Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix convert processor conversion of string with leading zeros to integer #15557

Merged
merged 4 commits into from
Jan 15, 2020

Conversation

adriansr
Copy link
Contributor

@adriansr adriansr commented Jan 14, 2020

The conversion failed when for strings with leading zeros and a decimal digit 8 or 9, as the underlying runtime function would try to parse that as an octal number.

This is fixed by only allowing decimal and hex, which in turns makes the processor more aligned to its Elasticsearch counterpart.

Fixes #15513

@adriansr adriansr added bug review needs_backport PR is waiting to be backported to other branches. Team:SIEM labels Jan 14, 2020
@adriansr adriansr requested a review from andrewkroh January 14, 2020 21:31
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@adriansr adriansr changed the title Fix convert processor conversion of string to integer with leading zeros Fix convert processor conversion of string with leading zeros to integer Jan 14, 2020
The conversion failed when for strings with leading zeroes and a decimal
digit 8 or 9, as the underlying runtime function would try to parse that
as an octal number.

This is fixed by only allowing decimal and hex, which in turns makes the
processor more aligned to its Elasticsearch counterpart.

Fixes elastic#15513
@adriansr adriansr force-pushed the fix_cisco_ios_octal branch from 468df80 to de47173 Compare January 14, 2020 21:34
// Helper to interpret a string as either base-10 or base-16.
func strToInt(v string, bitSize int) (int64, error) {
base := 10
if strings.IndexAny(v, "xX") != -1 {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering if we should check to see if prefix is "0x"||"0X"? It seems odd that we would assume 0x if we found an x anywhere in the string

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checking for a 0x prefix will require to also account for an optional -+ sign first, so we will end up duplicating most of the parsing that strconv.ParseInt does.

By just checking for an x and passing it to ParseInt, we are already sure that it's either an hex number or an not a number at all, so ParseInt will take care of that for us.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think a more strict check would be clearer.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@asr That makes sense then. How about just clearing up that comment below to also include 0X (I was reading that in a very strict sense).

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess you meant @adriansr.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@asr I'm sorry. And sorry for all the times I'll probably accidentally do that in the future. 🤦‍♂ slack handle != github handle

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in retrospect it was silly to use strings.IndexAny on the whole string for something so simple, which has a lot of overhead. I've ended up checking for the prefix as you said 😅

@@ -151,6 +151,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fix bug with potential concurrent reads and writes from event.Meta map by Kafka output. {issue}14542[14542] {pull}14568[14568]
- Fix spooling to disk blocking infinitely if the lock file can not be acquired. {pull}15338[15338]
- Fix `metricbeat test output` with an ipv6 ES host in the output.hosts. {pull}15368[15368]
- Fix `convert` processor conversion of string to integer with leading zeros. {issue}15513[15513]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add pull too?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@@ -403,3 +403,13 @@ func cloneValue(value interface{}) interface{} {
return value
}
}

// Helper to interpret a string as either base-10 or base-16.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: can you use the strToInt blah blah godoc format here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

// Helper to interpret a string as either base-10 or base-16.
func strToInt(v string, bitSize int) (int64, error) {
base := 10
if strings.IndexAny(v, "xX") != -1 {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think a more strict check would be clearer.

func strToInt(v string, bitSize int) (int64, error) {
base := 10
if strings.IndexAny(v, "xX") != -1 {
// strconv.ParseInt only accepts the '0x' prefix when base is 0.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// strconv.ParseInt only accepts the '0x' prefix when base is 0.
// strconv.ParseInt will accept the '0x' or '0X` prefix only when base is 0.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for fixing this processor.

@adriansr adriansr merged commit e0071b5 into elastic:master Jan 15, 2020
adriansr added a commit to adriansr/beats that referenced this pull request Jan 15, 2020
…ger (elastic#15557)

The conversion failed when for strings with leading zeroes and a decimal
digit 8 or 9, as the underlying runtime function would try to parse that
as an octal number.

This is fixed by only allowing decimal and hex, which in turns makes the
processor more aligned to its Elasticsearch counterpart.

Fixes elastic#15513

(cherry picked from commit e0071b5)
@adriansr adriansr added v7.6.0 and removed needs_backport PR is waiting to be backported to other branches. labels Jan 15, 2020
adriansr added a commit to adriansr/beats that referenced this pull request Jan 15, 2020
…ger (elastic#15557)

The conversion failed when for strings with leading zeroes and a decimal
digit 8 or 9, as the underlying runtime function would try to parse that
as an octal number.

This is fixed by only allowing decimal and hex, which in turns makes the
processor more aligned to its Elasticsearch counterpart.

Fixes elastic#15513

(cherry picked from commit e0071b5)
adriansr added a commit that referenced this pull request Jan 15, 2020
…ger (#15557) (#15566)

The conversion failed when for strings with leading zeroes and a decimal
digit 8 or 9, as the underlying runtime function would try to parse that
as an octal number.

This is fixed by only allowing decimal and hex, which in turns makes the
processor more aligned to its Elasticsearch counterpart.

Fixes #15513

(cherry picked from commit e0071b5)
adriansr added a commit that referenced this pull request Jan 15, 2020
…ger (#15557) (#15567)

The conversion failed when for strings with leading zeroes and a decimal
digit 8 or 9, as the underlying runtime function would try to parse that
as an octal number.

This is fixed by only allowing decimal and hex, which in turns makes the
processor more aligned to its Elasticsearch counterpart.

Fixes #15513

(cherry picked from commit e0071b5)
mtojek added a commit that referenced this pull request Jan 31, 2020
* [Filebeat] Fixes for NetFlow v9 devices from various vendors (#15449)

- Allow for zero scope fields in options template

NetFlow v9 spec allows for options templates that contain no scope
fields. The netflow input was treating this case as an error and
discarding the template, but that is only applicable to IPFIX.

- Use additional fields to populate bytes/pkt counters

Some devices out there (Cisco NSEL) use fields 231/232 as bytes
counters, when those are supposed to be layer 4 payload counters.

This updates the ECS fields populator to use those fields when the
expected ones are not found.

- Support a classId of 32 bits

While the spec mandates a classId of 8 bits, some Cisco ASA devices
actually use a 32 bit version of this field.

This patches the field to allow up to 32-bit integers and updates the
index pattern to use `long` for the `netflow.class_id` field.

- Add more fields from v9 Cisco devices

Fixes #14212

* update settings for `decode_csv_fields` (#15249) (#15550)

Co-authored-by: DeDe Morton <dede.morton@elastic.co>

Co-authored-by: Sophia Xu <sophia.xu@elastic.co>

* docs: updates to output config (#15272)

* [Filebeat] Handle error message in handleS3Objects function (#15545)

* Handle error message in handleS3Objects function

* remove s3Context.Fail and use setError and done instead

* Add changelog

* Fix use of wrong fields in Cisco ASA dashboard (#15553)

This dashboard wasn't updated after a couple of fields were renamed.

Fixes: #15420

* Add test for publisher spool encode and decode. (#15534)

* Add test for publisher queue encode and decode.

* Run mage fmt.

* Fixes from code review.

* Fix convert processor conversion of string with leading zeros to integer (#15557)

The conversion failed when for strings with leading zeroes and a decimal
digit 8 or 9, as the underlying runtime function would try to parse that
as an octal number.

This is fixed by only allowing decimal and hex, which in turns makes the
processor more aligned to its Elasticsearch counterpart.

Fixes #15513

* New mage target: generate pkg file to test the manager (#15580)

This PR adds a new mage target to Functionbeat named `buildPkgForFunction`. It generates the folder `pkg` with the functions to make testing the manager more comfortable during development.

* Packetbeat TLS: Replace array fields with keyword (#15597)

Use of `type: array` in some fields (which was inconsistent) causes
those fields to be excluded from the template. This prevents pointing
aliases to those fields, which we need in 7.6+.

Setting those fields to `keyword` explicitly so that they are included
in the template.

Fixes #15588

* Add a pull request template providing valuable information when reviewing a PR (#15388)

* Add a PR template that provides valuable information when reviewing a PR

* Add CLA check

* Fix typo

* Address comments during review

* SF: Fix typo

* Add deprecation as PR type

* Make it clear how to strike through in markdown

* Add default configuration files to the checklist

* [Metricbeat] Implement IBM MQ module  (#15301)

* Modify cockroachdb source

* Define testdata

* Do not publish ports

* Update docs

* mage fmt update

* Describe containerized environment

* Update CHANGELOG.next.asciidoc

Co-Authored-By: Chris Mark <chrismarkou92@gmail.com>

* Update data.json

* Rename image

* Update source after review

* Filter ibmmq_ metrics

* mage check

* Fix: mage check

* Don't expose port

* Rename status to qmgr

* Add subscriptions overview dashboard for IBM MQ module

* Add calls, messages overview dashboard for IBM MQ module

* Add screenshots

* Fix: mage check

* Fix: CHANGELOG

* Add explanation

* Fix: mage check

Co-authored-by: Chris Mark <chrismarkou92@gmail.com>

* Cleanup changelogs for master (#15617)

* Cleanup changelogs for master
* Remove extra header in CHANGELOG.asciidoc

* [Metricbeat] Add lambda metricset in aws module (#15260)

* Add lambda metricset

* Adds missing imports (#15624)

* [docs] Clarify privileges required for the writer role (#15604)

* Mask password discovered via module autodiscover hint (#15616)

* Mask password is string representation of config

* Rename method

* Adding unit test

* Use const for module config password setting name

* Using common.DebugString

* Simplifying

* Removing now-invalid unit test

* Removing now-unnecessary const

* Refactoring: moving debug-related var and func to common file

* Refactoring: rename from black list to mask list

* Implement fmt.Formatter for common.MapStr

* Reintroduce debug statement

* Make MarshalLogObject always filter MapStr object for logging purposes

* Refactoring: renaming to be bit more generic

* Forgot to add license header to new file

* Fixing verb syntax

* Update KQL to get estimated cost without dimension ServiceName (#15640)

* Adding monitoring.cloud.* settings to reference files (#15648)

* Adding monitoring.cloud.* settings to reference files

* Missed winlogbeat somehow

* Missed x-pack/winlogbeat

* remove lablels (#15644)

* Fix panic: don't send events if client is nil (#15568)

* Fix panic: don't send events if client is nil

* Use mutex

* Add CHANGELOG entry

* Rename changelog entry

* Fix: changelog

* Temporarily use specific logstash release

* [Metricbeat] Add Istio mesh metricset (#15535)

* [Metricbeat] Fix changelog (#15681)

* Fix changelog

* ci: use APM pipeline library (#15636)

it uses APM pipeline library configured in the instance

* AWS Lambda: downgrade Kibana dashboard (#15682)

* AWS Lambda: downgrade Kibana dashboard

* Downgrade other AWS dashboards

* Log command error if setup dashboards fails

* Another downgrade

* Use github.com/godror/godror instead of goracle.v2 (#15683)

From the README of goracle:

> Goracle is deprecated because of naming (trademark) issues.

From now on we are using github.com/godror/godror instead.

* Move pdh query to shared location in order for new modules/metricsets to reuse (#15503)

* Move pdh query to shared location

* Update changelog

* Fix make update

* mage fmt

* fix changelog

* Remove datasource option from SQL module and add tests (#15686)

Remove datasource option from SQL module. This option was
intended to set the DSN of a database connection, and we were
ignoring the hosts setting. In other SQL modules we are using
the values in hosts as DSNs, do here the same for consistency.
Host is redacted when we cannot parse it as it can contain passwords.

StandardizeEvent is exposed in mbtest.Fetcher interface so we can
more easily check contents of events in tests.

Add integration tests of the module with MySQL and PostgreSQL.

Add real data.json with data from MySQL and PostgreSQL.

* [metricbeat] add service metricset to reference documentation  (#15643)

* add service metricset to ref docs

* update xpack docs

* [metricbeat] Add divide by zero check to docker/diskio (#15649)

* add NaN check to docker/diskio

* return 0

* Change joda style pattern to java style (#15695)

since 7.0 elasticsearch is using java.time style patterns.
YYYY becomes yyyy

* [DOCS] Add missing config options to shared file (#15136)

* [DOCS] Add missing config options to shared file

* Add fixes from review

* Run mage fmt update to fix build error

* [Heartbeat] Support for multiple status codes #13595 (#15587)

Allow for multiple status codes in config. Fixes #13595

* Add missing changelog entry for #15587 (#15721)

* Update github.com/godror/godror to v0.10.4 (#15737)

## What does this PR do?

This PR updates the dependency `github.com/godror/godror` to v0.10.4.

## Why is it important?

Packaging of Metricbeat fails due to the issue in the `godror` version we are currently using. See more about the problem: godror/godror#8

* Collect normalized CPU percentages by default (#15729)

* Collect normalized CPU percentages by default

* Adding CHANGELOG entry

* Updating x-pack/metricbeat

* Fix: mage check

* Detect Eclipse Public License

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: DeDe Morton <dede.morton@elastic.co>
Co-authored-by: Sophia Xu <sophia.xu@elastic.co>
Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
Co-authored-by: Blake Rouse <blake.rouse@elastic.co>
Co-authored-by: Noémi Ványi <kvch@users.noreply.github.com>
Co-authored-by: Manuel de la Peña <social.mdelapenya@gmail.com>
Co-authored-by: Chris Mark <chrismarkou92@gmail.com>
Co-authored-by: Michael Madden <mikemadden42@users.noreply.github.com>
Co-authored-by: Shaunak Kashyap <ycombinator@gmail.com>
Co-authored-by: Pablo Mercado <pablo.mercado@elastic.co>
Co-authored-by: Ivan Fernandez Calvo <kuisathaverat@users.noreply.github.com>
Co-authored-by: Mariana Dima <mariana@elastic.co>
Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Co-authored-by: Alex K. <8418476+fearful-symmetry@users.noreply.github.com>
Co-authored-by: Przemyslaw Gomulka <przemyslaw.gomulka@elastic.co>
Co-authored-by: Amanda H. L. de Andrade Katz <amanda.andrade@serpro.gov.br>
Co-authored-by: Andrew Cholakian <andrew@andrewvc.com>
mtojek added a commit that referenced this pull request Feb 12, 2020
* Add MQTT input to Filebeat (#15287)

* Inital commit for MQTT input

* Improved naming and error handling

* Improved naming and connection procedure

* Merge "master" branch into "feature-mqtt-input" (#15745)

* [Filebeat] Fixes for NetFlow v9 devices from various vendors (#15449)

- Allow for zero scope fields in options template

NetFlow v9 spec allows for options templates that contain no scope
fields. The netflow input was treating this case as an error and
discarding the template, but that is only applicable to IPFIX.

- Use additional fields to populate bytes/pkt counters

Some devices out there (Cisco NSEL) use fields 231/232 as bytes
counters, when those are supposed to be layer 4 payload counters.

This updates the ECS fields populator to use those fields when the
expected ones are not found.

- Support a classId of 32 bits

While the spec mandates a classId of 8 bits, some Cisco ASA devices
actually use a 32 bit version of this field.

This patches the field to allow up to 32-bit integers and updates the
index pattern to use `long` for the `netflow.class_id` field.

- Add more fields from v9 Cisco devices

Fixes #14212

* update settings for `decode_csv_fields` (#15249) (#15550)

Co-authored-by: DeDe Morton <dede.morton@elastic.co>

Co-authored-by: Sophia Xu <sophia.xu@elastic.co>

* docs: updates to output config (#15272)

* [Filebeat] Handle error message in handleS3Objects function (#15545)

* Handle error message in handleS3Objects function

* remove s3Context.Fail and use setError and done instead

* Add changelog

* Fix use of wrong fields in Cisco ASA dashboard (#15553)

This dashboard wasn't updated after a couple of fields were renamed.

Fixes: #15420

* Add test for publisher spool encode and decode. (#15534)

* Add test for publisher queue encode and decode.

* Run mage fmt.

* Fixes from code review.

* Fix convert processor conversion of string with leading zeros to integer (#15557)

The conversion failed when for strings with leading zeroes and a decimal
digit 8 or 9, as the underlying runtime function would try to parse that
as an octal number.

This is fixed by only allowing decimal and hex, which in turns makes the
processor more aligned to its Elasticsearch counterpart.

Fixes #15513

* New mage target: generate pkg file to test the manager (#15580)

This PR adds a new mage target to Functionbeat named `buildPkgForFunction`. It generates the folder `pkg` with the functions to make testing the manager more comfortable during development.

* Packetbeat TLS: Replace array fields with keyword (#15597)

Use of `type: array` in some fields (which was inconsistent) causes
those fields to be excluded from the template. This prevents pointing
aliases to those fields, which we need in 7.6+.

Setting those fields to `keyword` explicitly so that they are included
in the template.

Fixes #15588

* Add a pull request template providing valuable information when reviewing a PR (#15388)

* Add a PR template that provides valuable information when reviewing a PR

* Add CLA check

* Fix typo

* Address comments during review

* SF: Fix typo

* Add deprecation as PR type

* Make it clear how to strike through in markdown

* Add default configuration files to the checklist

* [Metricbeat] Implement IBM MQ module  (#15301)

* Modify cockroachdb source

* Define testdata

* Do not publish ports

* Update docs

* mage fmt update

* Describe containerized environment

* Update CHANGELOG.next.asciidoc

Co-Authored-By: Chris Mark <chrismarkou92@gmail.com>

* Update data.json

* Rename image

* Update source after review

* Filter ibmmq_ metrics

* mage check

* Fix: mage check

* Don't expose port

* Rename status to qmgr

* Add subscriptions overview dashboard for IBM MQ module

* Add calls, messages overview dashboard for IBM MQ module

* Add screenshots

* Fix: mage check

* Fix: CHANGELOG

* Add explanation

* Fix: mage check

Co-authored-by: Chris Mark <chrismarkou92@gmail.com>

* Cleanup changelogs for master (#15617)

* Cleanup changelogs for master
* Remove extra header in CHANGELOG.asciidoc

* [Metricbeat] Add lambda metricset in aws module (#15260)

* Add lambda metricset

* Adds missing imports (#15624)

* [docs] Clarify privileges required for the writer role (#15604)

* Mask password discovered via module autodiscover hint (#15616)

* Mask password is string representation of config

* Rename method

* Adding unit test

* Use const for module config password setting name

* Using common.DebugString

* Simplifying

* Removing now-invalid unit test

* Removing now-unnecessary const

* Refactoring: moving debug-related var and func to common file

* Refactoring: rename from black list to mask list

* Implement fmt.Formatter for common.MapStr

* Reintroduce debug statement

* Make MarshalLogObject always filter MapStr object for logging purposes

* Refactoring: renaming to be bit more generic

* Forgot to add license header to new file

* Fixing verb syntax

* Update KQL to get estimated cost without dimension ServiceName (#15640)

* Adding monitoring.cloud.* settings to reference files (#15648)

* Adding monitoring.cloud.* settings to reference files

* Missed winlogbeat somehow

* Missed x-pack/winlogbeat

* remove lablels (#15644)

* Fix panic: don't send events if client is nil (#15568)

* Fix panic: don't send events if client is nil

* Use mutex

* Add CHANGELOG entry

* Rename changelog entry

* Fix: changelog

* Temporarily use specific logstash release

* [Metricbeat] Add Istio mesh metricset (#15535)

* [Metricbeat] Fix changelog (#15681)

* Fix changelog

* ci: use APM pipeline library (#15636)

it uses APM pipeline library configured in the instance

* AWS Lambda: downgrade Kibana dashboard (#15682)

* AWS Lambda: downgrade Kibana dashboard

* Downgrade other AWS dashboards

* Log command error if setup dashboards fails

* Another downgrade

* Use github.com/godror/godror instead of goracle.v2 (#15683)

From the README of goracle:

> Goracle is deprecated because of naming (trademark) issues.

From now on we are using github.com/godror/godror instead.

* Move pdh query to shared location in order for new modules/metricsets to reuse (#15503)

* Move pdh query to shared location

* Update changelog

* Fix make update

* mage fmt

* fix changelog

* Remove datasource option from SQL module and add tests (#15686)

Remove datasource option from SQL module. This option was
intended to set the DSN of a database connection, and we were
ignoring the hosts setting. In other SQL modules we are using
the values in hosts as DSNs, do here the same for consistency.
Host is redacted when we cannot parse it as it can contain passwords.

StandardizeEvent is exposed in mbtest.Fetcher interface so we can
more easily check contents of events in tests.

Add integration tests of the module with MySQL and PostgreSQL.

Add real data.json with data from MySQL and PostgreSQL.

* [metricbeat] add service metricset to reference documentation  (#15643)

* add service metricset to ref docs

* update xpack docs

* [metricbeat] Add divide by zero check to docker/diskio (#15649)

* add NaN check to docker/diskio

* return 0

* Change joda style pattern to java style (#15695)

since 7.0 elasticsearch is using java.time style patterns.
YYYY becomes yyyy

* [DOCS] Add missing config options to shared file (#15136)

* [DOCS] Add missing config options to shared file

* Add fixes from review

* Run mage fmt update to fix build error

* [Heartbeat] Support for multiple status codes #13595 (#15587)

Allow for multiple status codes in config. Fixes #13595

* Add missing changelog entry for #15587 (#15721)

* Update github.com/godror/godror to v0.10.4 (#15737)

## What does this PR do?

This PR updates the dependency `github.com/godror/godror` to v0.10.4.

## Why is it important?

Packaging of Metricbeat fails due to the issue in the `godror` version we are currently using. See more about the problem: godror/godror#8

* Collect normalized CPU percentages by default (#15729)

* Collect normalized CPU percentages by default

* Adding CHANGELOG entry

* Updating x-pack/metricbeat

* Fix: mage check

* Detect Eclipse Public License

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: DeDe Morton <dede.morton@elastic.co>
Co-authored-by: Sophia Xu <sophia.xu@elastic.co>
Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
Co-authored-by: Blake Rouse <blake.rouse@elastic.co>
Co-authored-by: Noémi Ványi <kvch@users.noreply.github.com>
Co-authored-by: Manuel de la Peña <social.mdelapenya@gmail.com>
Co-authored-by: Chris Mark <chrismarkou92@gmail.com>
Co-authored-by: Michael Madden <mikemadden42@users.noreply.github.com>
Co-authored-by: Shaunak Kashyap <ycombinator@gmail.com>
Co-authored-by: Pablo Mercado <pablo.mercado@elastic.co>
Co-authored-by: Ivan Fernandez Calvo <kuisathaverat@users.noreply.github.com>
Co-authored-by: Mariana Dima <mariana@elastic.co>
Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Co-authored-by: Alex K. <8418476+fearful-symmetry@users.noreply.github.com>
Co-authored-by: Przemyslaw Gomulka <przemyslaw.gomulka@elastic.co>
Co-authored-by: Amanda H. L. de Andrade Katz <amanda.andrade@serpro.gov.br>
Co-authored-by: Andrew Cholakian <andrew@andrewvc.com>

* [Filebeat] Refactor mqtt input (#16014)

* Refactor mqtt input

* Fix: comment

* Add unit tests

* Test: input run

* Fix Test: run and stop

* Test: backoff

* Adjust code after review

* MQTT: update docs (#16152)

* MQTT: add integration test (#16143)

* Create mosquitto image

* MQTT input: add integration test

* Fix

* Verify connectivity

* Fix

* Fix: mage check

* Fix

* Fix

* Fix: remove global var

* Update changelog

* Fix: regenerate notice file

* Remove unused dependency

* Fix: zero qos

* Wait asynchronously for client being disconnected

Co-authored-by: Felix <felix.roessel@elastic.co>
Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: DeDe Morton <dede.morton@elastic.co>
Co-authored-by: Sophia Xu <sophia.xu@elastic.co>
Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
Co-authored-by: Blake Rouse <blake.rouse@elastic.co>
Co-authored-by: Noémi Ványi <kvch@users.noreply.github.com>
Co-authored-by: Manuel de la Peña <social.mdelapenya@gmail.com>
Co-authored-by: Chris Mark <chrismarkou92@gmail.com>
Co-authored-by: Michael Madden <mikemadden42@users.noreply.github.com>
Co-authored-by: Shaunak Kashyap <ycombinator@gmail.com>
Co-authored-by: Pablo Mercado <pablo.mercado@elastic.co>
Co-authored-by: Ivan Fernandez Calvo <kuisathaverat@users.noreply.github.com>
Co-authored-by: Mariana Dima <mariana@elastic.co>
Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Co-authored-by: Alex K. <8418476+fearful-symmetry@users.noreply.github.com>
Co-authored-by: Przemyslaw Gomulka <przemyslaw.gomulka@elastic.co>
Co-authored-by: Amanda H. L. de Andrade Katz <amanda.andrade@serpro.gov.br>
Co-authored-by: Andrew Cholakian <andrew@andrewvc.com>
mtojek added a commit to mtojek/beats that referenced this pull request Feb 12, 2020
* Add MQTT input to Filebeat (elastic#15287)

* Inital commit for MQTT input

* Improved naming and error handling

* Improved naming and connection procedure

* Merge "master" branch into "feature-mqtt-input" (elastic#15745)

* [Filebeat] Fixes for NetFlow v9 devices from various vendors (elastic#15449)

- Allow for zero scope fields in options template

NetFlow v9 spec allows for options templates that contain no scope
fields. The netflow input was treating this case as an error and
discarding the template, but that is only applicable to IPFIX.

- Use additional fields to populate bytes/pkt counters

Some devices out there (Cisco NSEL) use fields 231/232 as bytes
counters, when those are supposed to be layer 4 payload counters.

This updates the ECS fields populator to use those fields when the
expected ones are not found.

- Support a classId of 32 bits

While the spec mandates a classId of 8 bits, some Cisco ASA devices
actually use a 32 bit version of this field.

This patches the field to allow up to 32-bit integers and updates the
index pattern to use `long` for the `netflow.class_id` field.

- Add more fields from v9 Cisco devices

Fixes elastic#14212

* update settings for `decode_csv_fields` (elastic#15249) (elastic#15550)

Co-authored-by: DeDe Morton <dede.morton@elastic.co>

Co-authored-by: Sophia Xu <sophia.xu@elastic.co>

* docs: updates to output config (elastic#15272)

* [Filebeat] Handle error message in handleS3Objects function (elastic#15545)

* Handle error message in handleS3Objects function

* remove s3Context.Fail and use setError and done instead

* Add changelog

* Fix use of wrong fields in Cisco ASA dashboard (elastic#15553)

This dashboard wasn't updated after a couple of fields were renamed.

Fixes: elastic#15420

* Add test for publisher spool encode and decode. (elastic#15534)

* Add test for publisher queue encode and decode.

* Run mage fmt.

* Fixes from code review.

* Fix convert processor conversion of string with leading zeros to integer (elastic#15557)

The conversion failed when for strings with leading zeroes and a decimal
digit 8 or 9, as the underlying runtime function would try to parse that
as an octal number.

This is fixed by only allowing decimal and hex, which in turns makes the
processor more aligned to its Elasticsearch counterpart.

Fixes elastic#15513

* New mage target: generate pkg file to test the manager (elastic#15580)

This PR adds a new mage target to Functionbeat named `buildPkgForFunction`. It generates the folder `pkg` with the functions to make testing the manager more comfortable during development.

* Packetbeat TLS: Replace array fields with keyword (elastic#15597)

Use of `type: array` in some fields (which was inconsistent) causes
those fields to be excluded from the template. This prevents pointing
aliases to those fields, which we need in 7.6+.

Setting those fields to `keyword` explicitly so that they are included
in the template.

Fixes elastic#15588

* Add a pull request template providing valuable information when reviewing a PR (elastic#15388)

* Add a PR template that provides valuable information when reviewing a PR

* Add CLA check

* Fix typo

* Address comments during review

* SF: Fix typo

* Add deprecation as PR type

* Make it clear how to strike through in markdown

* Add default configuration files to the checklist

* [Metricbeat] Implement IBM MQ module  (elastic#15301)

* Modify cockroachdb source

* Define testdata

* Do not publish ports

* Update docs

* mage fmt update

* Describe containerized environment

* Update CHANGELOG.next.asciidoc

Co-Authored-By: Chris Mark <chrismarkou92@gmail.com>

* Update data.json

* Rename image

* Update source after review

* Filter ibmmq_ metrics

* mage check

* Fix: mage check

* Don't expose port

* Rename status to qmgr

* Add subscriptions overview dashboard for IBM MQ module

* Add calls, messages overview dashboard for IBM MQ module

* Add screenshots

* Fix: mage check

* Fix: CHANGELOG

* Add explanation

* Fix: mage check

Co-authored-by: Chris Mark <chrismarkou92@gmail.com>

* Cleanup changelogs for master (elastic#15617)

* Cleanup changelogs for master
* Remove extra header in CHANGELOG.asciidoc

* [Metricbeat] Add lambda metricset in aws module (elastic#15260)

* Add lambda metricset

* Adds missing imports (elastic#15624)

* [docs] Clarify privileges required for the writer role (elastic#15604)

* Mask password discovered via module autodiscover hint (elastic#15616)

* Mask password is string representation of config

* Rename method

* Adding unit test

* Use const for module config password setting name

* Using common.DebugString

* Simplifying

* Removing now-invalid unit test

* Removing now-unnecessary const

* Refactoring: moving debug-related var and func to common file

* Refactoring: rename from black list to mask list

* Implement fmt.Formatter for common.MapStr

* Reintroduce debug statement

* Make MarshalLogObject always filter MapStr object for logging purposes

* Refactoring: renaming to be bit more generic

* Forgot to add license header to new file

* Fixing verb syntax

* Update KQL to get estimated cost without dimension ServiceName (elastic#15640)

* Adding monitoring.cloud.* settings to reference files (elastic#15648)

* Adding monitoring.cloud.* settings to reference files

* Missed winlogbeat somehow

* Missed x-pack/winlogbeat

* remove lablels (elastic#15644)

* Fix panic: don't send events if client is nil (elastic#15568)

* Fix panic: don't send events if client is nil

* Use mutex

* Add CHANGELOG entry

* Rename changelog entry

* Fix: changelog

* Temporarily use specific logstash release

* [Metricbeat] Add Istio mesh metricset (elastic#15535)

* [Metricbeat] Fix changelog (elastic#15681)

* Fix changelog

* ci: use APM pipeline library (elastic#15636)

it uses APM pipeline library configured in the instance

* AWS Lambda: downgrade Kibana dashboard (elastic#15682)

* AWS Lambda: downgrade Kibana dashboard

* Downgrade other AWS dashboards

* Log command error if setup dashboards fails

* Another downgrade

* Use github.com/godror/godror instead of goracle.v2 (elastic#15683)

From the README of goracle:

> Goracle is deprecated because of naming (trademark) issues.

From now on we are using github.com/godror/godror instead.

* Move pdh query to shared location in order for new modules/metricsets to reuse (elastic#15503)

* Move pdh query to shared location

* Update changelog

* Fix make update

* mage fmt

* fix changelog

* Remove datasource option from SQL module and add tests (elastic#15686)

Remove datasource option from SQL module. This option was
intended to set the DSN of a database connection, and we were
ignoring the hosts setting. In other SQL modules we are using
the values in hosts as DSNs, do here the same for consistency.
Host is redacted when we cannot parse it as it can contain passwords.

StandardizeEvent is exposed in mbtest.Fetcher interface so we can
more easily check contents of events in tests.

Add integration tests of the module with MySQL and PostgreSQL.

Add real data.json with data from MySQL and PostgreSQL.

* [metricbeat] add service metricset to reference documentation  (elastic#15643)

* add service metricset to ref docs

* update xpack docs

* [metricbeat] Add divide by zero check to docker/diskio (elastic#15649)

* add NaN check to docker/diskio

* return 0

* Change joda style pattern to java style (elastic#15695)

since 7.0 elasticsearch is using java.time style patterns.
YYYY becomes yyyy

* [DOCS] Add missing config options to shared file (elastic#15136)

* [DOCS] Add missing config options to shared file

* Add fixes from review

* Run mage fmt update to fix build error

* [Heartbeat] Support for multiple status codes elastic#13595 (elastic#15587)

Allow for multiple status codes in config. Fixes elastic#13595

* Add missing changelog entry for elastic#15587 (elastic#15721)

* Update github.com/godror/godror to v0.10.4 (elastic#15737)

## What does this PR do?

This PR updates the dependency `github.com/godror/godror` to v0.10.4.

## Why is it important?

Packaging of Metricbeat fails due to the issue in the `godror` version we are currently using. See more about the problem: godror/godror#8

* Collect normalized CPU percentages by default (elastic#15729)

* Collect normalized CPU percentages by default

* Adding CHANGELOG entry

* Updating x-pack/metricbeat

* Fix: mage check

* Detect Eclipse Public License

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: DeDe Morton <dede.morton@elastic.co>
Co-authored-by: Sophia Xu <sophia.xu@elastic.co>
Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
Co-authored-by: Blake Rouse <blake.rouse@elastic.co>
Co-authored-by: Noémi Ványi <kvch@users.noreply.github.com>
Co-authored-by: Manuel de la Peña <social.mdelapenya@gmail.com>
Co-authored-by: Chris Mark <chrismarkou92@gmail.com>
Co-authored-by: Michael Madden <mikemadden42@users.noreply.github.com>
Co-authored-by: Shaunak Kashyap <ycombinator@gmail.com>
Co-authored-by: Pablo Mercado <pablo.mercado@elastic.co>
Co-authored-by: Ivan Fernandez Calvo <kuisathaverat@users.noreply.github.com>
Co-authored-by: Mariana Dima <mariana@elastic.co>
Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Co-authored-by: Alex K. <8418476+fearful-symmetry@users.noreply.github.com>
Co-authored-by: Przemyslaw Gomulka <przemyslaw.gomulka@elastic.co>
Co-authored-by: Amanda H. L. de Andrade Katz <amanda.andrade@serpro.gov.br>
Co-authored-by: Andrew Cholakian <andrew@andrewvc.com>

* [Filebeat] Refactor mqtt input (elastic#16014)

* Refactor mqtt input

* Fix: comment

* Add unit tests

* Test: input run

* Fix Test: run and stop

* Test: backoff

* Adjust code after review

* MQTT: update docs (elastic#16152)

* MQTT: add integration test (elastic#16143)

* Create mosquitto image

* MQTT input: add integration test

* Fix

* Verify connectivity

* Fix

* Fix: mage check

* Fix

* Fix

* Fix: remove global var

* Update changelog

* Fix: regenerate notice file

* Remove unused dependency

* Fix: zero qos

* Wait asynchronously for client being disconnected

Co-authored-by: Felix <felix.roessel@elastic.co>
Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: DeDe Morton <dede.morton@elastic.co>
Co-authored-by: Sophia Xu <sophia.xu@elastic.co>
Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
Co-authored-by: Blake Rouse <blake.rouse@elastic.co>
Co-authored-by: Noémi Ványi <kvch@users.noreply.github.com>
Co-authored-by: Manuel de la Peña <social.mdelapenya@gmail.com>
Co-authored-by: Chris Mark <chrismarkou92@gmail.com>
Co-authored-by: Michael Madden <mikemadden42@users.noreply.github.com>
Co-authored-by: Shaunak Kashyap <ycombinator@gmail.com>
Co-authored-by: Pablo Mercado <pablo.mercado@elastic.co>
Co-authored-by: Ivan Fernandez Calvo <kuisathaverat@users.noreply.github.com>
Co-authored-by: Mariana Dima <mariana@elastic.co>
Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Co-authored-by: Alex K. <8418476+fearful-symmetry@users.noreply.github.com>
Co-authored-by: Przemyslaw Gomulka <przemyslaw.gomulka@elastic.co>
Co-authored-by: Amanda H. L. de Andrade Katz <amanda.andrade@serpro.gov.br>
Co-authored-by: Andrew Cholakian <andrew@andrewvc.com>
(cherry picked from commit 56c93e5)
mtojek added a commit that referenced this pull request Feb 12, 2020
…6284)

* Filebeat: Merge "mqtt" input to master (#16204)

* Add MQTT input to Filebeat (#15287)

* Inital commit for MQTT input

* Improved naming and error handling

* Improved naming and connection procedure

* Merge "master" branch into "feature-mqtt-input" (#15745)

* [Filebeat] Fixes for NetFlow v9 devices from various vendors (#15449)

- Allow for zero scope fields in options template

NetFlow v9 spec allows for options templates that contain no scope
fields. The netflow input was treating this case as an error and
discarding the template, but that is only applicable to IPFIX.

- Use additional fields to populate bytes/pkt counters

Some devices out there (Cisco NSEL) use fields 231/232 as bytes
counters, when those are supposed to be layer 4 payload counters.

This updates the ECS fields populator to use those fields when the
expected ones are not found.

- Support a classId of 32 bits

While the spec mandates a classId of 8 bits, some Cisco ASA devices
actually use a 32 bit version of this field.

This patches the field to allow up to 32-bit integers and updates the
index pattern to use `long` for the `netflow.class_id` field.

- Add more fields from v9 Cisco devices

Fixes #14212

* update settings for `decode_csv_fields` (#15249) (#15550)

Co-authored-by: DeDe Morton <dede.morton@elastic.co>

Co-authored-by: Sophia Xu <sophia.xu@elastic.co>

* docs: updates to output config (#15272)

* [Filebeat] Handle error message in handleS3Objects function (#15545)

* Handle error message in handleS3Objects function

* remove s3Context.Fail and use setError and done instead

* Add changelog

* Fix use of wrong fields in Cisco ASA dashboard (#15553)

This dashboard wasn't updated after a couple of fields were renamed.

Fixes: #15420

* Add test for publisher spool encode and decode. (#15534)

* Add test for publisher queue encode and decode.

* Run mage fmt.

* Fixes from code review.

* Fix convert processor conversion of string with leading zeros to integer (#15557)

The conversion failed when for strings with leading zeroes and a decimal
digit 8 or 9, as the underlying runtime function would try to parse that
as an octal number.

This is fixed by only allowing decimal and hex, which in turns makes the
processor more aligned to its Elasticsearch counterpart.

Fixes #15513

* New mage target: generate pkg file to test the manager (#15580)

This PR adds a new mage target to Functionbeat named `buildPkgForFunction`. It generates the folder `pkg` with the functions to make testing the manager more comfortable during development.

* Packetbeat TLS: Replace array fields with keyword (#15597)

Use of `type: array` in some fields (which was inconsistent) causes
those fields to be excluded from the template. This prevents pointing
aliases to those fields, which we need in 7.6+.

Setting those fields to `keyword` explicitly so that they are included
in the template.

Fixes #15588

* Add a pull request template providing valuable information when reviewing a PR (#15388)

* Add a PR template that provides valuable information when reviewing a PR

* Add CLA check

* Fix typo

* Address comments during review

* SF: Fix typo

* Add deprecation as PR type

* Make it clear how to strike through in markdown

* Add default configuration files to the checklist

* [Metricbeat] Implement IBM MQ module  (#15301)

* Modify cockroachdb source

* Define testdata

* Do not publish ports

* Update docs

* mage fmt update

* Describe containerized environment

* Update CHANGELOG.next.asciidoc

Co-Authored-By: Chris Mark <chrismarkou92@gmail.com>

* Update data.json

* Rename image

* Update source after review

* Filter ibmmq_ metrics

* mage check

* Fix: mage check

* Don't expose port

* Rename status to qmgr

* Add subscriptions overview dashboard for IBM MQ module

* Add calls, messages overview dashboard for IBM MQ module

* Add screenshots

* Fix: mage check

* Fix: CHANGELOG

* Add explanation

* Fix: mage check

Co-authored-by: Chris Mark <chrismarkou92@gmail.com>

* Cleanup changelogs for master (#15617)

* Cleanup changelogs for master
* Remove extra header in CHANGELOG.asciidoc

* [Metricbeat] Add lambda metricset in aws module (#15260)

* Add lambda metricset

* Adds missing imports (#15624)

* [docs] Clarify privileges required for the writer role (#15604)

* Mask password discovered via module autodiscover hint (#15616)

* Mask password is string representation of config

* Rename method

* Adding unit test

* Use const for module config password setting name

* Using common.DebugString

* Simplifying

* Removing now-invalid unit test

* Removing now-unnecessary const

* Refactoring: moving debug-related var and func to common file

* Refactoring: rename from black list to mask list

* Implement fmt.Formatter for common.MapStr

* Reintroduce debug statement

* Make MarshalLogObject always filter MapStr object for logging purposes

* Refactoring: renaming to be bit more generic

* Forgot to add license header to new file

* Fixing verb syntax

* Update KQL to get estimated cost without dimension ServiceName (#15640)

* Adding monitoring.cloud.* settings to reference files (#15648)

* Adding monitoring.cloud.* settings to reference files

* Missed winlogbeat somehow

* Missed x-pack/winlogbeat

* remove lablels (#15644)

* Fix panic: don't send events if client is nil (#15568)

* Fix panic: don't send events if client is nil

* Use mutex

* Add CHANGELOG entry

* Rename changelog entry

* Fix: changelog

* Temporarily use specific logstash release

* [Metricbeat] Add Istio mesh metricset (#15535)

* [Metricbeat] Fix changelog (#15681)

* Fix changelog

* ci: use APM pipeline library (#15636)

it uses APM pipeline library configured in the instance

* AWS Lambda: downgrade Kibana dashboard (#15682)

* AWS Lambda: downgrade Kibana dashboard

* Downgrade other AWS dashboards

* Log command error if setup dashboards fails

* Another downgrade

* Use github.com/godror/godror instead of goracle.v2 (#15683)

From the README of goracle:

> Goracle is deprecated because of naming (trademark) issues.

From now on we are using github.com/godror/godror instead.

* Move pdh query to shared location in order for new modules/metricsets to reuse (#15503)

* Move pdh query to shared location

* Update changelog

* Fix make update

* mage fmt

* fix changelog

* Remove datasource option from SQL module and add tests (#15686)

Remove datasource option from SQL module. This option was
intended to set the DSN of a database connection, and we were
ignoring the hosts setting. In other SQL modules we are using
the values in hosts as DSNs, do here the same for consistency.
Host is redacted when we cannot parse it as it can contain passwords.

StandardizeEvent is exposed in mbtest.Fetcher interface so we can
more easily check contents of events in tests.

Add integration tests of the module with MySQL and PostgreSQL.

Add real data.json with data from MySQL and PostgreSQL.

* [metricbeat] add service metricset to reference documentation  (#15643)

* add service metricset to ref docs

* update xpack docs

* [metricbeat] Add divide by zero check to docker/diskio (#15649)

* add NaN check to docker/diskio

* return 0

* Change joda style pattern to java style (#15695)

since 7.0 elasticsearch is using java.time style patterns.
YYYY becomes yyyy

* [DOCS] Add missing config options to shared file (#15136)

* [DOCS] Add missing config options to shared file

* Add fixes from review

* Run mage fmt update to fix build error

* [Heartbeat] Support for multiple status codes #13595 (#15587)

Allow for multiple status codes in config. Fixes #13595

* Add missing changelog entry for #15587 (#15721)

* Update github.com/godror/godror to v0.10.4 (#15737)

## What does this PR do?

This PR updates the dependency `github.com/godror/godror` to v0.10.4.

## Why is it important?

Packaging of Metricbeat fails due to the issue in the `godror` version we are currently using. See more about the problem: godror/godror#8

* Collect normalized CPU percentages by default (#15729)

* Collect normalized CPU percentages by default

* Adding CHANGELOG entry

* Updating x-pack/metricbeat

* Fix: mage check

* Detect Eclipse Public License

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: DeDe Morton <dede.morton@elastic.co>
Co-authored-by: Sophia Xu <sophia.xu@elastic.co>
Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
Co-authored-by: Blake Rouse <blake.rouse@elastic.co>
Co-authored-by: Noémi Ványi <kvch@users.noreply.github.com>
Co-authored-by: Manuel de la Peña <social.mdelapenya@gmail.com>
Co-authored-by: Chris Mark <chrismarkou92@gmail.com>
Co-authored-by: Michael Madden <mikemadden42@users.noreply.github.com>
Co-authored-by: Shaunak Kashyap <ycombinator@gmail.com>
Co-authored-by: Pablo Mercado <pablo.mercado@elastic.co>
Co-authored-by: Ivan Fernandez Calvo <kuisathaverat@users.noreply.github.com>
Co-authored-by: Mariana Dima <mariana@elastic.co>
Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Co-authored-by: Alex K. <8418476+fearful-symmetry@users.noreply.github.com>
Co-authored-by: Przemyslaw Gomulka <przemyslaw.gomulka@elastic.co>
Co-authored-by: Amanda H. L. de Andrade Katz <amanda.andrade@serpro.gov.br>
Co-authored-by: Andrew Cholakian <andrew@andrewvc.com>

* [Filebeat] Refactor mqtt input (#16014)

* Refactor mqtt input

* Fix: comment

* Add unit tests

* Test: input run

* Fix Test: run and stop

* Test: backoff

* Adjust code after review

* MQTT: update docs (#16152)

* MQTT: add integration test (#16143)

* Create mosquitto image

* MQTT input: add integration test

* Fix

* Verify connectivity

* Fix

* Fix: mage check

* Fix

* Fix

* Fix: remove global var

* Update changelog

* Fix: regenerate notice file

* Remove unused dependency

* Fix: zero qos

* Wait asynchronously for client being disconnected

Co-authored-by: Felix <felix.roessel@elastic.co>
Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: DeDe Morton <dede.morton@elastic.co>
Co-authored-by: Sophia Xu <sophia.xu@elastic.co>
Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
Co-authored-by: Blake Rouse <blake.rouse@elastic.co>
Co-authored-by: Noémi Ványi <kvch@users.noreply.github.com>
Co-authored-by: Manuel de la Peña <social.mdelapenya@gmail.com>
Co-authored-by: Chris Mark <chrismarkou92@gmail.com>
Co-authored-by: Michael Madden <mikemadden42@users.noreply.github.com>
Co-authored-by: Shaunak Kashyap <ycombinator@gmail.com>
Co-authored-by: Pablo Mercado <pablo.mercado@elastic.co>
Co-authored-by: Ivan Fernandez Calvo <kuisathaverat@users.noreply.github.com>
Co-authored-by: Mariana Dima <mariana@elastic.co>
Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Co-authored-by: Alex K. <8418476+fearful-symmetry@users.noreply.github.com>
Co-authored-by: Przemyslaw Gomulka <przemyslaw.gomulka@elastic.co>
Co-authored-by: Amanda H. L. de Andrade Katz <amanda.andrade@serpro.gov.br>
Co-authored-by: Andrew Cholakian <andrew@andrewvc.com>
(cherry picked from commit 56c93e5)

* Update CHANGELOG
kvch added a commit to kvch/beats that referenced this pull request Feb 20, 2020
* Add MQTT input to Filebeat (elastic#15287)

* Inital commit for MQTT input

* Improved naming and error handling

* Improved naming and connection procedure

* Merge "master" branch into "feature-mqtt-input" (elastic#15745)

* [Filebeat] Fixes for NetFlow v9 devices from various vendors (elastic#15449)

- Allow for zero scope fields in options template

NetFlow v9 spec allows for options templates that contain no scope
fields. The netflow input was treating this case as an error and
discarding the template, but that is only applicable to IPFIX.

- Use additional fields to populate bytes/pkt counters

Some devices out there (Cisco NSEL) use fields 231/232 as bytes
counters, when those are supposed to be layer 4 payload counters.

This updates the ECS fields populator to use those fields when the
expected ones are not found.

- Support a classId of 32 bits

While the spec mandates a classId of 8 bits, some Cisco ASA devices
actually use a 32 bit version of this field.

This patches the field to allow up to 32-bit integers and updates the
index pattern to use `long` for the `netflow.class_id` field.

- Add more fields from v9 Cisco devices

Fixes elastic#14212

* update settings for `decode_csv_fields` (elastic#15249) (elastic#15550)

Co-authored-by: DeDe Morton <dede.morton@elastic.co>

Co-authored-by: Sophia Xu <sophia.xu@elastic.co>

* docs: updates to output config (elastic#15272)

* [Filebeat] Handle error message in handleS3Objects function (elastic#15545)

* Handle error message in handleS3Objects function

* remove s3Context.Fail and use setError and done instead

* Add changelog

* Fix use of wrong fields in Cisco ASA dashboard (elastic#15553)

This dashboard wasn't updated after a couple of fields were renamed.

Fixes: elastic#15420

* Add test for publisher spool encode and decode. (elastic#15534)

* Add test for publisher queue encode and decode.

* Run mage fmt.

* Fixes from code review.

* Fix convert processor conversion of string with leading zeros to integer (elastic#15557)

The conversion failed when for strings with leading zeroes and a decimal
digit 8 or 9, as the underlying runtime function would try to parse that
as an octal number.

This is fixed by only allowing decimal and hex, which in turns makes the
processor more aligned to its Elasticsearch counterpart.

Fixes elastic#15513

* New mage target: generate pkg file to test the manager (elastic#15580)

This PR adds a new mage target to Functionbeat named `buildPkgForFunction`. It generates the folder `pkg` with the functions to make testing the manager more comfortable during development.

* Packetbeat TLS: Replace array fields with keyword (elastic#15597)

Use of `type: array` in some fields (which was inconsistent) causes
those fields to be excluded from the template. This prevents pointing
aliases to those fields, which we need in 7.6+.

Setting those fields to `keyword` explicitly so that they are included
in the template.

Fixes elastic#15588

* Add a pull request template providing valuable information when reviewing a PR (elastic#15388)

* Add a PR template that provides valuable information when reviewing a PR

* Add CLA check

* Fix typo

* Address comments during review

* SF: Fix typo

* Add deprecation as PR type

* Make it clear how to strike through in markdown

* Add default configuration files to the checklist

* [Metricbeat] Implement IBM MQ module  (elastic#15301)

* Modify cockroachdb source

* Define testdata

* Do not publish ports

* Update docs

* mage fmt update

* Describe containerized environment

* Update CHANGELOG.next.asciidoc

Co-Authored-By: Chris Mark <chrismarkou92@gmail.com>

* Update data.json

* Rename image

* Update source after review

* Filter ibmmq_ metrics

* mage check

* Fix: mage check

* Don't expose port

* Rename status to qmgr

* Add subscriptions overview dashboard for IBM MQ module

* Add calls, messages overview dashboard for IBM MQ module

* Add screenshots

* Fix: mage check

* Fix: CHANGELOG

* Add explanation

* Fix: mage check

Co-authored-by: Chris Mark <chrismarkou92@gmail.com>

* Cleanup changelogs for master (elastic#15617)

* Cleanup changelogs for master
* Remove extra header in CHANGELOG.asciidoc

* [Metricbeat] Add lambda metricset in aws module (elastic#15260)

* Add lambda metricset

* Adds missing imports (elastic#15624)

* [docs] Clarify privileges required for the writer role (elastic#15604)

* Mask password discovered via module autodiscover hint (elastic#15616)

* Mask password is string representation of config

* Rename method

* Adding unit test

* Use const for module config password setting name

* Using common.DebugString

* Simplifying

* Removing now-invalid unit test

* Removing now-unnecessary const

* Refactoring: moving debug-related var and func to common file

* Refactoring: rename from black list to mask list

* Implement fmt.Formatter for common.MapStr

* Reintroduce debug statement

* Make MarshalLogObject always filter MapStr object for logging purposes

* Refactoring: renaming to be bit more generic

* Forgot to add license header to new file

* Fixing verb syntax

* Update KQL to get estimated cost without dimension ServiceName (elastic#15640)

* Adding monitoring.cloud.* settings to reference files (elastic#15648)

* Adding monitoring.cloud.* settings to reference files

* Missed winlogbeat somehow

* Missed x-pack/winlogbeat

* remove lablels (elastic#15644)

* Fix panic: don't send events if client is nil (elastic#15568)

* Fix panic: don't send events if client is nil

* Use mutex

* Add CHANGELOG entry

* Rename changelog entry

* Fix: changelog

* Temporarily use specific logstash release

* [Metricbeat] Add Istio mesh metricset (elastic#15535)

* [Metricbeat] Fix changelog (elastic#15681)

* Fix changelog

* ci: use APM pipeline library (elastic#15636)

it uses APM pipeline library configured in the instance

* AWS Lambda: downgrade Kibana dashboard (elastic#15682)

* AWS Lambda: downgrade Kibana dashboard

* Downgrade other AWS dashboards

* Log command error if setup dashboards fails

* Another downgrade

* Use github.com/godror/godror instead of goracle.v2 (elastic#15683)

From the README of goracle:

> Goracle is deprecated because of naming (trademark) issues.

From now on we are using github.com/godror/godror instead.

* Move pdh query to shared location in order for new modules/metricsets to reuse (elastic#15503)

* Move pdh query to shared location

* Update changelog

* Fix make update

* mage fmt

* fix changelog

* Remove datasource option from SQL module and add tests (elastic#15686)

Remove datasource option from SQL module. This option was
intended to set the DSN of a database connection, and we were
ignoring the hosts setting. In other SQL modules we are using
the values in hosts as DSNs, do here the same for consistency.
Host is redacted when we cannot parse it as it can contain passwords.

StandardizeEvent is exposed in mbtest.Fetcher interface so we can
more easily check contents of events in tests.

Add integration tests of the module with MySQL and PostgreSQL.

Add real data.json with data from MySQL and PostgreSQL.

* [metricbeat] add service metricset to reference documentation  (elastic#15643)

* add service metricset to ref docs

* update xpack docs

* [metricbeat] Add divide by zero check to docker/diskio (elastic#15649)

* add NaN check to docker/diskio

* return 0

* Change joda style pattern to java style (elastic#15695)

since 7.0 elasticsearch is using java.time style patterns.
YYYY becomes yyyy

* [DOCS] Add missing config options to shared file (elastic#15136)

* [DOCS] Add missing config options to shared file

* Add fixes from review

* Run mage fmt update to fix build error

* [Heartbeat] Support for multiple status codes elastic#13595 (elastic#15587)

Allow for multiple status codes in config. Fixes elastic#13595

* Add missing changelog entry for elastic#15587 (elastic#15721)

* Update github.com/godror/godror to v0.10.4 (elastic#15737)

## What does this PR do?

This PR updates the dependency `github.com/godror/godror` to v0.10.4.

## Why is it important?

Packaging of Metricbeat fails due to the issue in the `godror` version we are currently using. See more about the problem: godror/godror#8

* Collect normalized CPU percentages by default (elastic#15729)

* Collect normalized CPU percentages by default

* Adding CHANGELOG entry

* Updating x-pack/metricbeat

* Fix: mage check

* Detect Eclipse Public License

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: DeDe Morton <dede.morton@elastic.co>
Co-authored-by: Sophia Xu <sophia.xu@elastic.co>
Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
Co-authored-by: Blake Rouse <blake.rouse@elastic.co>
Co-authored-by: Noémi Ványi <kvch@users.noreply.github.com>
Co-authored-by: Manuel de la Peña <social.mdelapenya@gmail.com>
Co-authored-by: Chris Mark <chrismarkou92@gmail.com>
Co-authored-by: Michael Madden <mikemadden42@users.noreply.github.com>
Co-authored-by: Shaunak Kashyap <ycombinator@gmail.com>
Co-authored-by: Pablo Mercado <pablo.mercado@elastic.co>
Co-authored-by: Ivan Fernandez Calvo <kuisathaverat@users.noreply.github.com>
Co-authored-by: Mariana Dima <mariana@elastic.co>
Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Co-authored-by: Alex K. <8418476+fearful-symmetry@users.noreply.github.com>
Co-authored-by: Przemyslaw Gomulka <przemyslaw.gomulka@elastic.co>
Co-authored-by: Amanda H. L. de Andrade Katz <amanda.andrade@serpro.gov.br>
Co-authored-by: Andrew Cholakian <andrew@andrewvc.com>

* [Filebeat] Refactor mqtt input (elastic#16014)

* Refactor mqtt input

* Fix: comment

* Add unit tests

* Test: input run

* Fix Test: run and stop

* Test: backoff

* Adjust code after review

* MQTT: update docs (elastic#16152)

* MQTT: add integration test (elastic#16143)

* Create mosquitto image

* MQTT input: add integration test

* Fix

* Verify connectivity

* Fix

* Fix: mage check

* Fix

* Fix

* Fix: remove global var

* Update changelog

* Fix: regenerate notice file

* Remove unused dependency

* Fix: zero qos

* Wait asynchronously for client being disconnected

Co-authored-by: Felix <felix.roessel@elastic.co>
Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: DeDe Morton <dede.morton@elastic.co>
Co-authored-by: Sophia Xu <sophia.xu@elastic.co>
Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
Co-authored-by: Blake Rouse <blake.rouse@elastic.co>
Co-authored-by: Noémi Ványi <kvch@users.noreply.github.com>
Co-authored-by: Manuel de la Peña <social.mdelapenya@gmail.com>
Co-authored-by: Chris Mark <chrismarkou92@gmail.com>
Co-authored-by: Michael Madden <mikemadden42@users.noreply.github.com>
Co-authored-by: Shaunak Kashyap <ycombinator@gmail.com>
Co-authored-by: Pablo Mercado <pablo.mercado@elastic.co>
Co-authored-by: Ivan Fernandez Calvo <kuisathaverat@users.noreply.github.com>
Co-authored-by: Mariana Dima <mariana@elastic.co>
Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Co-authored-by: Alex K. <8418476+fearful-symmetry@users.noreply.github.com>
Co-authored-by: Przemyslaw Gomulka <przemyslaw.gomulka@elastic.co>
Co-authored-by: Amanda H. L. de Andrade Katz <amanda.andrade@serpro.gov.br>
Co-authored-by: Andrew Cholakian <andrew@andrewvc.com>
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
…ger (elastic#15557) (elastic#15567)

The conversion failed when for strings with leading zeroes and a decimal
digit 8 or 9, as the underlying runtime function would try to parse that
as an octal number.

This is fixed by only allowing decimal and hex, which in turns makes the
processor more aligned to its Elasticsearch counterpart.

Fixes elastic#15513

(cherry picked from commit e26a260)
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
* [Filebeat] Fixes for NetFlow v9 devices from various vendors (elastic#15449)

- Allow for zero scope fields in options template

NetFlow v9 spec allows for options templates that contain no scope
fields. The netflow input was treating this case as an error and
discarding the template, but that is only applicable to IPFIX.

- Use additional fields to populate bytes/pkt counters

Some devices out there (Cisco NSEL) use fields 231/232 as bytes
counters, when those are supposed to be layer 4 payload counters.

This updates the ECS fields populator to use those fields when the
expected ones are not found.

- Support a classId of 32 bits

While the spec mandates a classId of 8 bits, some Cisco ASA devices
actually use a 32 bit version of this field.

This patches the field to allow up to 32-bit integers and updates the
index pattern to use `long` for the `netflow.class_id` field.

- Add more fields from v9 Cisco devices

Fixes elastic#14212

* update settings for `decode_csv_fields` (elastic#15249) (elastic#15550)

Co-authored-by: DeDe Morton <dede.morton@elastic.co>

Co-authored-by: Sophia Xu <sophia.xu@elastic.co>

* docs: updates to output config (elastic#15272)

* [Filebeat] Handle error message in handleS3Objects function (elastic#15545)

* Handle error message in handleS3Objects function

* remove s3Context.Fail and use setError and done instead

* Add changelog

* Fix use of wrong fields in Cisco ASA dashboard (elastic#15553)

This dashboard wasn't updated after a couple of fields were renamed.

Fixes: elastic#15420

* Add test for publisher spool encode and decode. (elastic#15534)

* Add test for publisher queue encode and decode.

* Run mage fmt.

* Fixes from code review.

* Fix convert processor conversion of string with leading zeros to integer (elastic#15557)

The conversion failed when for strings with leading zeroes and a decimal
digit 8 or 9, as the underlying runtime function would try to parse that
as an octal number.

This is fixed by only allowing decimal and hex, which in turns makes the
processor more aligned to its Elasticsearch counterpart.

Fixes elastic#15513

* New mage target: generate pkg file to test the manager (elastic#15580)

This PR adds a new mage target to Functionbeat named `buildPkgForFunction`. It generates the folder `pkg` with the functions to make testing the manager more comfortable during development.

* Packetbeat TLS: Replace array fields with keyword (elastic#15597)

Use of `type: array` in some fields (which was inconsistent) causes
those fields to be excluded from the template. This prevents pointing
aliases to those fields, which we need in 7.6+.

Setting those fields to `keyword` explicitly so that they are included
in the template.

Fixes elastic#15588

* Add a pull request template providing valuable information when reviewing a PR (elastic#15388)

* Add a PR template that provides valuable information when reviewing a PR

* Add CLA check

* Fix typo

* Address comments during review

* SF: Fix typo

* Add deprecation as PR type

* Make it clear how to strike through in markdown

* Add default configuration files to the checklist

* [Metricbeat] Implement IBM MQ module  (elastic#15301)

* Modify cockroachdb source

* Define testdata

* Do not publish ports

* Update docs

* mage fmt update

* Describe containerized environment

* Update CHANGELOG.next.asciidoc

Co-Authored-By: Chris Mark <chrismarkou92@gmail.com>

* Update data.json

* Rename image

* Update source after review

* Filter ibmmq_ metrics

* mage check

* Fix: mage check

* Don't expose port

* Rename status to qmgr

* Add subscriptions overview dashboard for IBM MQ module

* Add calls, messages overview dashboard for IBM MQ module

* Add screenshots

* Fix: mage check

* Fix: CHANGELOG

* Add explanation

* Fix: mage check

Co-authored-by: Chris Mark <chrismarkou92@gmail.com>

* Cleanup changelogs for master (elastic#15617)

* Cleanup changelogs for master
* Remove extra header in CHANGELOG.asciidoc

* [Metricbeat] Add lambda metricset in aws module (elastic#15260)

* Add lambda metricset

* Adds missing imports (elastic#15624)

* [docs] Clarify privileges required for the writer role (elastic#15604)

* Mask password discovered via module autodiscover hint (elastic#15616)

* Mask password is string representation of config

* Rename method

* Adding unit test

* Use const for module config password setting name

* Using common.DebugString

* Simplifying

* Removing now-invalid unit test

* Removing now-unnecessary const

* Refactoring: moving debug-related var and func to common file

* Refactoring: rename from black list to mask list

* Implement fmt.Formatter for common.MapStr

* Reintroduce debug statement

* Make MarshalLogObject always filter MapStr object for logging purposes

* Refactoring: renaming to be bit more generic

* Forgot to add license header to new file

* Fixing verb syntax

* Update KQL to get estimated cost without dimension ServiceName (elastic#15640)

* Adding monitoring.cloud.* settings to reference files (elastic#15648)

* Adding monitoring.cloud.* settings to reference files

* Missed winlogbeat somehow

* Missed x-pack/winlogbeat

* remove lablels (elastic#15644)

* Fix panic: don't send events if client is nil (elastic#15568)

* Fix panic: don't send events if client is nil

* Use mutex

* Add CHANGELOG entry

* Rename changelog entry

* Fix: changelog

* Temporarily use specific logstash release

* [Metricbeat] Add Istio mesh metricset (elastic#15535)

* [Metricbeat] Fix changelog (elastic#15681)

* Fix changelog

* ci: use APM pipeline library (elastic#15636)

it uses APM pipeline library configured in the instance

* AWS Lambda: downgrade Kibana dashboard (elastic#15682)

* AWS Lambda: downgrade Kibana dashboard

* Downgrade other AWS dashboards

* Log command error if setup dashboards fails

* Another downgrade

* Use github.com/godror/godror instead of goracle.v2 (elastic#15683)

From the README of goracle:

> Goracle is deprecated because of naming (trademark) issues.

From now on we are using github.com/godror/godror instead.

* Move pdh query to shared location in order for new modules/metricsets to reuse (elastic#15503)

* Move pdh query to shared location

* Update changelog

* Fix make update

* mage fmt

* fix changelog

* Remove datasource option from SQL module and add tests (elastic#15686)

Remove datasource option from SQL module. This option was
intended to set the DSN of a database connection, and we were
ignoring the hosts setting. In other SQL modules we are using
the values in hosts as DSNs, do here the same for consistency.
Host is redacted when we cannot parse it as it can contain passwords.

StandardizeEvent is exposed in mbtest.Fetcher interface so we can
more easily check contents of events in tests.

Add integration tests of the module with MySQL and PostgreSQL.

Add real data.json with data from MySQL and PostgreSQL.

* [metricbeat] add service metricset to reference documentation  (elastic#15643)

* add service metricset to ref docs

* update xpack docs

* [metricbeat] Add divide by zero check to docker/diskio (elastic#15649)

* add NaN check to docker/diskio

* return 0

* Change joda style pattern to java style (elastic#15695)

since 7.0 elasticsearch is using java.time style patterns.
YYYY becomes yyyy

* [DOCS] Add missing config options to shared file (elastic#15136)

* [DOCS] Add missing config options to shared file

* Add fixes from review

* Run mage fmt update to fix build error

* [Heartbeat] Support for multiple status codes elastic#13595 (elastic#15587)

Allow for multiple status codes in config. Fixes elastic#13595

* Add missing changelog entry for elastic#15587 (elastic#15721)

* Update github.com/godror/godror to v0.10.4 (elastic#15737)

## What does this PR do?

This PR updates the dependency `github.com/godror/godror` to v0.10.4.

## Why is it important?

Packaging of Metricbeat fails due to the issue in the `godror` version we are currently using. See more about the problem: godror/godror#8

* Collect normalized CPU percentages by default (elastic#15729)

* Collect normalized CPU percentages by default

* Adding CHANGELOG entry

* Updating x-pack/metricbeat

* Fix: mage check

* Detect Eclipse Public License

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Co-authored-by: DeDe Morton <dede.morton@elastic.co>
Co-authored-by: Sophia Xu <sophia.xu@elastic.co>
Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
Co-authored-by: Blake Rouse <blake.rouse@elastic.co>
Co-authored-by: Noémi Ványi <kvch@users.noreply.github.com>
Co-authored-by: Manuel de la Peña <social.mdelapenya@gmail.com>
Co-authored-by: Chris Mark <chrismarkou92@gmail.com>
Co-authored-by: Michael Madden <mikemadden42@users.noreply.github.com>
Co-authored-by: Shaunak Kashyap <ycombinator@gmail.com>
Co-authored-by: Pablo Mercado <pablo.mercado@elastic.co>
Co-authored-by: Ivan Fernandez Calvo <kuisathaverat@users.noreply.github.com>
Co-authored-by: Mariana Dima <mariana@elastic.co>
Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Co-authored-by: Alex K. <8418476+fearful-symmetry@users.noreply.github.com>
Co-authored-by: Przemyslaw Gomulka <przemyslaw.gomulka@elastic.co>
Co-authored-by: Amanda H. L. de Andrade Katz <amanda.andrade@serpro.gov.br>
Co-authored-by: Andrew Cholakian <andrew@andrewvc.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Filebeat Cisco module parsing sequence numbers with leading 0s as octal
5 participants