Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[updatecli] update elastic stack version for testing 8.14.0-faa2d2d3 #38122

Merged
merged 15 commits into from
Mar 13, 2024
Merged

[updatecli] update elastic stack version for testing 8.14.0-faa2d2d3 #38122

merged 15 commits into from
Mar 13, 2024

Conversation

apmmachine
Copy link
Contributor

@apmmachine apmmachine commented Feb 23, 2024
edited
Loading

Generated automatically with https://github.com/elastic/beats/actions/runs/8251123840

Bump elastic-stack to latest snapshot version

Update snapshot.yml

1 file(s) updated with "$1:8.14.0-d7334334-SNAPSHOT": * testing/environments/snapshot.yml

GitHub Action workflow link
Updatecli logo

Created automatically by Updatecli

Options:

Most of Updatecli configuration is done via its manifest(s).

  • If you close this pull request, Updatecli will automatically reopen it, the next time it runs.
  • If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made.

Feel free to report any issues at github.com/updatecli/updatecli.
If you find this tool useful, do not hesitate to star our GitHub repository as a sign of appreciation, and/or to tell us directly on our chat!

@apmmachine
chore: Update snapshot.yml
4710d93 
Made with ❤️️ by updatecli
@apmmachine apmmachine requested a review from a team as a code owner February 23, 2024 15:09
@apmmachine apmmachine requested review from faec and leehinman February 23, 2024 15:09
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Feb 23, 2024
@apmmachine apmmachine added automation build-monitoring Issues created as part of Build Monitoring dependency backport-skip Skip notification from the automated backport with mergify Team:Beats-On-Call Label for the On Call team labels Feb 23, 2024
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Feb 23, 2024
@apmmachine
chore: Update snapshot.yml
915013b 
Made with ❤️️ by updatecli
@apmmachine apmmachine changed the title [updatecli] update elastic stack version for testing 8.14.0-d7334334 [updatecli] update elastic stack version for testing 8.14.0-496ca828 Feb 26, 2024
@apmmachine
chore: Update snapshot.yml
d10fd70 
Made with ❤️️ by updatecli
@apmmachine apmmachine changed the title [updatecli] update elastic stack version for testing 8.14.0-496ca828 [updatecli] update elastic stack version for testing 8.14.0-8d2ed869 Feb 27, 2024
@apmmachine
chore: Update snapshot.yml
755efc1 
Made with ❤️️ by updatecli
@apmmachine apmmachine changed the title [updatecli] update elastic stack version for testing 8.14.0-8d2ed869 [updatecli] update elastic stack version for testing 8.14.0-226c3ec4 Feb 28, 2024
@elasticmachine
Copy link
Collaborator

elasticmachine commented Feb 28, 2024
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2024-03-13T18:56:29.457+0000

  • Duration: 136 min 34 sec

Test stats 🧪

Test Results
Failed 0
Passed 29167
Skipped 2046
Total 31213

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@apmmachine
chore: Update snapshot.yml
fd275b3 
Made with ❤️️ by updatecli
@apmmachine apmmachine changed the title [updatecli] update elastic stack version for testing 8.14.0-226c3ec4 [updatecli] update elastic stack version for testing 8.14.0-ca4c9a13 Feb 29, 2024
@apmmachine
chore: Update snapshot.yml
856c5f6 
Made with ❤️️ by updatecli
@apmmachine apmmachine changed the title [updatecli] update elastic stack version for testing 8.14.0-ca4c9a13 [updatecli] update elastic stack version for testing 8.14.0-14244116 Mar 1, 2024
@rdner rdner enabled auto-merge (squash) March 4, 2024 14:49
@apmmachine
chore: Update snapshot.yml
83cd6ed 
Made with ❤️️ by updatecli
@apmmachine apmmachine changed the title [updatecli] update elastic stack version for testing 8.14.0-14244116 [updatecli] update elastic stack version for testing 8.14.0-892e41b3 Mar 4, 2024
@rdner
Copy link
Member

rdner commented Mar 4, 2024

@elastic/obs-infraobs-integrations could you have a look at the failing integration tests?

[2024-03-04T16:23:14.736Z] FAILED tests/system/test_modules.py::Test::test_fileset_file_047_iis - AssertionError: The following expected object doesn't match:
[2024-03-04T16:23:14.736Z]    Diff:
[2024-03-04T16:23:14.736Z]   {'dictionary_item_removed': [root['url.extension']]}, full object: 
[2024-03-04T16:23:14.737Z]   {'log.offset': 0, 'destination.address': '192.168.101.101', 'destination.port': 443, 'destination.ip': '192.168.101.101', 'source.geo.region_iso_code': 'GB-ENG', 'source.geo.continent_name': 'Europe', 'source.geo.city_name': 'London', 'source.geo.country_iso_code': 'GB', 'source.geo.country_name': 'United Kingdom', 'source.geo.region_name': 'England', 'source.geo.location.lon': -0.0931, 'source.geo.location.lat': 51.5142, 'source.address': '81.2.69.145', 'source.port': 12345, 'source.ip': '81.2.69.145', 'fileset.name': 'error', 'url.path': '12.2.1', 'url.original': '12.2.1', 'input.type': 'log', 'iis.error.reason_phrase': 'URL', '@timestamp': '2018-05-05T05:05:55.000Z', 'related.ip': ['81.2.69.145', '192.168.101.101'], 'service.type': 'iis', 'http.request.method': 't3', 'http.response.status_code': 400, 'http.version': '0.9', 'event.original': '2018-05-05 05:05:55 81.2.69.145 12345 192.168.101.101 443 HTTP/0.9 t3 12.2.1 400 - URL -', 'event.kind': 'event', 'event.module': 'iis', 'event.category': ['web', 'network'], 'event.type': ['connection'], 'event.dataset': 'iis.error', 'event.outcome': 'failure'}
[2024-03-04T16:23:14.737Z] assert 1 == 0
[2024-03-04T16:23:14.737Z]  +  where 1 = len({'dictionary_item_removed': [root['url.extension']]})

@lalit-satapathy
Copy link
Contributor

@elastic/obs-infraobs-integrations could you have a look at the failing integration tests?

[2024-03-04T16:23:14.736Z] FAILED tests/system/test_modules.py::Test::test_fileset_file_047_iis - AssertionError: The following expected object doesn't match:
[2024-03-04T16:23:14.736Z]    Diff:
[2024-03-04T16:23:14.736Z]   {'dictionary_item_removed': [root['url.extension']]}, full object: 
[2024-03-04T16:23:14.737Z]   {'log.offset': 0, 'destination.address': '192.168.101.101', 'destination.port': 443, 'destination.ip': '192.168.101.101', 'source.geo.region_iso_code': 'GB-ENG', 'source.geo.continent_name': 'Europe', 'source.geo.city_name': 'London', 'source.geo.country_iso_code': 'GB', 'source.geo.country_name': 'United Kingdom', 'source.geo.region_name': 'England', 'source.geo.location.lon': -0.0931, 'source.geo.location.lat': 51.5142, 'source.address': '81.2.69.145', 'source.port': 12345, 'source.ip': '81.2.69.145', 'fileset.name': 'error', 'url.path': '12.2.1', 'url.original': '12.2.1', 'input.type': 'log', 'iis.error.reason_phrase': 'URL', '@timestamp': '2018-05-05T05:05:55.000Z', 'related.ip': ['81.2.69.145', '192.168.101.101'], 'service.type': 'iis', 'http.request.method': 't3', 'http.response.status_code': 400, 'http.version': '0.9', 'event.original': '2018-05-05 05:05:55 81.2.69.145 12345 192.168.101.101 443 HTTP/0.9 t3 12.2.1 400 - URL -', 'event.kind': 'event', 'event.module': 'iis', 'event.category': ['web', 'network'], 'event.type': ['connection'], 'event.dataset': 'iis.error', 'event.outcome': 'failure'}
[2024-03-04T16:23:14.737Z] assert 1 == 0
[2024-03-04T16:23:14.737Z]  +  where 1 = len({'dictionary_item_removed': [root['url.extension']]})

@muthu-mps,

Can you take a look at this failure?

@muthu-mps
Copy link
Contributor

@elastic/obs-infraobs-integrations could you have a look at the failing integration tests?

[2024-03-04T16:23:14.736Z] FAILED tests/system/test_modules.py::Test::test_fileset_file_047_iis - AssertionError: The following expected object doesn't match:
[2024-03-04T16:23:14.736Z]    Diff:
[2024-03-04T16:23:14.736Z]   {'dictionary_item_removed': [root['url.extension']]}, full object: 
[2024-03-04T16:23:14.737Z]   {'log.offset': 0, 'destination.address': '192.168.101.101', 'destination.port': 443, 'destination.ip': '192.168.101.101', 'source.geo.region_iso_code': 'GB-ENG', 'source.geo.continent_name': 'Europe', 'source.geo.city_name': 'London', 'source.geo.country_iso_code': 'GB', 'source.geo.country_name': 'United Kingdom', 'source.geo.region_name': 'England', 'source.geo.location.lon': -0.0931, 'source.geo.location.lat': 51.5142, 'source.address': '81.2.69.145', 'source.port': 12345, 'source.ip': '81.2.69.145', 'fileset.name': 'error', 'url.path': '12.2.1', 'url.original': '12.2.1', 'input.type': 'log', 'iis.error.reason_phrase': 'URL', '@timestamp': '2018-05-05T05:05:55.000Z', 'related.ip': ['81.2.69.145', '192.168.101.101'], 'service.type': 'iis', 'http.request.method': 't3', 'http.response.status_code': 400, 'http.version': '0.9', 'event.original': '2018-05-05 05:05:55 81.2.69.145 12345 192.168.101.101 443 HTTP/0.9 t3 12.2.1 400 - URL -', 'event.kind': 'event', 'event.module': 'iis', 'event.category': ['web', 'network'], 'event.type': ['connection'], 'event.dataset': 'iis.error', 'event.outcome': 'failure'}
[2024-03-04T16:23:14.737Z] assert 1 == 0
[2024-03-04T16:23:14.737Z]  +  where 1 = len({'dictionary_item_removed': [root['url.extension']]})

@muthu-mps,

Can you take a look at this failure?

I am looking into the issue.

@apmmachine
chore: Update snapshot.yml
569e4f3 
Made with ❤️️ by updatecli
@apmmachine apmmachine changed the title [updatecli] update elastic stack version for testing 8.14.0-892e41b3 [updatecli] update elastic stack version for testing 8.14.0-1dcb9209 Mar 5, 2024
@apmmachine
chore: Update snapshot.yml
9541c05 
Made with ❤️️ by updatecli
@apmmachine apmmachine changed the title [updatecli] update elastic stack version for testing 8.14.0-1dcb9209 [updatecli] update elastic stack version for testing 8.14.0-f84a1ada Mar 6, 2024
@muthu-mps
Copy link
Contributor

Observations

The python integrations test failure reported in the IIS error log module. I have performed triaging on the error first to know is this happening only with the IIS logs.

  • No, The failure is reported with the other modules as well which is using the uri_parts ingest node processor.

Logs producing the Error

  • IIS Error log module
    [2024-03-04T16:23:14.737Z] {'log.offset': 0, 'destination.address': '192.168.101.101', 'destination.port': 443, 'destination.ip': '192.168.101.101', 'source.geo.region_iso_code': 'GB-ENG', 'source.geo.continent_name': 'Europe', 'source.geo.city_name': 'London', 'source.geo.country_iso_code': 'GB', 'source.geo.country_name': 'United Kingdom', 'source.geo.region_name': 'England', 'source.geo.location.lon': -0.0931, 'source.geo.location.lat': 51.5142, 'source.address': '81.2.69.145', 'source.port': 12345, 'source.ip': '81.2.69.145', 'fileset.name': 'error', 'url.path': '12.2.1', 'url.original': '12.2.1', 'input.type': 'log', 'iis.error.reason_phrase': 'URL', '@timestamp': '2018-05-05T05:05:55.000Z', 'related.ip': ['81.2.69.145', '192.168.101.101'], 'service.type': 'iis', 'http.request.method': 't3', 'http.response.status_code': 400, 'http.version': '0.9', 'event.original': '2018-05-05 05:05:55 81.2.69.145 12345 192.168.101.101 443 HTTP/0.9 t3 12.2.1 400 - URL -', 'event.kind': 'event', 'event.module': 'iis', 'event.category': ['web', 'network'], 'event.type': ['connection'], 'event.dataset': 'iis.error', 'event.outcome': 'failure'}

  • O365 audit log module
    'log.offset': 10504, 'rule.name': 'Low volume of content detected test', 'rule.id': '8398c03a-a00d-42bb-8f80-ead0ad04e1df', 'fileset.name': 'audit', 'url.path': '/testsiem2.onmicrosoft.com/sharepoint', 'url.original': 'https://example.net/testsiem2.onmicrosoft.com/sharepoint', 'url.scheme': 'https', 'url.domain': 'example.net', 'tags': ['forwarded'], 'o365.audit.ObjectId': '<AM0PR05MB4803CDA6206C2F2FEB36DB5AB8EC0@AM0PR05MB4803.eurprd05.prod.outlook.com>', 'o365.audit.UserKey': '1153801116545789462', 'o365.audit.OrganizationId': '0e1dddce-163e-4b0b-9e33-87ba56ac4655', 'o365.audit.Operation': 'DlpRuleMatch', 'o365.audit.IncidentId': 'c1dc582b-fa61-6020-1800-08d7b966ec64', 'o365.audit.SensitiveInfoDetectionIsIncluded': False, 'o365.audit.Workload': 'Exchange', 'o365.audit.RecordType': 13, 'o365.audit.Version': 1, 'o365.audit.UserId': 'DlpAgent', 'o365.audit.CreationTime': '2020-02-24T20:11:15', 'o365.audit.SharePointMetaData.itemCreationTime': '2020-02-20T11:23:45', 'o365.audit.SharePointMetaData.UniqueID': '8e103f2f-b293-4062-38b8-08d7b965b2fa', 'o365.audit.SharePointMetaData.FileName': 'Company-Internal-Financial.docx', 'o365.audit.SharePointMetaData.FilePathUrl': 'https://example.net/testsiem2.onmicrosoft.com/sharepoint', 'o365.audit.SharePointMetaData.LastModifiedTime': '2020-02-24T12:13:14Z', 'o365.audit.SharePointMetaData.FileOwner': '[email protected]', 'o365.audit.SharePointMetaData.From': '[email protected]', 'o365.audit.PolicyDetails': [{'PolicyName': 'test', 'Rules': [{'Actions': ['NotifyUser'], 'RuleMode': 'Enable', 'RuleId': '8398c03a-a00d-42bb-8f80-ead0ad04e1df', 'ConditionsMatched': {'SensitiveInformation': [{'UniqueCount': 1, 'Confidence': 75, 'Count': 1, 'Location': 'Message Body', 'SensitiveType': '419f449f-6d9d-4be1-a154-b531f7a91b41'}, {'UniqueCount': 1, 'Confidence': 75, 'Count': 1, 'Location': 'Message Body', 'SensitiveType': 'b8fe86d1-c056-453b-bfaa-9fe698699ecc'}], 'OtherConditions': [{'Value': 'IncludeExternalUsers', 'Name': 'AccessScope'}]}, 'Severity': 'Low', 'RuleName': 'Low volume of content detected test'}], 'PolicyId': '88956b36-45b3-4828-bf53-78603c0e5f58'}], 'o365.audit.Id': 'a42123a9-1c07-4dde-9be6-ac71cb9fd16b', 'o365.audit.UserType': 4, 'input.type': 'log', '@timestamp': '2020-02-24T20:11:15.000Z', 'file.inode': '8e103f2f-b293-4062-38b8-08d7b965b2fa', 'file.owner': '[email protected]', 'file.name': 'Company-Internal-Financial.docx', 'file.mtime': '2020-02-24T12:13:14.000Z', 'related.user': ['alice', '[email protected]'], 'service.type': 'o365', 'organization.id': '0e1dddce-163e-4b0b-9e33-87ba56ac4655', 'host.name': 'testsiem2.onmicrosoft.com', 'host.id': '0e1dddce-163e-4b0b-9e33-87ba56ac4655', 'event.severity': 2, 'event.code': 'ComplianceDLPExchange', 'event.provider': 'Exchange', 'event.kind': 'alert', 'event.module': 'o365', 'event.action': 'DlpRuleMatch', 'event.id': 'a42123a9-1c07-4dde-9be6-ac71cb9fd16b', 'event.type': 'access', 'event.category': 'file', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.domain': 'testsiem2.onmicrosoft.com', 'user.name': 'alice', 'user.id': '[email protected]', 'user.email': '[email protected]'

Root Cause

Performed the following steps to identify the root cause of the issue,

  • From the above log trace dictionary_item_removed for url.extension. I have performed the test run against the previous build versions. There is no build error but I was able to trace that the url.extension has incorrect values captured when the url has dot notation in between.
  • But the above issue is there for quite long. This is not causing the build failure then I have started looking into the Elasticsearch ingest node uri_parts processor to verify if something has changed.

Simulate uri_parts processor

Solution

  • Verify and remove the url.extension field from the sample events which has incorrect values. This applies to both the Beats and integrations. Currently based on test failure the issue is observed in IIS and O365 modules.

@muthu-mps muthu-mps mentioned this pull request Mar 7, 2024
Merged
6 tasks
@apmmachine
chore: Update snapshot.yml
288c37b 
Made with ❤️️ by updatecli
@apmmachine apmmachine changed the title [updatecli] update elastic stack version for testing 8.14.0-f84a1ada [updatecli] update elastic stack version for testing 8.14.0-37cbef48 Mar 7, 2024
@apmmachine
chore: Update snapshot.yml
d8c7a78 
Made with ❤️️ by updatecli
@apmmachine apmmachine changed the title [updatecli] update elastic stack version for testing 8.14.0-37cbef48 [updatecli] update elastic stack version for testing 8.14.0-b9699c81 Mar 8, 2024
@apmmachine
chore: Update snapshot.yml
5ed2608 
Made with ❤️️ by updatecli
@apmmachine apmmachine changed the title [updatecli] update elastic stack version for testing 8.14.0-b9699c81 [updatecli] update elastic stack version for testing 8.14.0-8783136e Mar 11, 2024
@apmmachine
chore: Update snapshot.yml
21310e1 
Made with ❤️️ by updatecli
@apmmachine apmmachine changed the title [updatecli] update elastic stack version for testing 8.14.0-8783136e [updatecli] update elastic stack version for testing 8.14.0-faa2d2d3 Mar 12, 2024
@cmacknz
Copy link
Member

cmacknz commented Mar 13, 2024

The failing test were fixed in #38216

@elasticmachine
Copy link
Collaborator

elasticmachine commented Mar 13, 2024
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @apmmachine

@elasticmachine
Copy link
Collaborator

elasticmachine commented Mar 13, 2024
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @apmmachine

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @apmmachine

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @apmmachine

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @apmmachine

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @apmmachine

@rdner rdner merged commit bc5a97f into main Mar 13, 2024
102 of 106 checks passed
@rdner rdner deleted the updatecli_main_bump-elastic-stack-snapshot-main branch March 13, 2024 21:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pierrehilbert pierrehilbert pierrehilbert approved these changes

@faec faec Awaiting requested review from faec faec is a code owner automatically assigned from elastic/elastic-agent-data-plane

@leehinman leehinman Awaiting requested review from leehinman leehinman is a code owner automatically assigned from elastic/elastic-agent-data-plane

Assignees

@apmmachine apmmachine

Labels
automation backport-skip Skip notification from the automated backport with mergify build-monitoring Issues created as part of Build Monitoring dependency Team:Beats-On-Call Label for the On Call team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@apmmachine @elasticmachine @rdner @lalit-satapathy @muthu-mps @cmacknz @pierrehilbert