[New Integration] Goflow2 integration #10561
Conversation
|
💚 CLA has been signed |
andrewkroh
added
New Integration
needs CLA
jamiehynds
added
the
Team:Security-Deployment and Devices
|
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices) |
andrewkroh
removed
the
needs CLA
|
/test |
|
/test |
…grations into goflow2-integration
.github/CODEOWNERS
Outdated
| @@ -205,6 +205,7 @@ | |||
| /packages/github @elastic/security-service-integrations | |||
| /packages/gitlab @elastic/security-service-integrations | |||
| /packages/golang @elastic/obs-infraobs-integrations | |||
| /packages/goflow2 @elastic/security-service-integrations | |||
There was a problem hiding this comment.
this one should be @elastic/sec-deployment-and-devices
|
@HaveSec @marioschaefer could you please add some tests for the |
on my list for today. |
@pkoutsovasilis took a bit longer, but now finished. all tests pass. |
|
/test |
@taylor-swanson codeowner fixed |
packages/goflow2/data_stream/sflow/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/goflow2/data_stream/sflow/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/goflow2/data_stream/sflow/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/goflow2/data_stream/sflow/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
packages/goflow2/data_stream/sflow/_dev/test/system/test-logfile-config.yml
Outdated
Show resolved
Hide resolved
|
@taylor-swanson could you pls check? |
|
/test |
🚀 Benchmarks reportTo see the full report comment with |
There was a problem hiding this comment.
Do we anticipate this list of fields ever to change? Specifically, could any of these fields become optional in the future?
# File: /etc/goflow2/mapping.yaml
formatter:
fields: # list of fields to format in JSON
- type
- time_flow_start_ns
- sampler_address
- sequence_num
- in_if
- out_if
- src_addr
- dst_addr
- etype
- proto
- src_port
- dst_port
- src_vlan
- dst_vlan
- sampling_rate
- bytes
If yes, then I would advocate for null checks/ignore_missing on every (applicable) processor. Otherwise I'm fine with leaving those off for now. Since we've specified this in the documentation, we know they should be there and it isn't as critical to add null checks and ignore_missing everywhere.
packages/goflow2/data_stream/sflow/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
…rocessors, added more testsamples
|
/test |
|
💚 Build Succeeded
History
|
|
Package goflow2 - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=goflow2 |
- Add the GoFlow2 integration to monitor goflow2 logs - Add initial sflow data stream to ingest sflow logs from goflow2 - Add system and pipeline tests --------- Co-authored-by: Christian Hilgers <[email protected]> Co-authored-by: Mario Schäfer <[email protected]>
The GoFlow2 integration allows you to monitor goflow2 logs. At the moment only goflow2 sflow logs are supported.
Checklist
changelog.ymlfile.How to test this PR locally
goflow2 -format json -listen "sflow://:6343" -mapping /root/sflow/goflow2/mapping.yaml -transport.file /var/log/sflow/goflow2/goflow2.log