Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x-pack/winlogbeat/module/powershell: don't split tokens on hyphen #28483

Merged
merged 1 commit into from
Nov 16, 2021
Merged

x-pack/winlogbeat/module/powershell: don't split tokens on hyphen #28483

merged 1 commit into from
Nov 16, 2021

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Oct 18, 2021

What does this PR do?

The change replaces the simple tokenizer with a custom tokenizer that splits on word boundaries that do not include hyphen.

Why is it important?

The current tokenizer splits powershell language tokens given incorrect search results.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • Confirm that this generates the correct output template.

How to test this PR locally

Related issues

Use cases

N/A

Screenshots

N/A

Logs

N/A

@efd6 efd6 added bug Team:Security-External Integrations 7.16-candidate backport-skip Skip notification from the automated backport with mergify labels Oct 18, 2021
@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Oct 18, 2021
@efd6 efd6 force-pushed the windows/powershell branch from f118352 to 4c19dbc Compare October 18, 2021 00:07
@elasticmachine
Copy link
Collaborator

elasticmachine commented Oct 18, 2021
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-11-15T23:53:54.871+0000

  • Duration: 58 min 34 sec

  • Commit: 5997d97

Test stats 🧪

Test Results
Failed 0
Passed 883
Skipped 0
Total 883

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@andrewkroh
Copy link
Member

I opened an issue to discuss custom analyzer support in Beats at #28540.

@mergify
Copy link
Contributor

mergify bot commented Nov 10, 2021

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b windows/powershell upstream/windows/powershell
git merge upstream/master
git push upstream windows/powershell

@efd6 efd6 mentioned this pull request Nov 11, 2021
Merged
5 tasks
@efd6 efd6 added 8.1-candidate backport-v8.0.0 Automated backport with mergify and removed 7.16-candidate labels Nov 15, 2021
@mergify mergify bot removed the backport-skip Skip notification from the automated backport with mergify label Nov 15, 2021
@efd6 efd6 force-pushed the windows/powershell branch from 4c19dbc to 582fac2 Compare November 15, 2021 23:31
@efd6 efd6 force-pushed the windows/powershell branch from 582fac2 to 5997d97 Compare November 15, 2021 23:53
@efd6 efd6 requested a review from andrewkroh November 16, 2021 00:53
@efd6 efd6 marked this pull request as ready for review November 16, 2021 00:53
@efd6 efd6 requested a review from a team as a code owner November 16, 2021 00:53
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

efd6
efd6 commented Nov 16, 2021
View reviewed changes
x-pack/winlogbeat/module/powershell/_meta/fields.yml
Comment on lines +134 to +137
search_analyzer:
winlogbeat_powershell_script_analyzer:
type: pattern
pattern: "[\\W&&[^-]]+"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a note. I duplicated the definition in the search analyzer although this is not required since the analyzers are collated during the fields walk. It is included for clarity — though I'm not sure it achieves that.

@efd6 efd6 merged commit f11b9ff into elastic:master Nov 16, 2021
mergify bot pushed a commit that referenced this pull request Nov 16, 2021
@efd6
x-pack/winlogbeat/module/powershell: don't split tokens on hyphen (#2…
ca7c264 
…8483)

(cherry picked from commit f11b9ff)
@mergify mergify bot mentioned this pull request Nov 16, 2021
Merged
@efd6 efd6 deleted the windows/powershell branch November 16, 2021 01:51
efd6 added a commit that referenced this pull request Nov 16, 2021
@mergify @efd6
x-pack/winlogbeat/module/powershell: don't split tokens on hyphen (#2…
6e66d57 
…8483) (#28982)

(cherry picked from commit f11b9ff)

Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com>
Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees
No one assigned
Labels
8.1-candidate backport-v8.0.0 Automated backport with mergify bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@efd6 @elasticmachine @andrewkroh