Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move ecs.version labeling and JSON decoding to Ingest Node #670

Closed
26 tasks done
andrewkroh opened this issue Feb 5, 2021 · 2 comments
Closed
26 tasks done

Move ecs.version labeling and JSON decoding to Ingest Node #670

andrewkroh opened this issue Feb 5, 2021 · 2 comments
Assignees
@P1llus
Labels
release-pending

Comments

@andrewkroh
Copy link
Member

andrewkroh commented Feb 5, 2021
edited
Loading

Convert edge processing to Ingest Node pipeline

These packages may use a Beat processor or two to add the ecs.version field or
decode JSON. We want to migrate that into the Ingest Node pipeline that is part
of the package to make reuse easier (e.g. data from Kafka could be routed
through the pipeline).

Data Streams
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@P1llus P1llus self-assigned this Apr 12, 2021
@andrewkroh
Copy link
Member Author

It looks like Zoom and System/auth are the two remaining packages that need to have their processors moved over to Ingest Node.

@andrewkroh andrewkroh mentioned this issue Aug 2, 2021
Merged
3 tasks
leehinman added a commit to leehinman/integrations that referenced this issue Aug 4, 2021
@leehinman
move processing to pipeline
ccbfe0c 
- remove extraneous filebeat json processor
- update tests
- change ecs field definitions to use external definitions

Relates elastic#670
leehinman added a commit that referenced this issue Aug 5, 2021
@leehinman
zoom update to ECS 1.11.0 (#1430)
86bd339 
* Set ecs.version to 1.11.0

- change setting ecs.version to pipeline
- remove extraneous filebeat json processor
- update tests
- change ecs field definitions to use external definitions
- add preserve original event option and set tag

Relates #670
eyalkraft pushed a commit to build-security/integrations that referenced this issue Mar 30, 2022
@leehinman
zoom update to ECS 1.11.0 (elastic#1430)
f98fea2 
* Set ecs.version to 1.11.0

- change setting ecs.version to pipeline
- remove extraneous filebeat json processor
- update tests
- change ecs field definitions to use external definitions
- add preserve original event option and set tag

Relates elastic#670
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@P1llus P1llus

Labels
release-pending
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andrewkroh @P1llus @elasticmachine