Skip to content

[Azure Logs] Add caller_ip_address field for sign-in logs #8813

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Jan 7, 2024
Merged

[Azure Logs] Add caller_ip_address field for sign-in logs #8813

merged 8 commits into from
Jan 7, 2024

Conversation

lucian-ioan
Copy link
Contributor

@lucian-ioan lucian-ioan commented Jan 2, 2024
edited
Loading

Proposed commit message

Add pipeline processing for callerIpAddress field to the Azure sign-in logs.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@lucian-ioan lucian-ioan mentioned this pull request Jan 2, 2024
Closed
@lucian-ioan lucian-ioan self-assigned this Jan 3, 2024
@lucian-ioan lucian-ioan added the Integration:azure Azure Logs label Jan 3, 2024
@lucian-ioan
Copy link
Contributor Author

Checking all other fields like tenant_id etc. but as far as I can tell those are being processed.

@elasticmachine
Copy link

elasticmachine commented Jan 4, 2024
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@lucian-ioan lucian-ioan marked this pull request as ready for review January 4, 2024 19:14
@lucian-ioan lucian-ioan requested review from a team as code owners January 4, 2024 19:14
@lucian-ioan lucian-ioan requested a review from muthu-mps January 4, 2024 19:14
@muthu-mps muthu-mps changed the title [Azure Logs] Add callerIpAddress field for sign-in logs [Azure Logs] Add caller_ip_address field for sign-in logs Jan 5, 2024
muthu-mps
muthu-mps reviewed Jan 5, 2024
View reviewed changes
packages/azure/data_stream/signinlogs/elasticsearch/ingest_pipeline/default.yml Outdated
@@ -83,8 +83,7 @@ processors:
value: '{{{azure.signinlogs.properties.ip_address}}}'
ignore_empty_value: true
- set:
if: ctx?.source?.address == null
field: source.address
field: azure.signinlogs.properties.caller_ip_address
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When we add the signinlogs.caller_ip_address into the signinlogs.properties.caller_ip_address what happens with the following use-cases,

  1. The callerIpAddress field is outside the properties when we receive from the Azure. Can we capture this field in the same way?
  2. In a certain scenarios we will get caller_ip_address inside the properties as well. How do we handle that?

Copy link
Contributor Author

@lucian-ioan lucian-ioan Jan 5, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Done, makes sense to keep it as the original.
  2. I couldn't find a scenario where caller_ip_address is inside the properties unless dynamic mapping was applied, which shouldn't be a problem anymore.

Also worth noting that there are no custom log capabilities in Azure for sign-in logs.

@lucian-ioan lucian-ioan requested a review from muthu-mps January 5, 2024 08:07
muthu-mps
muthu-mps reviewed Jan 5, 2024
View reviewed changes
packages/azure/data_stream/signinlogs/elasticsearch/ingest_pipeline/default.yml Outdated
@@ -93,11 +92,15 @@ processors:
type: ip
ignore_missing: true
ignore_failure: true
- convert:
field: azure.signinlogs.properties.caller_ip_address
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
field: azure.signinlogs.properties.caller_ip_address
field: azure.signinlogs.caller_ip_address

@lucian-ioan lucian-ioan requested a review from muthu-mps January 5, 2024 09:33
muthu-mps
muthu-mps approved these changes Jan 5, 2024
View reviewed changes
Copy link
Contributor

@muthu-mps muthu-mps left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@lucian-ioan lucian-ioan merged commit acb6506 into elastic:main Jan 7, 2024
@elasticmachine
Copy link

Package azure - 1.8.3 containing this change is available at https://epr.elastic.co/search?package=azure

@lucian-ioan lucian-ioan deleted the fix_pipeline_azure_signin_logs branch February 6, 2025 19:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@muthu-mps muthu-mps muthu-mps approved these changes

@bhapas bhapas bhapas approved these changes

Assignees

@lucian-ioan lucian-ioan

Labels
Integration:azure Azure Logs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Azure Logs] Add missing fields in pipeline processing for sign-in logs
4 participants
@lucian-ioan @elasticmachine @muthu-mps @bhapas