Comments (7)
mtojek
commented on July 17, 2024
2
I'm fine with this as a PoC, but in the longer run, wow about creating our own tool that can run inside an integration dir? Only minded to work on a single integration, able to run tests and also help on the development
Actually we a chat about it with @ruflin to use a dedicated tool that you can use in different repos (integrations, package-storage). I'm happy to follow this path as I'm not a fan of mage :)
from integrations.
mtojek
commented on July 17, 2024
@skh Shall I ask you to respond to this question?
Re 1: what modifications does Kibana apply to the ingest pipeline? Let's say I need to apply same modifications and install the pipeline in ES manually.
from integrations.
skh
commented on July 17, 2024
IngestManager / EPM replaces '{{IngestPipeline "some-pipeline" }}' with "PACKAGEPREFIX-some-pipeline".
PACKAGEPREFIX will look like: "logs-PACKAGE.DATASET-VERSION".
We rename all pipelines before installation by prefixing them with PACKAGEPREFIX so the name of the referenced pipeline matches.
from integrations.
mtojek
commented on July 17, 2024
Thank you, @skh !
from integrations.
exekias
commented on July 17, 2024
From my experience, mage is not a great tool for this for the following reason: mage belongs in a main directory, so you need to run it form there, because of that, you add parameters to tell mage what integration to look into. The list of parameters tends to grow and it is not really usable, as they are not passed as flags that you can document.
I'm fine with this as a PoC, but in the longer run, wow about creating our own tool that can run inside an integration dir? Only minded to work on a single integration, able to run tests and also help on the development
from integrations.
ruflin
commented on July 17, 2024
I assume your step 3 will get a bit more complex. It will require the agent to be run with the stream template and fill in the config variables, as otherwise you will not know how to read and process the log locally. This is basically the code in https://github.com/elastic/beats/blob/master/filebeat/tests/system/test_modules.py but finally implemented in Golang.
from integrations.
mtojek
commented on July 17, 2024
I think we have a plan for this so resolving.
from integrations.
Related Issues (20)
- [elastic_package_registry] Failing test daily: pipeline test: test-default.json in elastic_package_registry.metrics - IGNORE testing
- [elastic_package_registry] Failing test daily: pipeline test: test-default.json in elastic_package_registry.metrics - IGNORE testing
- [elastic_package_registry] Failing test daily: pipeline test: test-default.json in elastic_package_registry.metrics - IGNORE testing
- [Milestone 1] Create a versioned findings latest transform with index alias in the integrations repository HOT 2
- [CiscoIOS] Incorrect Parsing of IPACCESSLOGSP events, integration tests not running in CI? HOT 2
- Integration errors with `netflow.log` data HOT 2
- [Custom STIX]Create ingest pipelines and mappings to process STIX indicators to ECS
- [Custom STIX]Support CEL input to act as a TAXII client HOT 1
- [Custom STIX]Support for IOC expiration
- [Custom STIX]Support for system and pipeline tests
- [Crowdstrike]Investigate potential support for Event Streaming API in Crowdstrike HOT 1
- [Tychon] Clean up for review HOT 1
- [Tychon] Update alerts to use new field names, switching to generic alerts when possible
- Perform a pass over respective dashboards and update/add any dashboard element or tables if required
- [IIS] Add processors to application_pool, webserver, and website metrics datastreams HOT 1
- [New Integration] AWS Config HOT 1
- Migrate `windows` integration to package spec v3 HOT 1
- Migrate `elastic_agent` integration to package spec v3 HOT 1
- [qualys_vmdr.asset_host_detection] Align field names with Qualys field names HOT 1
- [qualys_vmdr.asset_host_detection] Align `cloud.*` fields with Qualys data and not elastic agent metadata HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from integrations.