From 8af7d19d02c8516dcb28ab92fec2de578bc32ec8 Mon Sep 17 00:00:00 2001 From: muthu-mps <101238137+muthu-mps@users.noreply.github.com> Date: Wed, 13 Mar 2024 12:43:15 +0530 Subject: [PATCH] filebeat/module/{iis,o365}: Fix uri_parts ingest pipeline processor output wrong extension (#38216) * Fix incorrect values in url-extensions * updated the effected version in snapshots.yml --- CHANGELOG.next.asciidoc | 1 + .../module/iis/error/test/iis_error_url.log-expected.json | 4 +--- testing/environments/snapshot.yml | 6 +++--- .../o365/audit/test/13-dlp-exchange.log-expected.json | 3 +-- 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 36808ed17a1..2a4f76c2b69 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -100,6 +100,7 @@ fields added to events containing the Beats version. {pull}37553[37553] - Prevent HTTPJSON holding response bodies between executions. {issue}35219[35219] {pull}38116[38116] - Fix "failed processing S3 event for object key" error on aws-s3 input when key contains the "+" character {issue}38012[38012] {pull}38125[38125] - Fix duplicated addition of regexp extension in CEL input. {pull}38181[38181] +- Fix the incorrect values generated by the uri_parts processor. {pull}38216[38216] *Heartbeat* diff --git a/filebeat/module/iis/error/test/iis_error_url.log-expected.json b/filebeat/module/iis/error/test/iis_error_url.log-expected.json index cc721314175..88509d87dc5 100644 --- a/filebeat/module/iis/error/test/iis_error_url.log-expected.json +++ b/filebeat/module/iis/error/test/iis_error_url.log-expected.json @@ -39,7 +39,6 @@ "source.geo.region_name": "England", "source.ip": "81.2.69.145", "source.port": 12345, - "url.extension": "1", "url.original": "12.2.1", "url.path": "12.2.1" }, @@ -83,7 +82,6 @@ "source.geo.region_name": "England", "source.ip": "81.2.69.145", "source.port": 12345, - "url.extension": "/", "url.original": "./././././../../../../../../../../", "url.path": "./././././../../../../../../../../" }, @@ -343,4 +341,4 @@ "url.original": "/fee&fie=foe", "url.path": "/fee&fie=foe" } -] \ No newline at end of file +] diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml index fd3c6007409..859e94b0672 100644 --- a/testing/environments/snapshot.yml +++ b/testing/environments/snapshot.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.14.0-74a79bf3-SNAPSHOT + image: docker.elastic.co/elasticsearch/elasticsearch:8.14.0-b9699c81-SNAPSHOT # When extend is used it merges healthcheck.tests, see: # https://github.com/docker/compose/issues/8962 # healthcheck: @@ -31,7 +31,7 @@ services: - "./docker/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles" logstash: - image: docker.elastic.co/logstash/logstash:8.14.0-74a79bf3-SNAPSHOT + image: docker.elastic.co/logstash/logstash:8.14.0-b9699c81-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 600 @@ -44,7 +44,7 @@ services: - 5055:5055 kibana: - image: docker.elastic.co/kibana/kibana:8.14.0-74a79bf3-SNAPSHOT + image: docker.elastic.co/kibana/kibana:8.14.0-b9699c81-SNAPSHOT environment: - "ELASTICSEARCH_USERNAME=kibana_system_user" - "ELASTICSEARCH_PASSWORD=testing" diff --git a/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json b/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json index 6eae8240451..c6d25a2cc57 100644 --- a/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json @@ -792,7 +792,6 @@ "forwarded" ], "url.domain": "example.net", - "url.extension": "com/sharepoint", "url.original": "https://example.net/testsiem2.onmicrosoft.com/sharepoint", "url.path": "/testsiem2.onmicrosoft.com/sharepoint", "url.scheme": "https", @@ -801,4 +800,4 @@ "user.id": "alice@testsiem2.onmicrosoft.com", "user.name": "alice" } -] \ No newline at end of file +]