrail.flattened.service_event_details Closes elastic#18866

leehinman added enhancement Filebeat Filebeat needs_backport PR is waiting to be backported to other branches. Team:SIEM labels Jun 11, 2020

botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jun 11, 2020

leehinman force-pushed the 18866_cloudtrail_multi_and_flattened branch from 6018c95 to ee10c64 Compare June 11, 2020 02:36

leehinman mentioned this pull request Jun 11, 2020

[filebeat][aws][cloudtrail] accessKeyId should be searchable #18866

Closed

andrewkroh approved these changes Jun 28, 2020

View reviewed changes

x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml Show resolved Hide resolved

leehinman force-pushed the 18866_cloudtrail_multi_and_flattened branch 3 times, most recently from 13f9645 to dbdb87c Compare July 2, 2020 14:47

leehinman force-pushed the 18866_cloudtrail_multi_and_flattened branch from 0faa7fb to 575a038 Compare July 8, 2020 20:49

leehinman force-pushed the 18866_cloudtrail_multi_and_flattened branch from 575a038 to cf0ec3d Compare July 9, 2020 14:45

leehinman merged commit d16ecc9 into elastic:master Jul 9, 2020

leehinman mentioned this pull request Jul 9, 2020

Cherry-pick #19121 to 7.x: [Filebeat] Add text & flattened fields in aws cloudtrail fileset #19809

Merged

5 tasks

leehinman added v7.9.0 and removed needs_backport PR is waiting to be backported to other branches. labels Jul 9, 2020

leehinman mentioned this pull request Jul 9, 2020

pull in aws cloudtrail changes from filebeat elastic/integrations#167

Closed

leehinman deleted the 18866_cloudtrail_multi_and_flattened branch July 9, 2020 18:13

v1v added a commit to v1v/beats that referenced this pull request Jul 13, 2020

Merge remote-tracking branch 'upstream/master' into feature/windows-2012

f6462d4

* upstream/master: Add text & flattened fields in aws cloudtrail fileset (elastic#19121)

ynirk mentioned this pull request Aug 27, 2020

[Filebeat] googlecloud audit: use flattened type for request and response fields #20826

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Filebeat] Add text & flattened fields in aws cloudtrail fileset #19121

[Filebeat] Add text & flattened fields in aws cloudtrail fileset #19121

leehinman commented Jun 11, 2020

elasticmachine commented Jun 11, 2020

elasticmachine commented Jun 11, 2020 •

edited

Loading

Build stats

Test stats 🧪

andrewkroh left a comment

leehinman commented Jul 6, 2020

[Filebeat] Add text & flattened fields in aws cloudtrail fileset #19121

[Filebeat] Add text & flattened fields in aws cloudtrail fileset #19121

Conversation

leehinman commented Jun 11, 2020

What does this PR do?

Why is it important?

Checklist

How to test this PR locally

Related issues

elasticmachine commented Jun 11, 2020

elasticmachine commented Jun 11, 2020 • edited Loading

💔 Build Failed

Build stats

Test stats 🧪

Steps errors

Log output

andrewkroh left a comment

Choose a reason for hiding this comment

leehinman commented Jul 6, 2020

elasticmachine commented Jun 11, 2020 •

edited

Loading