Skip to content

[cisco_secure_email_gateway] Support SplunkGIS logs, improve log file name handling#14177

Merged
taylor-swanson merged 2 commits intoelastic:mainfrom
taylor-swanson:fix/cisco-email-grok
Jun 6, 2025
Merged

[cisco_secure_email_gateway] Support SplunkGIS logs, improve log file name handling#14177
taylor-swanson merged 2 commits intoelastic:mainfrom
taylor-swanson:fix/cisco-email-grok

Conversation

@taylor-swanson
Copy link
Contributor

@taylor-swanson taylor-swanson commented Jun 6, 2025
edited
Loading

  • Add support for SplunkGIS logs, which are a variation of the existing consolidated_event logs and therefore use that existing pipeline
  • Tolerate errors from the grok pattern that handles parsing the log file name. At least for SplunkGIS logs, the log category is contained within the log message itself.
  • Add 'rfc1918' to the list of exceptions for the cfp1 convert processor.
  • Fix up some error messages to be more descriptive.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
    - [ ] I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

cd packages/cisco_secure_email_gateway
elastic-package test

@taylor-swanson
[cisco_secure_email_gateway] Support SplunkGIS logs, improve log file…
0259409 
… name handling

- Add support for SplunkGIS logs, which are a variation of the existing consolidated_event logs
and therefore use that existing pipeline
- Tolerate errors from the grok pattern that handles parsing the log file name. At least for
SplunkGIS logs, the log category is contained within the log message itself.
- Add 'rfc1918' to the list of exceptions for the cfp1 convert processor.
- Fix up some error messages to be more descriptive.
@taylor-swanson taylor-swanson self-assigned this Jun 6, 2025
@taylor-swanson taylor-swanson requested a review from a team as a code owner June 6, 2025 13:48
@taylor-swanson taylor-swanson added enhancement New feature or request Integration:cisco_secure_email_gateway Cisco Secure Email Gateway Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices] labels Jun 6, 2025
@elasticmachine
Copy link

elasticmachine commented Jun 6, 2025

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Jun 6, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Jun 6, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
57.1% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

elasticmachine commented Jun 6, 2025

💚 Build Succeeded

cc @taylor-swanson

@taylor-swanson taylor-swanson merged commit 7eea3ec into elastic:main Jun 6, 2025
7 checks passed
@taylor-swanson taylor-swanson deleted the fix/cisco-email-grok branch June 6, 2025 16:06
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Jun 6, 2025

Package cisco_secure_email_gateway - 1.27.0 containing this change is available at https://epr.elastic.co/package/cisco_secure_email_gateway/1.27.0/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dwhyrock dwhyrock dwhyrock approved these changes

Assignees

@taylor-swanson taylor-swanson

Labels

enhancement New feature or request Integration:cisco_secure_email_gateway Cisco Secure Email Gateway Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@taylor-swanson @elasticmachine @dwhyrock