Skip to content

f5_bigip: Fix ASM script processor when event.original is absent. #11027

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 9, 2024
Merged

f5_bigip: Fix ASM script processor when event.original is absent. #11027

merged 2 commits into from
Sep 9, 2024

Conversation

kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Sep 6, 2024
edited
Loading

Proposed commit message

Fix ASM script processor when event.original is absent.

There are cases when logstash is involved, the event.original is missing
even when preserve_original_event is enabled. This leads to one of the ASM
script processor to fail. This script processor doesn't have null-check on
event.original field which leads to the error.
This PR adds a null-check on event.original field to prevent this error.

(Note for reviewers: Change best viewed with Hide whitespace)

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

@andrewkroh andrewkroh added bugfix Pull request that fixes a bug issue Integration:f5_bigip F5 BIG-IP labels Sep 6, 2024
@kcreddy kcreddy self-assigned this Sep 6, 2024
@kcreddy kcreddy added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Sep 6, 2024
@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

cc @kcreddy

@kcreddy kcreddy marked this pull request as ready for review September 6, 2024 11:15
@kcreddy kcreddy requested a review from a team as a code owner September 6, 2024 11:15
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
20.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

efd6
efd6 approved these changes Sep 8, 2024
View reviewed changes
packages/f5_bigip/data_stream/log/elasticsearch/ingest_pipeline/pipeline_bigipasm.yml
def log;
if (ctx.event?.original != null) {
log = ctx.event.original;
} else if (ctx.json?.originalRawData != null) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have any documentation that explains originalRawData? It does seem pretty obvious, but it would be nice to have a reference to it — I was unable to find anything.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let me check and add if I find anything 👍🏼

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately not documented. https://clouddocs.f5.com/products/extensions/f5-telemetry-streaming/latest/output-example.html#asm-request-log

@kcreddy kcreddy merged commit 4c8d204 into elastic:main Sep 9, 2024
5 checks passed
@elasticmachine
Copy link

Package f5_bigip - 1.19.1 containing this change is available at https://epr.elastic.co/search?package=f5_bigip

harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@kcreddy
f5_bigip: Fix ASM script processor when event.original is absent. (e…
9fa89e7 
…lastic#11027)

Fix ASM script processor when `event.original` is absent.

There are cases when logstash is involved, the `event.original` is missing 
even when `preserve_original_event` is enabled. This leads to one of the ASM 
script processor to fail. This script processor doesn't have null-check on 
`event.original` field which leads to the error.
This PR adds a null-check on `event.original` field to prevent this error.
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@kcreddy
f5_bigip: Fix ASM script processor when event.original is absent. (e…
4072a35 
…lastic#11027)

Fix ASM script processor when `event.original` is absent.

There are cases when logstash is involved, the `event.original` is missing 
even when `preserve_original_event` is enabled. This leads to one of the ASM 
script processor to fail. This script processor doesn't have null-check on 
`event.original` field which leads to the error.
This PR adds a null-check on `event.original` field to prevent this error.
@kcreddy kcreddy deleted the f5_bigip_fixasm branch February 7, 2025 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

@kcreddy kcreddy

Labels
bugfix Pull request that fixes a bug issue Integration:f5_bigip F5 BIG-IP Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kcreddy @elasticmachine @efd6 @andrewkroh