From 26e642cfc51feafc68bc9c6fd93ac923f7b7529e Mon Sep 17 00:00:00 2001 From: Andres Romero Date: Fri, 21 Feb 2025 16:31:11 -0500 Subject: [PATCH] AZINTS-3155 / Adding new sources for dates in Azure active directory pipeline (#19667) * Remap time from three new sources in activedirectory logs * Updating test to remove now missing time field * Updating name to match required name --- .../assets/logs/azure.activedirectory.yaml | 5 ++++- .../assets/logs/azure.activedirectory_tests.yaml | 2 -- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/azure_active_directory/assets/logs/azure.activedirectory.yaml b/azure_active_directory/assets/logs/azure.activedirectory.yaml index 1c3a09dc453f0..e3f822e82c068 100644 --- a/azure_active_directory/assets/logs/azure.activedirectory.yaml +++ b/azure_active_directory/assets/logs/azure.activedirectory.yaml @@ -179,9 +179,12 @@ pipeline: matchRules: | extract_resource_name /%{_subscriptions}\/%{_non_extracted_resource}\/%{_resource_groups}\/%{_non_extracted_resource}\/%{_providers}%{_non_extracted_resource}\/%{_non_extracted_resource}\/%{data}\/%{_resource_name} - type: date-remapper - name: Define `time` as the official date of the log + name: Define `properties.createdDateTime`, `properties.activityDateTime`, `properties.timeGenerated`, `time` as the official date of the log enabled: true sources: + - properties.createdDateTime + - properties.activityDateTime + - properties.timeGenerated - time - type: status-remapper name: Define `level` as the official status of the log diff --git a/azure_active_directory/assets/logs/azure.activedirectory_tests.yaml b/azure_active_directory/assets/logs/azure.activedirectory_tests.yaml index eb1fa242e6bc1..7edb8c016603b 100644 --- a/azure_active_directory/assets/logs/azure.activedirectory_tests.yaml +++ b/azure_active_directory/assets/logs/azure.activedirectory_tests.yaml @@ -70,7 +70,6 @@ tests: "correlationId" : "d47198c3-f726-47b8-b683-3f6244c9ceb5", "Level" : 4, "location" : "US", - "time" : "2020-05-13T12:35:19.6363979Z", "category" : "SignInLogs", "resultType" : "0", "durationMs" : 0, @@ -220,7 +219,6 @@ tests: resultType: "0" service: "azure" tenantId: "4d3bac44-0230-4732-9e70-cc00736f0a97" - time: "2020-05-13T12:35:19.6363979Z" title: "'Sign-in activity' resulted in success initiated by testtest@datadoghq.com " usr: email: "testtest@datadoghq.com"