[Azure] [Audit Logs] Update Azure Audit Logs pipeline with support for initiated_by user fields by lucian-ioan · Pull Request #9701 · elastic/integrations

lucian-ioan · 2024-04-24T15:23:11Z

Proposed commit message

Update Azure Audit Logs pipeline with support for initiated_by user fields.

Checklist

I have reviewed tips for building integrations and this pull request is aligned with them.
I have verified that all data streams collect metrics or logs.
I have added an entry to my package's changelog.yml file.
I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

[ ]

How to test this PR locally

Related issues

Closes beats #37249

Screenshots

These fields are currently not supported by the pipeline:

…onal_field

elasticmachine · 2024-04-24T16:10:37Z

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

muthu-mps · 2024-04-26T08:57:00Z

packages/azure/data_stream/auditlogs/elasticsearch/ingest_pipeline/default.yml

      ignore_missing: true
+  - rename:
+      field: azure.auditlogs.properties.resultDescription
+      target_field: azure.auditlogs.properties.result_description


The result_description field isn't there in the fields.yml. Including this field to the pipeline test would help to trace the missing fields.

muthu-mps

looks good.

muthu-mps · 2024-04-30T10:15:56Z

packages/azure/data_stream/auditlogs/_dev/test/pipeline/test-auditlogs-raw.log-expected.json

+                        "correlation_id": "8a4de8b5-095c-47d0-a96f-a75130c61d53",
+                        "id": "Directory_ESQ",
+                        "initiated_by": {
+                            "user": {


The fields inside initiated_by doesn't apply the naming standard but the rest of the fields does in audit logs. This is existing and not relevant to this PR. Lets figure out a way to address this issue.

elasticmachine · 2024-05-01T21:34:10Z

💚 Build Succeeded

Buildkite Build
Commit: bf13cae

History

💚 Build #10893 succeeded b52f82f
💚 Build #10771 succeeded 362955d
💔 Build #10770 failed 01a0cde

cc @lucian-ioan

elastic-sonarqube · 2024-05-01T21:34:10Z

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

elasticmachine · 2024-05-01T21:46:44Z

Package azure - 1.11.3 containing this change is available at https://epr.elastic.co/search?package=azure

lucian-ioan added 4 commits April 24, 2024 18:12

update pipeline and fields

e4329f5

update tests

de3330b

Merge remote-tracking branch 'origin' into azure_auditlogs_add_additi…

9ca2418

…onal_field

add changelog

b76c3fb

lucian-ioan added the Integration:azure Azure Logs label Apr 24, 2024

lucian-ioan self-assigned this Apr 24, 2024

lucian-ioan mentioned this pull request Apr 24, 2024

Add additional logs in filebeat for Azure Audit Logs elastic/beats#38835

Closed

6 tasks

add pull number

01a0cde

lucian-ioan marked this pull request as ready for review April 24, 2024 15:30

lucian-ioan requested review from a team as code owners April 24, 2024 15:30

package build

362955d

muthu-mps reviewed Apr 26, 2024

View reviewed changes

add result_description field

b52f82f

lucian-ioan requested a review from muthu-mps April 29, 2024 08:46

muthu-mps approved these changes Apr 30, 2024

View reviewed changes

muthu-mps changed the title ~~[Azure] [Audit Logs] Update Azure Audit Logs pipeline with support for more fields~~ [Azure] [Audit Logs] Update Azure Audit Logs pipeline with support for initiated_by user fields Apr 30, 2024

lucian-ioan added 3 commits May 2, 2024 00:13

merge main

7ce141e

update manifest

f8a003a

explicit change description

bf13cae

lucian-ioan enabled auto-merge (squash) May 1, 2024 21:19

lucian-ioan merged commit 6e5b929 into elastic:main May 1, 2024

lucian-ioan mentioned this pull request May 7, 2024

[Azure Logs] Audit Logs ingestion issue elastic/beats#37478

Closed

lucian-ioan deleted the azure_auditlogs_add_additional_field branch February 6, 2025 19:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Azure] [Audit Logs] Update Azure Audit Logs pipeline with support for initiated_by user fields#9701

[Azure] [Audit Logs] Update Azure Audit Logs pipeline with support for initiated_by user fields#9701
lucian-ioan merged 10 commits intoelastic:mainfrom
lucian-ioan:azure_auditlogs_add_additional_field

lucian-ioan commented Apr 24, 2024 •

edited by muthu-mps

Loading

Uh oh!

elasticmachine commented Apr 24, 2024 •

edited

Loading

Uh oh!

muthu-mps Apr 26, 2024

Uh oh!

muthu-mps left a comment

Uh oh!

muthu-mps Apr 30, 2024

Uh oh!

elasticmachine commented May 1, 2024

Uh oh!

elastic-sonarqube bot commented May 1, 2024

Uh oh!

elasticmachine commented May 1, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

lucian-ioan commented Apr 24, 2024 • edited by muthu-mps Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Proposed commit message

Checklist

Author's Checklist

How to test this PR locally

Related issues

Screenshots

Uh oh!

elasticmachine commented Apr 24, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🚀 Benchmarks report

Uh oh!

muthu-mps Apr 26, 2024

Choose a reason for hiding this comment

Uh oh!

muthu-mps left a comment

Choose a reason for hiding this comment

Uh oh!

muthu-mps Apr 30, 2024

Choose a reason for hiding this comment

Uh oh!

elasticmachine commented May 1, 2024

💚 Build Succeeded

History

Uh oh!

elastic-sonarqube bot commented May 1, 2024

Quality Gate passed

Uh oh!

elasticmachine commented May 1, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

lucian-ioan commented Apr 24, 2024 •

edited by muthu-mps

Loading

elasticmachine commented Apr 24, 2024 •

edited

Loading