Skip to content

Commit c0ab658

Browse files
bhapasbhapas
committed
Fix datatypes as per spec
The field datatypes are fixed according the CEF spec V27
1 parent c4f39a6 commit c0ab658

File tree

2 files changed

+16
-16
lines changed

2 files changed

+16
-16
lines changed

modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CefParser.java

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,7 @@ enum DataType {
117117
entry("agentZoneExternalID", new ExtensionMapping("agentZoneExternalID", StringType, null)),
118118
entry("agentZoneURI", new ExtensionMapping("agentZoneURI", StringType, null)),
119119
entry("app", new ExtensionMapping("applicationProtocol", StringType, "network.protocol")),
120-
entry("cnt", new ExtensionMapping("baseEventCount", IntegerType, null)),
120+
entry("cnt", new ExtensionMapping("baseEventCount", LongType, null)),
121121
entry("in", new ExtensionMapping("bytesIn", LongType, "source.bytes")),
122122
entry("out", new ExtensionMapping("bytesOut", LongType, "destination.bytes")),
123123
entry("customerExternalID", new ExtensionMapping("customerExternalID", StringType, "organization.id")),
@@ -151,11 +151,11 @@ enum DataType {
151151
entry("deviceCustomDate1Label", new ExtensionMapping("deviceCustomDate1Label", StringType, null)),
152152
entry("deviceCustomDate2", new ExtensionMapping("deviceCustomDate2", TimestampType, null)),
153153
entry("deviceCustomDate2Label", new ExtensionMapping("deviceCustomDate2Label", StringType, null)),
154-
entry("cfp1", new ExtensionMapping("deviceCustomFloatingPoint1", FloatType, null)),
155-
entry("cfp2", new ExtensionMapping("deviceCustomFloatingPoint2", FloatType, null)),
154+
entry("cfp1", new ExtensionMapping("deviceCustomFloatingPoint1", DoubleType, null)),
155+
entry("cfp2", new ExtensionMapping("deviceCustomFloatingPoint2", DoubleType, null)),
156156
entry("cfp2Label", new ExtensionMapping("deviceCustomFloatingPoint2Label", StringType, null)),
157-
entry("cfp3", new ExtensionMapping("deviceCustomFloatingPoint3", FloatType, null)),
158-
entry("cfp4", new ExtensionMapping("deviceCustomFloatingPoint4", FloatType, null)),
157+
entry("cfp3", new ExtensionMapping("deviceCustomFloatingPoint3", DoubleType, null)),
158+
entry("cfp4", new ExtensionMapping("deviceCustomFloatingPoint4", DoubleType, null)),
159159
entry("c6a1", new ExtensionMapping("deviceCustomIPv6Address1", IPType, null)),
160160
entry("c6a1Label", new ExtensionMapping("deviceCustomIPv6Address1Label", StringType, null)),
161161
entry("c6a2", new ExtensionMapping("deviceCustomIPv6Address2", IPType, null)),
@@ -186,7 +186,7 @@ enum DataType {
186186
entry("deviceDnsDomain", new ExtensionMapping("deviceDnsDomain", StringType, "observer.registered_domain")),
187187
entry("cat", new ExtensionMapping("deviceEventCategory", StringType, null)),
188188
entry("deviceExternalId", new ExtensionMapping("deviceExternalId", StringType, "observer.name")),
189-
entry("deviceFacility", new ExtensionMapping("deviceFacility", LongType, "log.syslog.facility.code")),
189+
entry("deviceFacility", new ExtensionMapping("deviceFacility", IntegerType, "log.syslog.facility.code")),
190190
entry("dvchost", new ExtensionMapping("deviceHostName", StringType, "observer.hostname")),
191191
entry("deviceInboundInterface", new ExtensionMapping("deviceInboundInterface", StringType, "observer.ingress.interface.name")),
192192
entry("dvcmac", new ExtensionMapping("deviceMacAddress", MACAddressType, "observer.mac")),
@@ -217,7 +217,7 @@ enum DataType {
217217
entry("fname", new ExtensionMapping("filename", StringType, "file.name")),
218218
entry("filePath", new ExtensionMapping("filePath", StringType, "file.path")),
219219
entry("filePermission", new ExtensionMapping("filePermission", StringType, "file.group")),
220-
entry("fsize", new ExtensionMapping("fileSize", LongType, "file.size")),
220+
entry("fsize", new ExtensionMapping("fileSize", IntegerType, "file.size")),
221221
entry("fileType", new ExtensionMapping("fileType", StringType, "file.type")),
222222
entry("flexDate1", new ExtensionMapping("flexDate1", TimestampType, null)),
223223
entry("flexDate1Label", new ExtensionMapping("flexDate1Label", StringType, null)),
@@ -264,7 +264,7 @@ enum DataType {
264264
entry("sourceZoneURI", new ExtensionMapping("sourceZoneURI", StringType, null)),
265265
entry("start", new ExtensionMapping("startTime", TimestampType, "event.start")),
266266
entry("proto", new ExtensionMapping("transportProtocol", StringType, "network.transport")),
267-
entry("type", new ExtensionMapping("type", IntegerType, "event.kind")),
267+
entry("type", new ExtensionMapping("type", StringType, "event.kind")),
268268
entry("catdt", new ExtensionMapping("categoryDeviceType", StringType, null)),
269269
entry("mrt", new ExtensionMapping("managerReceiptTime", TimestampType, "event.ingested"))
270270
);

modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CefProcessorTests.java

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -766,11 +766,11 @@ public void testAllFieldsInExtension() {
766766
entry("deviceCustomString1", "customString1"),
767767
entry("deviceCustomIPv6Address2Label", "c6a2Label"),
768768
entry("deviceCustomNumber3", 345L),
769-
entry("deviceCustomFloatingPoint1", 1.23f),
769+
entry("deviceCustomFloatingPoint1", 1.23),
770770
entry("deviceCustomNumber2", 234L),
771-
entry("deviceCustomFloatingPoint2", 2.34f),
772-
entry("deviceCustomFloatingPoint3", 3.45f),
773-
entry("deviceCustomFloatingPoint4", 4.56f),
771+
entry("deviceCustomFloatingPoint2", 2.34),
772+
entry("deviceCustomFloatingPoint3", 3.45),
773+
entry("deviceCustomFloatingPoint4", 4.56),
774774
entry("flexDate1", ZonedDateTime.parse("2021-06-01T11:43:20Z")),
775775
entry("destinationTranslatedZoneExternalID", "destExtId"),
776776
entry("deviceCustomNumber1", 123L),
@@ -819,7 +819,7 @@ public void testAllFieldsInExtension() {
819819
entry("deviceCustomFloatingPoint4Label", "cfp4Label"),
820820
entry("oldFileSize", 2048),
821821
entry("externalId", "extId"),
822-
entry("baseEventCount", 1234),
822+
entry("baseEventCount", 1234L),
823823
entry("flexString2", "flexString2"),
824824
entry("deviceCustomNumber3Label", "cn3Label"),
825825
entry("flexString1", "flexString1"),
@@ -842,7 +842,7 @@ public void testAllFieldsInExtension() {
842842
)
843843
),
844844
entry("host", Map.of("nat", Map.of("ip", "10.0.0.3"))),
845-
entry("log", Map.of("syslog", Map.of("facility", Map.of("code", 16L)))),
845+
entry("log", Map.of("syslog", Map.of("facility", Map.of("code", 16)))),
846846
entry(
847847
"observer",
848848
Map.ofEntries(
@@ -910,7 +910,7 @@ public void testAllFieldsInExtension() {
910910
Map.ofEntries(
911911
entry("inode", "5678"),
912912
entry("path", "/path/to/file"),
913-
entry("size", 1024L),
913+
entry("size", 1024),
914914
entry("created", ZonedDateTime.parse("2021-06-01T11:43:20Z")),
915915
entry("name", "file.txt"),
916916
entry("mtime", ZonedDateTime.parse("2021-06-01T11:45Z")),
@@ -932,7 +932,7 @@ public void testAllFieldsInExtension() {
932932
entry("start", ZonedDateTime.parse("2021-06-01T11:43:20Z")),
933933
entry("reason", "reason"),
934934
entry("ingested", ZonedDateTime.parse("2021-06-01T11:43:20Z")),
935-
entry("kind", 1),
935+
entry("kind", "1"),
936936
entry("original", "rawEvent"),
937937
entry("created", ZonedDateTime.parse("2021-06-01T11:43:20Z")),
938938
entry("code", "100")

0 commit comments

Comments
 (0)