[cisco_asa] parse 'message repeated X times' updated #12682
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
calebcrouse3 changed the title 
jamiehynds added the Team:Security-Deployment and Devices 
| Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices) |
mjwolf reviewed Feb 13, 2025
Contributor
mjwolf left a comment
mjwolf left a comment There was a problem hiding this comment.
Thanks, this looks good. There's just a couple minor things to change
packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-repeat-deny.log-expected.json Outdated Show resolved Hide resolved
packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
andrewkroh approved these changes Mar 21, 2025
Member
andrewkroh left a comment
andrewkroh left a comment There was a problem hiding this comment.
LGTM. Just a minor comment.
packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml Outdated Show resolved Hide resolved
ctx can never be null in this context.
Member
| /test |
Member
| The README.md file needs regenerated via @@ -167,2 +167,3 @@ | cisco.asa.message_id | The Cisco ASA message identifier. | keyword | +| cisco.asa.message_repeats | The number of times the message has been repeated. | short | | cisco.asa.original_iana_number | IANA Protocol Number of the original IP payload. | short | |
auto-merge was automatically disabled March 21, 2025 19:39
Head branch was pushed to by a user without write access
Member
| /test |
🚀 Benchmarks reportTo see the full report comment with |
💚 Build Succeeded
History
|
|
| Package cisco_asa - 2.43.4 containing this change is available at https://epr.elastic.co/package/cisco_asa/2.43.4/ |
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
Proposed commit message
Deny message logs that contain the string "message repeated X times" are causing downstream failures. Add processors to parse the number of repeats, assign it to a field, and remove this portion of the message string so that subsequent processors do not encounter errors.
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Related issues
Screenshots