Skip to content

fix(platformlogs) workaround the invalid field names from Azure Native ISV#14961

Merged
zmoog merged 7 commits intomainfrom
zmoog/fix/azure/platformlogs/fix-azure-native-isv-issues
Aug 20, 2025
Merged

fix(platformlogs) workaround the invalid field names from Azure Native ISV#14961
zmoog merged 7 commits intomainfrom
zmoog/fix/azure/platformlogs/fix-azure-native-isv-issues

Conversation

@zmoog
Copy link
Contributor

@zmoog zmoog commented Aug 18, 2025
edited
Loading

Proposed commit message

Renames the field names coming from the Azure Native ISV from the current names to the expected names:

Current Expected
dataStream data_stream
azureLogForwarder azure_log_forwarder
timestamp @timestamp

It seems that Azure updated their Elasticsearch client, but they probably missed mapping the above field to the expected names we were using before.

While we wait for a proper fix on the Azure side, we are shipping this workaround.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@zmoog zmoog self-assigned this Aug 18, 2025
@zmoog zmoog added Integration:azure Azure Logs bugfix Pull request that fixes a bug issue Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] labels Aug 18, 2025
@zmoog zmoog marked this pull request as ready for review August 19, 2025 14:29
@zmoog zmoog requested review from a team as code owners August 19, 2025 14:29
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 19, 2025
edited
Loading

🚀 Benchmarks report

Package azure 👍(9) 💚(1) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
auditlogs 2053.39 1322.75 -730.64 (-35.58%) 💔
platformlogs 4524.89 3703.7 -821.19 (-18.15%) 💔

To see the full report comment with /test benchmark fullreport

@andrewkroh andrewkroh added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] labels Aug 19, 2025
@muthu-mps
Copy link
Contributor

muthu-mps commented Aug 19, 2025

@zmoog - Can we add changelog entry?

@zmoog
Copy link
Contributor Author

zmoog commented Aug 19, 2025

@zmoog - Can we add changelog entry?

Added.

@zmoog zmoog force-pushed the zmoog/fix/azure/platformlogs/fix-azure-native-isv-issues branch from d839754 to 6bcdff3 Compare August 19, 2025 18:25
@elasticmachine
Copy link

elasticmachine commented Aug 19, 2025

💚 Build Succeeded

History

cc @zmoog

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Aug 19, 2025

Quality Gate failed Quality Gate failed

Failed conditions
66.7% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

muthu-mps
muthu-mps approved these changes Aug 20, 2025
View reviewed changes
Copy link
Contributor

@muthu-mps muthu-mps left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • As we are using sample event from FunctionappLogs category for validations. Is there a possibility to get different response format for other categories?
  • Change looks good to me!

chemamartinez
chemamartinez approved these changes Aug 20, 2025
View reviewed changes
Copy link
Contributor

@chemamartinez chemamartinez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@zmoog
Copy link
Contributor Author

zmoog commented Aug 20, 2025

  • As we are using sample event from FunctionappLogs category for validations. Is there a possibility to get different response format for other categories?

I confirm Azure is sending the same invalid field names (timestamp, azureLogForwarder, etc) for other categories as well.

image

@zmoog zmoog merged commit a255b11 into main Aug 20, 2025
8 of 9 checks passed
@zmoog zmoog deleted the zmoog/fix/azure/platformlogs/fix-azure-native-isv-issues branch August 20, 2025 09:45
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 20, 2025

Package azure - 1.28.4 containing this change is available at https://epr.elastic.co/package/azure/1.28.4/

tehbooom pushed a commit to tehbooom/integrations that referenced this pull request Nov 19, 2025
@zmoog
fix(platformlogs) workaround the invalid field names from Azure Nativ…
6dcecb0 
…e ISV (elastic#14961)

Renames the field names coming from the Azure Native ISV from the current names to the expected names:

| Current | Expected |
|--------|--------|
| `dataStream` | `data_stream` |
| `azureLogForwarder` | `azure_log_forwarder` | 
| `timestamp` | `@timestamp` |

It seems that Azure updated their Elasticsearch client, but they probably missed mapping the above field to the expected names we were using before.

While we wait for a proper fix on the Azure side, we are shipping this workaround.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

@chemamartinez chemamartinez chemamartinez approved these changes

@muthu-mps muthu-mps muthu-mps approved these changes

Assignees

@zmoog zmoog

Labels

bugfix Pull request that fixes a bug issue documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:azure Azure Logs Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@zmoog @muthu-mps @elasticmachine @kaiyan-sheng @chemamartinez @andrewkroh