Fix Sign-in logs location.state field to region field#13439
Fix Sign-in logs location.state field to region field#13439muthu-mps merged 5 commits intoelastic:mainfrom
Conversation
🚀 Benchmarks reportTo see the full report comment with |
packages/azure/data_stream/signinlogs/elasticsearch/ingest_pipeline/default.yml
Show resolved
Hide resolved
Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>
|
/test |
|
@muthu-mps , could you check the dependency of the removed field on the dashboard, especially : kibana/dashboard/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646.json ? |
|
Suggestion: I understand that the field As with the case mentioned here, to minimize the impact, do you want to consider first deprecating the field |
|
💚 Build Succeeded
History
cc @muthu-mps |
This is not related to the Do we have similar filed mapping issue for activity logs?While looking into the ingest processor there is no incorrect mapping to the state field. Eventually, we need to revisit the activity logs data stream as well but not as part of this PR. 
|
I am not sure that we can remove this field. This is kept for backward compatibility as mentioned here. |
efd6
left a comment
There was a problem hiding this comment.
LGTM for security-service-integrations owned files.
|
Package azure - 1.23.1 containing this change is available at https://epr.elastic.co/package/azure/1.23.1/ |
Proposed commit message
Add a new field
region_nameto map the location.state data to this field. Initially this was mapped tocountry_namewhich is not appropriate.Added script to drop the null/empty values in the document and updated with more descriptive on_failure error message.
Checklist
changelog.ymlfile.Author's Checklist
Install the integration and verify the signin logs captures the state in region_name field instead of country_name.