Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #18948 to 7.7: Filebeat: Fix o365 module issues #19063

Merged
merged 2 commits into from
Jun 9, 2020
Merged

Cherry-pick #18948 to 7.7: Filebeat: Fix o365 module issues #19063

merged 2 commits into from
Jun 9, 2020

Conversation

adriansr
Copy link
Contributor

@adriansr adriansr commented Jun 9, 2020
edited by zube bot
Loading

Cherry-pick of PR #18948 to 7.7 branch. Original message:

Assorted fixes to the o365 module:

  • Mark module as beta in docs.
  • get rid of data-loss error on startup: Bad error handling around saved-state loading (unimplemented) caused a data-loss warning on startup instead of a less scary info message:
- [ERROR] Error loading saved state. Will fetch all retained events. Depending on max_retention, this can cause event loss or duplication.
+ [INFO] No saved state found. Will fetch events for the last 168h.
  • Avoid passing API errors to the JS pipeline

Ingestion pipeline errors from o365audit input need not to go through the JS pipeline, it'll add more errors and noise.

  • Prevent dissect error about overriding client.port

  • Fix how API settings are passed to the o365 input

Passing low-level API settings between module and input was broken.

  • Document max_period using the right units.

The sample conf will use 7d which is not valid as hours is the largest supported unit.

@adriansr
Filebeat: Fix o365 module issues (elastic#18948)
f0cbd8f 
- Fix scary data-loss warning on startup
- Avoid API errors being processed by the JS pipeline
- Fix dissect error about overiding client.port
- Fix module passing API settings to the input
- Document max_period using the right units

(cherry picked from commit 83bbd57)
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jun 9, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jun 9, 2020
@adriansr adriansr merged commit f9cbac5 into elastic:7.7 Jun 9, 2020
@adriansr adriansr deleted the backport_18948_7.7 branch June 9, 2020 15:55
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
@adriansr
Cherry-pick elastic#18948 to 7.7: Filebeat: Fix o365 module issues (e…
e8629e8 
…lastic#19063)

* Filebeat: Fix o365 module issues (elastic#18948)

- Fix scary data-loss warning on startup
- Avoid API errors being processed by the JS pipeline
- Fix dissect error about overiding client.port
- Fix module passing API settings to the input
- Document max_period using the right units

(cherry picked from commit b99a73c)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marc-gr marc-gr marc-gr approved these changes

Assignees
No one assigned
Labels
backport review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adriansr @elasticmachine @marc-gr