Skip to content

add event.dataset matching routing rules#13910

Merged
Kavindu-Dodan merged 1 commit intoelastic:mainfrom
Kavindu-Dodan:feat/enrich-events-with-event.dataset
May 15, 2025
Merged

add event.dataset matching routing rules#13910
Kavindu-Dodan merged 1 commit intoelastic:mainfrom
Kavindu-Dodan:feat/enrich-events-with-event.dataset

Conversation

@Kavindu-Dodan
Copy link
Copy Markdown
Contributor

@Kavindu-Dodan Kavindu-Dodan commented May 14, 2025
edited
Loading

Proposed commit message

This PR adds event.dataset field for records parsed through the Firehose integration. The implementation uses the routing detection conditions to detect the correct value of the field.

Reason for this change

This is explained in the issue #12750. In short, there are Elastic components that utilize the value of event.dataset for their decisions. So far, Firehose integration did not enrich this field where as Elastic agent added this using add_field processor.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

Fixes #12750

Screenshots

  • vpc flow log event with event.dataset field,

image

  • cloudtrail log event with event.dataset field,

image

  • elb metrics with event.dataset field,

image

  • ec2 metrics with event.dataset field,

image

@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/enrich-events-with-event.dataset branch 4 times, most recently from 57e1dc9 to fe6864f Compare May 14, 2025 21:42
@Kavindu-Dodan Kavindu-Dodan marked this pull request as ready for review May 14, 2025 21:43
@Kavindu-Dodan Kavindu-Dodan requested a review from a team as a code owner May 14, 2025 21:43
@Kavindu-Dodan Kavindu-Dodan added Integration:awsfirehose Amazon Data Firehose enhancement New feature or request Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services] labels May 14, 2025
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented May 14, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/enrich-events-with-event.dataset branch from fe6864f to ad53b6c Compare May 14, 2025 22:02
@Kavindu-Dodan
add event.dataset matching routing rules
984aef1 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/enrich-events-with-event.dataset branch from ad53b6c to 984aef1 Compare May 15, 2025 15:03
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented May 15, 2025

💚 Build Succeeded

History

@elastic-sonarqube
Copy link
Copy Markdown

elastic-sonarqube Bot commented May 15, 2025

Quality Gate failed Quality Gate failed

Failed conditions
69.7% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

@Kavindu-Dodan Kavindu-Dodan merged commit d1b130c into elastic:main May 15, 2025
6 of 7 checks passed
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented May 15, 2025

Package awsfirehose - 1.7.0 containing this change is available at https://epr.elastic.co/package/awsfirehose/1.7.0/

anupratharamachandran pushed a commit to anupratharamachandran/integrations that referenced this pull request Jun 2, 2025
@Kavindu-Dodan @anupratharamachandran
add event.dataset matching routing rules (elastic#13910)
f0f8bb5 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Aug 6, 2025

Package awsfirehose - 1.8.0 containing this change is available at https://epr.elastic.co/package/awsfirehose/1.8.0/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement New feature or request Integration:awsfirehose Amazon Data Firehose Team:obs-ds-hosted-services Observability Hosted Services team [elastic/obs-ds-hosted-services]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[AWS Firehose] populate event.dataset field for ingested records

3 participants

@Kavindu-Dodan @elasticmachine @kaiyan-sheng