Update from original #1
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* add cloud.instance.name
* Add topic about stopping Elastic Agent * Add systemctl stop command * Add kill command * Add missing colon
The Elasticsearch user_agent processor was updated in elastic/elasticsearch#59697
* Update crowdstrike module
* remove skip * close properly * changelog * space
When using light modules, host parser is called twice. First by the actual implementation of the metricset, and second after adding the configuration defined in the light module manifest. Second call might be missing data as the original host is modified after the first call, causing problems. This change disables host parser in the registration created for light modules, and makes only the "second call" inside the factory. It also removes previous fix for URLs as it shouldn't be needed anymore.
When the fields.yml file is constructed it is done by appending files together and adding some indenting. In the case of Filebeat, a fileset's fields.yml is appended with an indent of 8 spaces to the module's fields.yml. This generally allows for all of the filesets fields to become children of the module. The problem we had was that the new filesets added in #19713 expected that their fields would be root fields (not children to the module namespace). In cases where the module already existed and had declared a module namespace field in its fields.yml this resulted in unexpectedly namespaced fieldset fields (e.g. microsoft.rsa.* instead of rsa.*). The size of the x-pack/filebeat index-pattern is still large (915885 bytes), but not so large that it goes beyond the Kibana request payload limit. Fixes #19965
* Improve stop to be more relaxed. * Add changelog.
Won't be shipping this fileset as the product is EOL.
* Ignore cylance.protect timestamps while testing * Update generated
* prevent closing closed * changelog
The number of docvalue fields in Filebeat went beyond 100 and Discover was not loading. I added settings.index.max_docvalue_fields_search=200 to the default index template. In Filebeat there are about 117 fields now. Fixes #20215
* refactor(packet beat): Improve support for 100-continue * test(packetbeat): 100-continue only generate one event without error * test(packetbeat): 100-continue only generate one event without error * Update packetbeat/protos/http/http.go Co-authored-by: Adrian Serrano <adrisr83@gmail.com> * delete unused string * Fix format issue Co-authored-by: Marc Guasch <marc.guasch@elastic.co> Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
[Ingest Manager] Prepare packaging for endpoint and asc files (#20186)
…ertain webhooks that is not able to set content-headers at all. Still defaults to application/json (#20232)
* Fix install service script. * Add changelog. * Register as a Windows service and fix issue with reader closer. * Fix install service script. * Add changelog.
Fixes auditd module syscall table for ppc64 and ppc64le. elastic/go-libaudit#72
When starting beats as a service, the PID will be owned by the user that manages the service. This would be root in most cases. Users tend to run tests as non-root, running beats directly (./metricbeat) on the command line. Without the shared_credential_file path the beat checks for credentials under the user's home directory. When starting beats as a service, the home directory of the user managing the service (typically root) is different than what was being used in testing and development, which can be hard to figure out.
- "ignore_empty_value" option for the set processor only works on Elasticsearch >= 7.9.0. This change removes that option and replaces it with an if statement if pipeline is loaded on an earlier version of elasticsearch.
* Add mappings for x509 fields in kerberos * Add changelog entry * Do gsub in place
* mofidy doc * fix * generate json * changelog * fields * test * update fields
* feat: configure retries on tests * Update Jenkinsfile Co-authored-by: cachedout <mike.place@elastic.co> * Update Jenkinsfile Co-authored-by: cachedout <mike.place@elastic.co>
* fix: skip default checkout * fix: skip default checkout * fix: force ubuntu-18 nodes * fix: use master for the default checkout
Solve python deprecation warnings, and make python tests to fail if deprecated code is added. Changes here: * Add error::DeprecationWarning to pytest's filterwarnings (so tests fail if use deprecated code). * Add pytest.ini to the list of files that trigger all CI builds. * Refactor tests to don't require deprecated assertDictContainsSubset. * Update autopep8 to latest version, and run it once with -a (aggresive). * Solve some other deprecation warnings not solved automatically by autopep8 -a.
* Flaky TestConfigurableService disable test * update skipnow to skipf Co-authored-by: Michal Pristas <michal.pristas@gmail.com>
* Map x509 fields in santa module * Bump ecs version
* Map x509 for suricata/eve fileset * Fix not_before condition and bump ecs version
* Update api-keys.asciidoc - API key prerequisites Add references to required privileges within the API key examples * Update libbeat/docs/security/api-keys.asciidoc Co-authored-by: DeDe Morton <dede.morton@elastic.co> Co-authored-by: DeDe Morton <dede.morton@elastic.co>
* Sanitize event.host * Update CHANGELOG * Fix: enable host parser
Kafka metricsets based on Jolokia require a different configuration to the native metricsets. Disable the Jolokia ones by default, if someone wants to use them, they need to explicitly enable and configure them. Reference configuration contains information about this.
* Refactor Boolexp to Eql. * Connect new Eql to specs and input emitter. * Fix compare with null. * Fix notice and go.mod.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Why is it important?
Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Author's Checklist
How to test this PR locally
Related issues
Use cases
Screenshots
Logs