Skip to content

[Cisco Meraki] Add filter in grok parsing for port events #14167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 10, 2025
Merged

[Cisco Meraki] Add filter in grok parsing for port events #14167

merged 3 commits into from
Jun 10, 2025

Conversation

@moxarth-rathod
Copy link
Contributor

@moxarth-rathod moxarth-rathod commented Jun 6, 2025
edited by ShourieG
Loading

Proposed commit message

cisco_meraki: fix pipeline issue by adding a filter in grok parsing for port events. As the current Grok pattern in the ingest pipeline is designed to match log lines that indicate specific port actions, i.e. `status changes` or `STP role changes`, this PR adding a filter in grok parsing for port events to logs with actionable phrases to prevent errors from benign messages.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install the elastic package locally.
  • Start the elastic stack using the elastic package.
  • Move to integrations/packages/cisco_meraki directory.
  • Run the following command to run tests.

elastic-package test -v
@moxarth-rathod moxarth-rathod self-assigned this Jun 6, 2025
@moxarth-rathod moxarth-rathod requested a review from a team as a code owner June 6, 2025 08:14
@moxarth-rathod moxarth-rathod added Integration:cisco_meraki Cisco Meraki bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Jun 6, 2025
@elasticmachine
Copy link

elasticmachine commented Jun 6, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Jun 6, 2025
edited
Loading

🚀 Benchmarks report

Package cisco_meraki 👍(0) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
events 250000 200000 -50000 (-20%) 💔

To see the full report comment with /test benchmark fullreport
@moxarth-rathod moxarth-rathod requested a review from ShourieG June 6, 2025 08:59
ShourieG
ShourieG reviewed Jun 10, 2025
View reviewed changes
packages/cisco_meraki/changelog.yml Outdated
changes:
- description: Limit Grok parsing for port events to logs with actionable phrases to prevent errors from benign messages.
type: bugfix
link: https://github.com/elastic/integrations/pull/1
Copy link
Contributor

@ShourieG ShourieG Jun 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please fix pr number @moxarth-rathod
@moxarth-rathod @ShourieG
Apply suggestions from code review
b5d3bb9 
Co-authored-by: Shourie Ganguly <shourie.ganguly@elastic.co>
@moxarth-rathod moxarth-rathod requested a review from ShourieG June 10, 2025 06:56
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Jun 10, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube
@elasticmachine
Copy link

elasticmachine commented Jun 10, 2025

💚 Build Succeeded

History

cc @moxarth-rathod
ShourieG
ShourieG approved these changes Jun 10, 2025
View reviewed changes
Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
@ShourieG ShourieG merged commit 0902729 into elastic:main Jun 10, 2025
7 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Jun 10, 2025

Package cisco_meraki - 1.28.2 containing this change is available at https://epr.elastic.co/package/cisco_meraki/1.28.2/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bugfix Pull request that fixes a bug issue Integration:cisco_meraki Cisco Meraki Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]

3 participants

@moxarth-rathod @elasticmachine @ShourieG