Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] system/auth module - Remove redundant grok wildcard #34550

Merged
merged 2 commits into from
Feb 16, 2023
Merged

[Filebeat] system/auth module - Remove redundant grok wildcard #34550

merged 2 commits into from
Feb 16, 2023

Conversation

TotalKnob
Copy link
Contributor

@TotalKnob TotalKnob commented Feb 10, 2023
edited
Loading

What does this PR do?

The Grok pattern of filebeat had a redundant operator in the pattern, %{SPACE}+, resulting in the regex (?:\s*)+ which has the + as a redundant operator.

This issue is fixed by removing the redundant + operator.

Why is it important?

"Without this change, when the module's ingest pipelines are setup in Elasticsearch, the Elasticsearch server logs get flooded with warnings" #15900

Checklist

  • My code follows the style guidelines of this project
    -[ ] I have commented my code, particularly in hard-to-understand areas
    -[ ] I have made corresponding changes to the documentation
    -[ ] I have made corresponding change to the default configuration files
    -[ ] I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

#34249, #15840
Closes #34249

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Feb 10, 2023
@mergify
Copy link
Contributor

mergify bot commented Feb 10, 2023

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @TotalKnob? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@elasticmachine
Copy link
Collaborator

elasticmachine commented Feb 10, 2023
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-02-14T18:16:59.265+0000

  • Duration: 68 min 22 sec

Test stats 🧪

Test Results
Failed 0
Passed 7555
Skipped 746
Total 8301

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@TotalKnob TotalKnob force-pushed the fixFilebeatRedundantOperator branch from 09d46d0 to ed8bcfa Compare February 10, 2023 09:53
@TotalKnob TotalKnob marked this pull request as ready for review February 10, 2023 09:57
@TotalKnob TotalKnob requested a review from a team as a code owner February 10, 2023 09:57
@TotalKnob TotalKnob requested review from fearful-symmetry and faec and removed request for a team February 10, 2023 09:57
@TotalKnob TotalKnob mentioned this pull request Feb 10, 2023
Closed
@cmacknz cmacknz requested a review from andrewkroh February 10, 2023 20:20
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Feb 10, 2023
@cmacknz cmacknz requested review from leehinman and removed request for fearful-symmetry and faec February 10, 2023 20:21
@cmacknz
Copy link
Member

cmacknz commented Feb 10, 2023

/test

@cmacknz
Copy link
Member

cmacknz commented Feb 14, 2023

/test

ShourieG
ShourieG approved these changes Feb 15, 2023
View reviewed changes
Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@andrewkroh andrewkroh changed the title Remove Redundant Operator Filebeat [Filebeat] system/auth module - Remove redundant grok wildcard Feb 15, 2023
andrewkroh
andrewkroh approved these changes Feb 15, 2023
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The same change needs to be made to the system integration at

https://github.com/elastic/integrations/blob/5fca8c0314ab3ca2f184aea5eb2fa63e26954aee/packages/system/data_stream/auth/elasticsearch/ingest_pipeline/default.yml#L17

@andrewkroh andrewkroh mentioned this pull request Feb 16, 2023
Closed
@andrewkroh andrewkroh merged commit 149e425 into elastic:main Feb 16, 2023
chrisberkhout pushed a commit that referenced this pull request Jun 1, 2023
@TotalKnob @ShourieG @chrisberkhout
system/auth - remove redundant regex wildcard (#34550)
1160b0b 
The grok pattern of filebeat had a redundant operator in the pattern, %{SPACE}+, resulting in the regex (?:\s*)+ which has the + as a redundant operator.

Co-authored-by: ShourieG <105607378+ShourieG@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShourieG ShourieG ShourieG approved these changes

@andrewkroh andrewkroh andrewkroh approved these changes

@leehinman leehinman Awaiting requested review from leehinman

Assignees

@TotalKnob TotalKnob

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[bug][filebeat] regular expression has redundant nested repeat operator for system.auth.timestamp
5 participants
@TotalKnob @elasticmachine @cmacknz @andrewkroh @ShourieG