Skip to content

index call_stack_summary in API events #520

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 19, 2024
Merged

index call_stack_summary in API events #520

merged 2 commits into from
Jul 19, 2024

Conversation

jdu2600
Copy link
Contributor

@jdu2600 jdu2600 commented Jul 5, 2024

Change Summary

Add call_stack_summary to API events. This field is indexed for other event types.

For mapping changes:

  • I ran make after making the schema changes, and committed all changes

@jdu2600 jdu2600 requested a review from a team as a code owner July 5, 2024 06:40
@jdu2600 jdu2600 requested review from tomsonpl and paul-tavares July 5, 2024 06:40
@jdu2600 jdu2600 self-assigned this Jul 5, 2024
@jdu2600
Copy link
Contributor Author

jdu2600 commented Jul 5, 2024

Build failure appears unrelated (and presumably temporary).

Error response from daemon: manifest for docker.elastic.co/elasticsearch/elasticsearch:8.16.0 not found: manifest unknown: manifest unknown

@jdu2600 jdu2600 requested a review from joe-desimone July 5, 2024 10:29
pzl
pzl approved these changes Jul 5, 2024
View reviewed changes
Copy link
Member

@pzl pzl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for adding it to the sample_event.json, all good here

yes, the CI failure is unrelated. Just waiting for the rest of the stack to start making 8.16.0-SNAPSHOT images to test against.

@pzl
Copy link
Member

pzl commented Jul 11, 2024

@jdu2600 I don't think "\ci" is set up to run in this repo (I will try below), but if you push an update to trigger a rebuild, I expect CI should run correctly now

\ci

@jdu2600 jdu2600 force-pushed the api_updates branch 2 times, most recently from c0808e3 to d94ae4c Compare July 18, 2024 05:27
@jdu2600
Copy link
Contributor Author

jdu2600 commented Jul 18, 2024

@pzl - is main currently healthy? The latest build is red...

When I commit just my changes (d94ae4c) the build fails with -

check for uncommitted build artifacts
100644 100644 205b29c771fe7a6ebac20bb30d218f8d52473522 0000000000000000000000000000000000000000 M	package/endpoint/data_stream/security/fields/fields.yml
100644 100644 9a14e79a25c6342d37edf5649f8b4489e5386ec4 0000000000000000000000000000000000000000 M	package/endpoint/docs/README.md
100644 100644 9d9c333ba063b7aa1f49fe06b8cc49c91e4269b5 0000000000000000000000000000000000000000 M	schemas/v1/security/security.yaml

And when I commit those unrelated changes (bb236c9) it then fails with -

endpoint/security Verify sample_event.json:
[0] field "Target.process.Ext.authentication_id" is undefined
[1] field "process.Ext.authentication_id" is undefined

My issue seems to be related to #519 but it's final build was green...

@pzl
Copy link
Member

pzl commented Jul 18, 2024

Good catch, main is not healthy. The PR CI was green, but on-merge was not.

Will clean up main and unblock

@jdu2600
Copy link
Contributor Author

jdu2600 commented Jul 18, 2024

@pzl Thanks - all working now. 😃

@jdu2600 jdu2600 merged commit f8a4175 into main Jul 19, 2024
4 checks passed
@jdu2600 jdu2600 deleted the api_updates branch July 19, 2024 00:52
@pzl pzl mentioned this pull request Jul 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pzl pzl pzl approved these changes

@tomsonpl tomsonpl Awaiting requested review from tomsonpl tomsonpl is a code owner automatically assigned from elastic/security-defend-workflows

@paul-tavares paul-tavares Awaiting requested review from paul-tavares paul-tavares is a code owner automatically assigned from elastic/security-defend-workflows

@joe-desimone joe-desimone Awaiting requested review from joe-desimone

Assignees

@jdu2600 jdu2600

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jdu2600 @pzl