Skip to content

[checkpoint_firewall] Update type from integer to long to support higher values #15673

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 20, 2025
Merged

[checkpoint_firewall] Update type from integer to long to support higher values #15673

merged 5 commits into from
Oct 20, 2025

Conversation

haetamoudi
Copy link
Contributor

Proposed commit message

Update count types from integer to long

A customer reported that the pipeline fails when handling large numbers (e.g., 4294947622).
Updated the following fields to use the long type instead of integer:

  • checkpoint.update_count
  • checkpoint.connection_count
  • checkpoint.aggregated_log_count

Related Issue
See elastic/sdh-beats#6530

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@haetamoudi haetamoudi requested a review from a team as a code owner October 17, 2025 15:33
@haetamoudi haetamoudi added the bug Something isn't working, use only for issues label Oct 17, 2025
@qcorporation
Copy link
Contributor

@haetamoudi I believe that update_count, connection_count and aggregated_log_count are defined as type: integer within the fields.yml file.
Question 1: do we need to update fields.yml so that these fields are now updated to long?
Question 2: if we update the field definition to long, is it now a breaking change?

cc.ing @taylor-swanson

@andrewkroh andrewkroh added Integration:checkpoint Check Point Team:Integration-Experience Security Integrations Integration Experience [elastic/integration-experience] labels Oct 17, 2025
@elasticmachine
Copy link

Pinging @elastic/integration-experience (Team:Integration-Experience)

@andrewkroh
Copy link
Member

Question 1: do we need to update fields.yml so that these fields are now updated to long?

Yes, we need to update the fields.yml files in order to store long values. Without the change indexing could fail when the number no longer fits in an the fields defined Elasticsearch data type.

Question 2: if we update the field definition to long, is it now a breaking change?

Not a breaking change IMO. Data types within a field families are safe although the performance characteristics may differ:

  • keyword family - keyword, constant_keyword, wildcard
  • text family
  • numeric - byte, short, integer, long, float, scaled_float, double (not an official field family type)

@haetamoudi haetamoudi marked this pull request as draft October 17, 2025 16:54
@elasticmachine
Copy link

elasticmachine commented Oct 20, 2025
edited
Loading

💛 Build succeeded, but was flaky

Failed CI Steps

History

@haetamoudi haetamoudi marked this pull request as ready for review October 20, 2025 10:35
@andrewkroh andrewkroh added the documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. label Oct 20, 2025
@haetamoudi haetamoudi merged commit 2101851 into elastic:main Oct 20, 2025
7 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package checkpoint - 1.41.2 containing this change is available at https://epr.elastic.co/package/checkpoint/1.41.2/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@taylor-swanson taylor-swanson taylor-swanson approved these changes

Assignees

No one assigned

Labels

bug Something isn't working, use only for issues documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:checkpoint Check Point Team:Integration-Experience Security Integrations Integration Experience [elastic/integration-experience]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@haetamoudi @qcorporation @elasticmachine @andrewkroh @taylor-swanson