Skip to content

[ping_one] Parse and map the internalCorrelation.* and source.* fields #15789

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
brijesh-elastic merged 2 commits into from
Oct 30, 2025
Merged

[ping_one] Parse and map the internalCorrelation.* and source.* fields #15789

brijesh-elastic merged 2 commits into from
Oct 30, 2025

Conversation

@brijesh-elastic
Copy link
Collaborator

@brijesh-elastic brijesh-elastic commented Oct 29, 2025

Proposed commit message

ping_one: Parse and map the internalCorrelation.* and source.* fields These new fields are appearing in the customer's environment. We have parsed and mapped the possible fields to ECS. We obtained sample data from the customer and masked it properly.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/ping_one directory.
  • Run the following command to run tests.

elastic-package test

Related issues
@brijesh-elastic brijesh-elastic self-assigned this Oct 29, 2025
@brijesh-elastic brijesh-elastic requested a review from a team as a code owner October 29, 2025 05:43
@brijesh-elastic brijesh-elastic added enhancement New feature or request Integration:ping_one PingOne Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] mapping/pipeline issue Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Oct 29, 2025
@elasticmachine
Copy link

elasticmachine commented Oct 29, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 29, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport
@elasticmachine
Copy link

elasticmachine commented Oct 29, 2025

💚 Build Succeeded

cc @brijesh-elastic
ShourieG
ShourieG reviewed Oct 29, 2025
View reviewed changes
packages/ping_one/data_stream/audit/elasticsearch/ingest_pipeline/default.yml
target_field: ping_one.audit.internal_correlation.transaction_id
ignore_missing: true
- convert:
field: json.source.ipAddress
Copy link
Contributor

@ShourieG ShourieG Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any possibility for the ip address to come as a "," separated string ?
Copy link
Collaborator Author

@brijesh-elastic brijesh-elastic Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on the log provided by the customer, No.
@andrewkroh andrewkroh added the documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. label Oct 29, 2025
efd6
efd6 approved these changes Oct 29, 2025
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but please wait for @ShourieG.
@brijesh-elastic brijesh-elastic merged commit 8d034be into elastic:main Oct 30, 2025
7 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 30, 2025

Package ping_one - 1.21.0 containing this change is available at https://epr.elastic.co/package/ping_one/1.21.0/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:ping_one PingOne mapping/pipeline issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]

5 participants

@brijesh-elastic @elasticmachine @efd6 @ShourieG @andrewkroh