[O11y] Migrate infraobs packages to ecs@mappings

[harnish-elastic]

• Enhancement

Proposed commit message

Migration performed using ecs-update. Minor manual changes are performed.

• event.category or event.type is expecting value as an array instead of string. Hence provided the value as an array.

• generated pipeline and system tests.

• If the package is containing kibana version configuration as below,

  conditions:
    kibana.version: "^8.10.0"
  

  Updated these configuration to,

  conditions:
    kibana:
      version: "^8.10.0"
  

Command

  go run github.com/andrewkroh/go-examples/ecs-update@014b35dfe4c9832b51e7c909a39a48257d6a005d \
    -ecs-version=8.11.0 \
    -ecs-git-ref=v8.11.0 \
    -fields-yml-drop-ecs \
    -kibana-version=^8.13.0 \
    -drop-import-mappings \
    -pr=10171 \
    -owner=elastic/obs-infraobs-integrations \
    packages/*

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

TSDB Testing

• Performed TSDB testing for some packages. I have put the index templates in this doc.
• Performed live data collection to make sure there are no event drops.

[efd6]

s/10135/10171/ in PR description. Also suggest using sha 014b35dfe4c9832b51e7c909a39a48257d6a005d for the tool; f7c19f8f3fa105fe1d869ed34f4d6c76c75bce2c is out of date with some fixes.

To fix up issues the best thing to do is reset --hard origin/main and re-run the command with the correct values, rather than polishing the PR.

[harnish-elastic]

s/10135/10171/ in PR description. Also suggest using sha 014b35dfe4c9832b51e7c909a39a48257d6a005d for the tool; f7c19f8f3fa105fe1d869ed34f4d6c76c75bce2c is out of date with some fixes.

To fix up issues the best thing to do is reset --hard origin/main and re-run the command with the correct values, rather than polishing the PR.

Cool, let me do that. Thanks!

[elasticmachine]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[efd6]

The issues with the sample events will need addressing. The approach that I have taken is to do manual fix-ups guided by the failures that I see after running the tool (for example here) and then run the tool after those fixes are merged.

[niraj-elastic]

@harnish-elastic Can you please explain this change?

[harnish-elastic]

The change was related to event.category will not be longer support the value log. So based on data stream's logs, the network value suits. Hence updated the value!

[ishleenk17]

Can you share what the exact error here and since when has this category been removed ?

[harnish-elastic]

oracle_weblogic/access test-access.log:
[0] parsing field value failed: field "event.category"'s value "log" is not one of the allowed values (api, authentication, configuration, database, driver, email, file, host, iam, intrusion_detection, library, malware, network, package, process, registry, session, threat, vulnerability, web)

[ishleenk17]

Can you share what the exact error here and since when has this category been removed ?

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 2236426

History

• 💔 Build #13274 failed 21ba3c9
• 💚 Build #12919 succeeded 982c0ce
• 💚 Build #12822 succeeded 7eac098
• 💔 Build #12805 failed 7eac098
• 💚 Build #12768 succeeded 3701399
• 💔 Build #12764 failed 8570ead

cc @harnish-elastic

[elastic-sonarqube]

Quality Gate failed

Failed conditions
38.9% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

[agithomas]

When i look at the attached screenshot of this PR, i do not think that we must limit the event.category to iam only.

[ishleenk17]

To unblock this PR, lets keep in "iam" for now.
If we come to a consensus that we need to add more categories, we can do that later as we are appending here.

[tetianakravchenko]

prometheus.remote_write - LGTM!

[ishleenk17]

Looks good!

[niraj-elastic]

LGTM

[elasticmachine]

Package cassandra - 1.14.0 containing this change is available at https://epr.elastic.co/search?package=cassandra

[elasticmachine]

Package nats - 1.7.0 containing this change is available at https://epr.elastic.co/search?package=nats

[elasticmachine]

Package oracle_weblogic - 1.7.0 containing this change is available at https://epr.elastic.co/search?package=oracle_weblogic

[elasticmachine]

Package prometheus - 1.18.0 containing this change is available at https://epr.elastic.co/search?package=prometheus

[elasticmachine]

Package rabbitmq - 1.15.0 containing this change is available at https://epr.elastic.co/search?package=rabbitmq

[elasticmachine]

Package spring_boot - 1.6.0 containing this change is available at https://epr.elastic.co/search?package=spring_boot

[elasticmachine]

Package sql - 0.5.0 containing this change is available at https://epr.elastic.co/search?package=sql

[elasticmachine]

Package stan - 1.7.0 containing this change is available at https://epr.elastic.co/search?package=stan

[elasticmachine]

Package statsd_input - 0.4.0 containing this change is available at https://epr.elastic.co/search?package=statsd_input