Skip to content

[integrations] - Fixed aggregation error in AWS Guard Duty Severity Overview Dashboard #9253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Feb 28, 2024
Merged

[integrations] - Fixed aggregation error in AWS Guard Duty Severity Overview Dashboard #9253

merged 11 commits into from
Feb 28, 2024

Conversation

ShourieG
Copy link
Contributor

Type of change

Please label this PR with one of the following labels, depending on the scope of your change:

  • Bug

Proposed commit message

The Severity Overview Dashboard had a bug where the Severity Over Time Logs Visualisation was aggregating on the "_id" field. Since this is meta field it cannot be aggregated on. This has been fixed to count the number of records, which is a default feature.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@ShourieG ShourieG requested review from a team as code owners February 28, 2024 13:17
@ShourieG ShourieG self-assigned this Feb 28, 2024
kcreddy
kcreddy approved these changes Feb 28, 2024
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ShourieG ShourieG enabled auto-merge (squash) February 28, 2024 14:23
@ShourieG ShourieG disabled auto-merge February 28, 2024 14:23
@elasticmachine
Copy link

🚀 Benchmarks report

Package aws 👍(11) 💚(3) 💔(3)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
route53_public_logs 12658.23 7692.31 -4965.92 (-39.23%) 💔
ec2_logs 37037.04 27777.78 -9259.26 (-25%) 💔
guardduty 1005.03 711.74 -293.29 (-29.18%) 💔

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

cc @ShourieG

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No Coverage information No data about Coverage
No Duplication information No data about Duplication

See analysis details on SonarQube

@ShourieG ShourieG merged commit 4c91ffc into elastic:main Feb 28, 2024
@elasticmachine
Copy link

Package aws - 2.12.2 containing this change is available at https://epr.elastic.co/search?package=aws

@ShourieG ShourieG deleted the bugfix/guardduty branch February 29, 2024 03:03
@louisong
Copy link

louisong commented Mar 4, 2024

@ShourieG Customer is asking if it is possible for the bug fix to be backported to older version 8.10 or 8.11?
They are trying to avoid upgrading the entire stack to 8.12 for testing out the fix.

@ShourieG
Copy link
Contributor Author

ShourieG commented Mar 5, 2024

@ShourieG Customer is asking if it is possible for the bug fix to be backported to older version 8.10 or 8.11? They are trying to avoid upgrading the entire stack to 8.12 for testing out the fix.

@louisong Unfortunately this cannot be backported as integration rollouts are tied to specific Kibana versions unlike beats. Previous updates already bumped up the version to 8.12 so this PR is built on top of that. The customer could update to the latest 8.12 or manually clone the dashboard and replace the unique count function with a record count function in Kibana Lens, which is pretty simple to do.

gizas pushed a commit that referenced this pull request Mar 13, 2024
@ShourieG @gizas
[integrations] - Fixed aggregation error in AWS Guard Duty Severity O…
6ab18ea 
…verview Dashboard (#9253)

* refactored the integration, added new parameters and improved documentation for making integration GA

* bugfix for aggregating on _id

* updated changelog
qcorporation pushed a commit that referenced this pull request Feb 3, 2025
@ShourieG @gizas
[integrations] - Fixed aggregation error in AWS Guard Duty Severity O…
43c5007 
…verview Dashboard (#9253)

* refactored the integration, added new parameters and improved documentation for making integration GA

* bugfix for aggregating on _id

* updated changelog
qcorporation pushed a commit that referenced this pull request Feb 4, 2025
@ShourieG @gizas
[integrations] - Fixed aggregation error in AWS Guard Duty Severity O…
477913e 
…verview Dashboard (#9253)

* refactored the integration, added new parameters and improved documentation for making integration GA

* bugfix for aggregating on _id

* updated changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drewdaemon drewdaemon drewdaemon approved these changes

@kcreddy kcreddy kcreddy approved these changes

@muthu-mps muthu-mps muthu-mps approved these changes

Assignees

@ShourieG ShourieG

Labels
Integration:aws AWS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@ShourieG @elasticmachine @louisong @drewdaemon @kcreddy @muthu-mps @andrewkroh