search

elastic / integrations

Elastic Integrations
https://www.elastic.co/integrations
Other
21 stars 435 forks source link

cisco_ftd, cisco_duo using invalid values according to ECS #3328

Closed jsoriano closed 2 years ago

jsoriano commented 2 years ago 
[0] parsing field value failed: field "event.outcome"'s value "failed" is not one of the allowed values (failure, success, unknown)
[0] parsing field value failed: field "event.outcome"'s value "monitored" is not one of the allowed values (failure, success, unknown)

Related to https://github.com/elastic/integrations/issues/3016

efd6 commented 2 years ago

There does not appear to be an issue with cisco_ftd.

$ go run github.com/elastic/elastic-package test
2022/05/11 22:42:46  WARN CommitHash is undefined, in both ~/.elastic-package/version and the compiled binary, config may be out of date.
Run test suite for the package
Run static tests for the package
--- Test results for package: cisco_ftd - START ---
╭───────────┬─────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE   │ DATA STREAM │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├───────────┼─────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ cisco_ftd │ log         │ static    │ Verify sample_event.json │ PASS   │   60.28433ms │
╰───────────┴─────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: cisco_ftd - END   ---
Done
Run system tests for the package
2022/05/11 22:43:29  INFO Write container logs to file: .../github.com/elastic/integrations/build/container-logs/cisco-logfile-1652274809703805000.log
2022/05/11 22:44:10  INFO Write container logs to file: .../github.com/elastic/integrations/build/container-logs/cisco-ftd-udp-1652274850716973000.log
--- Test results for package: cisco_ftd - START ---
╭───────────┬─────────────┬───────────┬───────────┬────────┬───────────────╮
│ PACKAGE   │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │  TIME ELAPSED │
├───────────┼─────────────┼───────────┼───────────┼────────┼───────────────┤
│ cisco_ftd │ log         │ system    │ logfile   │ PASS   │ 29.860740689s │
│ cisco_ftd │ log         │ system    │ udp       │ PASS   │ 25.903572219s │
╰───────────┴─────────────┴───────────┴───────────┴────────┴───────────────╯
--- Test results for package: cisco_ftd - END   ---
Done
Run asset tests for the package
--- Test results for package: cisco_ftd - START ---
╭───────────┬─────────────┬───────────┬────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE   │ DATA STREAM │ TEST TYPE │ TEST NAME                                          │ RESULT │ TIME ELAPSED │
├───────────┼─────────────┼───────────┼────────────────────────────────────────────────────┼────────┼──────────────┤
│ cisco_ftd │ log         │ asset     │ index_template logs-cisco_ftd.log is loaded        │ PASS   │        660ns │
│ cisco_ftd │ log         │ asset     │ ingest_pipeline logs-cisco_ftd.log-2.1.2 is loaded │ PASS   │        113ns │
╰───────────┴─────────────┴───────────┴────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: cisco_ftd - END   ---
Done
Run pipeline tests for the package
--- Test results for package: cisco_ftd - START ---
╭───────────┬─────────────┬───────────┬────────────────────────────────┬────────┬──────────────╮
│ PACKAGE   │ DATA STREAM │ TEST TYPE │ TEST NAME                      │ RESULT │ TIME ELAPSED │
├───────────┼─────────────┼───────────┼────────────────────────────────┼────────┼──────────────┤
│ cisco_ftd │ log         │ pipeline  │ test-asa-fix.log               │ PASS   │  77.358444ms │
│ cisco_ftd │ log         │ pipeline  │ test-asa.log                   │ PASS   │ 1.494438658s │
│ cisco_ftd │ log         │ pipeline  │ test-dns.log                   │ PASS   │ 152.866511ms │
│ cisco_ftd │ log         │ pipeline  │ test-filtered.log              │ PASS   │   12.68469ms │
│ cisco_ftd │ log         │ pipeline  │ test-firepower-management.log  │ PASS   │ 152.460169ms │
│ cisco_ftd │ log         │ pipeline  │ test-intrusion.log             │ PASS   │  31.413748ms │
│ cisco_ftd │ log         │ pipeline  │ test-no-type-id.log            │ PASS   │  31.567442ms │
│ cisco_ftd │ log         │ pipeline  │ test-not-ip.log                │ PASS   │  20.983829ms │
│ cisco_ftd │ log         │ pipeline  │ test-sample.log                │ PASS   │ 394.532156ms │
│ cisco_ftd │ log         │ pipeline  │ test-security-connection.log   │ PASS   │  57.520224ms │
│ cisco_ftd │ log         │ pipeline  │ test-security-file-malware.log │ PASS   │   78.56081ms │
│ cisco_ftd │ log         │ pipeline  │ test-security-malware-site.log │ PASS   │   9.027253ms │
╰───────────┴─────────────┴───────────┴────────────────────────────────┴────────┴──────────────╯
--- Test results for package: cisco_ftd - END   ---
Done
jsoriano commented 2 years ago

Umm, it failed in https://beats-ci.elastic.co/blue/organizations/jenkins/Ingest-manager%2Fintegrations%2FPR-3017/detail/PR-3017/3/tests :thinking: