Skip to content

[fortinet_fortigate] Add deltabytes field, ensure rcvddelta and sentdelta fields are integers #13668

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 28, 2025
Merged

[fortinet_fortigate] Add deltabytes field, ensure rcvddelta and sentdelta fields are integers #13668

merged 4 commits into from
Apr 28, 2025

Conversation

taylor-swanson
Copy link
Contributor

@taylor-swanson taylor-swanson commented Apr 24, 2025
edited
Loading

Proposed commit message

  • Changed rcvddelta and sentdelta fields to long type, added convert processors
  • Added new fortinet.firewall.deltabytes field, which is the sum of the rcvddelta and senddelta fields

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

cd packages/fortinet_fortigate
elastic-package test

Related issues

@taylor-swanson
[fortinet_fortigate] Add deltabytes field, ensure rcvddelta and sentd…
edb4f72 
…elta fields are integers

- Changed rcvddelta and sentdelta fields to long type, added convert processors
- Added new fortinet.firewall.deltabytes field, which is the sum of the rcvddelta and senddelta fields
@taylor-swanson
changelog
1844224
@taylor-swanson taylor-swanson self-assigned this Apr 24, 2025
@taylor-swanson taylor-swanson added enhancement New feature or request bugfix Pull request that fixes a bug issue Integration:fortinet_fortigate Fortinet FortiGate Firewall Logs Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices] labels Apr 24, 2025
@taylor-swanson taylor-swanson mentioned this pull request Apr 24, 2025
Closed
@taylor-swanson taylor-swanson marked this pull request as ready for review April 24, 2025 14:16
@taylor-swanson taylor-swanson requested a review from a team as a code owner April 24, 2025 14:16
@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @taylor-swanson

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@taylor-swanson taylor-swanson merged commit ae9270b into elastic:main Apr 28, 2025
7 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package fortinet_fortigate - 1.32.0 containing this change is available at https://epr.elastic.co/package/fortinet_fortigate/1.32.0/

@taylor-swanson taylor-swanson deleted the bugfix/fortigate-delta branch April 29, 2025 13:24
@leandrojmp
Copy link
Contributor

leandrojmp commented May 14, 2025
edited
Loading

Hello @taylor-swanson,

This change should've been marked as breaking-change, not just enhancement, this introduced a conflict in Kibana, now the fields fortinet.firewall.sentdelta and fortinet.firewall.rcvddelta cannot be used anymore in Kibana until the conflict is solved.

For example, this would break any custom security rule that where using those fields.

I personally wasn't using it, but I keep fortigate logs for 90 days including frozen, I will need to wait at least 90 days for the conflict to be fixed.

The conflict in Kibana:

Screenshot from 2025-05-14 00-45-09

ES|QL breaks because of the conflict:

image

@leandrojmp leandrojmp mentioned this pull request May 14, 2025
Open
@taylor-swanson
Copy link
Contributor Author

taylor-swanson commented May 20, 2025
edited
Loading

@leandrojmp,

I would agree with your assessment. Also good to see that discussion pop up around the same time. Any further discussions on the issue should go there, just so all the conversations can be kept together.

Version handling in Kibana is a bit rough right now. Even with making it a breaking change, this isn't called out to the user very well (if at all), and unless someone was paying attention, they might click through anyway and end up in the same situation. I don't have the issue handy, but word is that the Kibana team is improving this experience (calling out breaking changes).

I do apologize for the breakage, it certainly wasn't my intention with this change.

Edit: Kibana issues were called out in this comment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mjwolf mjwolf mjwolf approved these changes

@gogochan gogochan gogochan approved these changes

Assignees

@taylor-swanson taylor-swanson

Labels
bugfix Pull request that fixes a bug issue enhancement New feature or request Integration:fortinet_fortigate Fortinet FortiGate Firewall Logs Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices]
Projects
None yet
Milestone
No milestone
5 participants
@taylor-swanson @elasticmachine @leandrojmp @mjwolf @gogochan