Skip to content

[cisco_ise] Add Support of Timezone Configuration Parameter #13540

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+239 −185
Open

[cisco_ise] Add Support of Timezone Configuration Parameter #13540

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions packages/cisco_ise/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.27.0"
changes:
- description: Add support of timezone in configuration parameter.
type: enhancement
link: https://github.com/elastic/integrations/pull/1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
link: https://github.com/elastic/integrations/pull/1
link: https://github.com/elastic/integrations/pull/13540

- version: "1.26.2"
changes:
- description: Support milliseconds in timestamps
Expand Down
1 change: 1 addition & 0 deletions packages/cisco_ise/data_stream/log/_dev/test/system/test-filestream-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ service: cisco_ise-log-filestream
input: filestream
data_stream:
vars:
tz_offset: +05:00
preserve_original_event: true
preserve_duplicate_custom_fields: true
paths:
Expand Down
1 change: 1 addition & 0 deletions packages/cisco_ise/data_stream/log/_dev/test/system/test-tcp-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@ vars:
data_stream:
vars:
listen_port: 9025
tz_offset: +05:00
1 change: 1 addition & 0 deletions packages/cisco_ise/data_stream/log/_dev/test/system/test-udp-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@ vars:
data_stream:
vars:
listen_port: 9026
tz_offset: +05:00
6 changes: 6 additions & 0 deletions packages/cisco_ise/data_stream/log/agent/stream/filestream.yml.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,12 @@ tags:
{{#contains "forwarded" tags}}
publisher_pipeline.disable_host: true
{{/contains}}
{{#if tz_offset}}
fields_under_root: true
fields:
_conf:
tz_offset: {{tz_offset}}
{{/if}}
{{#if processors}}
processors:
{{processors}}
Expand Down
6 changes: 6 additions & 0 deletions packages/cisco_ise/data_stream/log/agent/stream/tcp.yml.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@ publisher_pipeline.disable_host: true
{{#if ssl}}
ssl: {{ssl}}
{{/if}}
{{#if tz_offset}}
fields_under_root: true
fields:
_conf:
tz_offset: {{tz_offset}}
{{/if}}
{{#if processors}}
processors:
{{processors}}
Expand Down
6 changes: 6 additions & 0 deletions packages/cisco_ise/data_stream/log/agent/stream/udp.yml.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@ tags:
{{#contains "forwarded" tags}}
publisher_pipeline.disable_host: true
{{/contains}}
{{#if tz_offset}}
fields_under_root: true
fields:
_conf:
tz_offset: {{tz_offset}}
{{/if}}
{{#if processors}}
processors:
{{processors}}
Expand Down
8 changes: 8 additions & 0 deletions packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,17 @@ processors:
if: ctx.host?.hostname != null
allow_duplicates: false
ignore_failure: true
- rename:
field: _conf.tz_offset
target_field: event.timezone
if: ctx._conf?.tz_offset != null
tag: rename_tz_offset
ignore_missing: true
- rename:
field: _tmp.timezone
tag: rename_tmp_timezone
target_field: event.timezone
if: ctx.event?.timezone == null # If user has not provided the timezone offset.
ignore_missing: true
Comment on lines +65 to 76
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this will give the configuration priority over a time zone seen in a log, is this intended behavior? In other Cisco integrations, the priority is log, then configuration.

Should we reverse the order here so the log time zone is given priority and if it isn't present, then we use the time zone from configuration?

- date:
field: _tmp.timestamp
Expand Down
24 changes: 24 additions & 0 deletions packages/cisco_ise/data_stream/log/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,14 @@ streams:
type: bool
multi: false
default: false
- name: tz_offset
type: text
title: Timezone Offset
multi: false
required: false
show_user: true
description: >-
When interpreting syslog timestamps without a time zone, use this timezone offset. Datetimes recorded in logs are by default interpreted in relation to the timezone set up on the host where the agent is operating. Use this parameter to adjust the timezone offset when importing logs from a host in a different timezone so that datetimes are appropriately interpreted. Both a canonical ID (such as "Europe/Amsterdam") and an HH:mm differential (such as "-05:00") are acceptable timezone formats.
- name: processors
type: yaml
title: Processors
Expand Down Expand Up @@ -53,6 +61,14 @@ streams:
type: bool
multi: false
default: false
- name: tz_offset
type: text
title: Timezone Offset
multi: false
required: false
show_user: true
description: >-
When interpreting syslog timestamps without a time zone, use this timezone offset. Datetimes recorded in logs are by default interpreted in relation to the timezone set up on the host where the agent is operating. Use this parameter to adjust the timezone offset when importing logs from a host in a different timezone so that datetimes are appropriately interpreted. Both a canonical ID (such as "Europe/Amsterdam") and an HH:mm differential (such as "-05:00") are acceptable timezone formats.
- name: udp_options
type: yaml
title: Custom UDP Options
Expand Down Expand Up @@ -102,6 +118,14 @@ streams:
type: bool
multi: false
default: false
- name: tz_offset
type: text
title: Timezone Offset
multi: false
required: false
show_user: true
description: >-
When interpreting syslog timestamps without a time zone, use this timezone offset. Datetimes recorded in logs are by default interpreted in relation to the timezone set up on the host where the agent is operating. Use this parameter to adjust the timezone offset when importing logs from a host in a different timezone so that datetimes are appropriately interpreted. Both a canonical ID (such as "Europe/Amsterdam") and an HH:mm differential (such as "-05:00") are acceptable timezone formats.
- name: processors
type: yaml
title: Processors
Expand Down
Loading