Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Winlogbeat] Add missing query while reading .evtx file #36173

Merged
merged 18 commits into from
Aug 8, 2023
Merged

[Winlogbeat] Add missing query while reading .evtx file #36173

merged 18 commits into from
Aug 8, 2023

Conversation

kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Jul 29, 2023

What does this PR do?

Adds query filter when processing .evtx file

Why is it important?

  • Fixes the bug when reading .evtx files

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.
  • I have made my commit title and message explanatory about the purpose and the reason of the change

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jul 29, 2023
@mergify
Copy link
Contributor

mergify bot commented Jul 29, 2023

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @kcreddy? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@elasticmachine
Copy link
Collaborator

elasticmachine commented Jul 29, 2023
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-08-07T11:43:24.397+0000

  • Duration: 42 min 59 sec

Test stats 🧪

Test Results
Failed 0
Passed 936
Skipped 9
Total 945

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@kcreddy kcreddy marked this pull request as ready for review August 3, 2023 16:34
@kcreddy kcreddy requested a review from a team as a code owner August 3, 2023 16:34
@kcreddy kcreddy requested a review from andrewkroh August 3, 2023 16:34
@kcreddy kcreddy added backport-7.17 Automated backport to the 7.17 branch with mergify 8.10-candidate Team:Security-External Integrations labels Aug 3, 2023
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Aug 3, 2023
andrewkroh
andrewkroh reviewed Aug 3, 2023
View reviewed changes
winlogbeat/eventlog/wineventlog_experimental.go Outdated Show resolved Hide resolved
CHANGELOG.next.asciidoc Outdated Show resolved Hide resolved
@kcreddy kcreddy requested a review from andrewkroh August 4, 2023 10:28
@kcreddy kcreddy merged commit 1fe462c into elastic:main Aug 8, 2023
8 checks passed
mergify bot pushed a commit that referenced this pull request Aug 8, 2023
@kcreddy @mergify
[Winlogbeat] Add missing query while reading .evtx file (#36173)
1b438c1 
* Add missing query for evtx processing

* update pr num

* update changelog

* Add test

* fix CI

* add eventID as string

* update query

* fix expected in test

* fix golangci-lint

* Address PR comment

* Add nolint:prealloc directives

(cherry picked from commit 1fe462c)

# Conflicts:
#	winlogbeat/eventlog/wineventlog.go
#	winlogbeat/eventlog/wineventlog_experimental.go
@mergify mergify bot mentioned this pull request Aug 8, 2023
Merged
kcreddy added a commit that referenced this pull request Aug 10, 2023
@mergify @kcreddy
[7.17](backport #36173) [Winlogbeat] Add missing query while reading …
30f4919 
….evtx file (#36255)

* [Winlogbeat] Add missing query while reading .evtx file (#36173)

* Add missing query for evtx processing

* update pr num

* update changelog

* Add test

* fix CI

* add eventID as string

* update query

* fix expected in test

* fix golangci-lint

* Address PR comment

* Add nolint:prealloc directives

(cherry picked from commit 1fe462c)

# Conflicts:
#	winlogbeat/eventlog/wineventlog.go
#	winlogbeat/eventlog/wineventlog_experimental.go

* add query to evtx file open

* remove unnecessary change log

---------

Co-authored-by: Krishna Chaitanya Reddy Burri <[email protected]>
Co-authored-by: kcreddy <[email protected]>
@pierrehilbert pierrehilbert mentioned this pull request Aug 11, 2023
Closed
Scholar-Li pushed a commit to Scholar-Li/beats that referenced this pull request Feb 5, 2024
@kcreddy @Scholar-Li
[Winlogbeat] Add missing query while reading .evtx file (elastic#36173)
d697ca3 
* Add missing query for evtx processing

* update pr num

* update changelog

* Add test

* fix CI

* add eventID as string

* update query

* fix expected in test

* fix golangci-lint

* Address PR comment

* Add nolint:prealloc directives
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

@kcreddy kcreddy

Labels
8.10-candidate backport-7.17 Automated backport to the 7.17 branch with mergify bugfix Winlogbeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Winlogbeat] Filter parameters don't work with .evtx files
3 participants
@kcreddy @elasticmachine @andrewkroh