Skip to content

[azure][activitylogs] add json processor to responseBody and requestBody #15690

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Nov 5, 2025
Merged

[azure][activitylogs] add json processor to responseBody and requestBody #15690

merged 16 commits into from
Nov 5, 2025
+165 −4

Conversation

@stefans-elastic
Copy link
Contributor

@stefans-elastic stefans-elastic commented Oct 20, 2025
edited
Loading

Proposed commit message

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@stefans-elastic stefans-elastic changed the title add json processor to responseBody and requestBody [azure][activitylogs] add json processor to responseBody and requestBody Oct 20, 2025
@stefans-elastic stefans-elastic added enhancement New feature or request Integration:azure Azure Logs Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] labels Oct 20, 2025
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 20, 2025
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@stefans-elastic stefans-elastic marked this pull request as ready for review October 22, 2025 13:04
@stefans-elastic stefans-elastic requested review from a team as code owners October 22, 2025 13:04
@andrewkroh andrewkroh added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Oct 22, 2025
@elasticmachine
Copy link

elasticmachine commented Oct 22, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

giorgi-imerlishvili-elastic
giorgi-imerlishvili-elastic approved these changes Oct 22, 2025
View reviewed changes
...es/azure/data_stream/activitylogs/_dev/test/pipeline/test-activitylogs-raw.log-expected.json
"event_category": "ResourceHealth",
"operation_name": "Microsoft.Resourcehealth/healthevent/Updated/action",
"properties": {
"eventProperties": {
Copy link
Contributor

@giorgi-imerlishvili-elastic giorgi-imerlishvili-elastic Oct 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't it be snake case as well? Otherwise, LGTM

Copy link
Contributor Author

@stefans-elastic stefans-elastic Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

now the case of the fields isn't altered at all.

lucian-ioan
lucian-ioan approved these changes Oct 22, 2025
View reviewed changes
Copy link
Contributor

@lucian-ioan lucian-ioan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

chemamartinez
chemamartinez approved these changes Oct 29, 2025
View reviewed changes
Copy link
Contributor

@chemamartinez chemamartinez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just code owner approval as SSI owns application_gateway data stream.

@muthu-mps
Copy link
Contributor

muthu-mps commented Oct 30, 2025

@stefans-elastic - Lets keep the requestBody and responseBody field names in the same format and not necessary to convert it to snake case as renaming would lead to breaking change.

@stefans-elastic
Copy link
Contributor Author

stefans-elastic commented Nov 3, 2025

@stefans-elastic - Lets keep the requestBody and responseBody field names in the same format and not necessary to convert it to snake case as renaming would lead to breaking change.

@muthu-mps to clarify: requestBody and responseBody field names remain the same, right? and how about the nested fields? For example should it be:
option 1

"requestBody": {
      "test_data": {
          "my_test": 123
      }
  },
  "responseBody": {
      "sku_test": {
          "my_name": "Standard_LRS"
      }
  }

or
option 2

"requestBody": {
      "testData": {
          "myTest": 123
      }
  },
  "responseBody": {
      "skuTest": {
          "myName": "Standard_LRS"
      }
  }

@muthu-mps
Copy link
Contributor

muthu-mps commented Nov 3, 2025

@stefans-elastic - Lets keep the requestBody and responseBody field names in the same format and not necessary to convert it to snake case as renaming would lead to breaking change.

@muthu-mps to clarify: requestBody and responseBody field names remain the same, right? and how about the nested fields? For example should it be: option 1

"requestBody": {
      "test_data": {
          "my_test": 123
      }
  },
  "responseBody": {
      "sku_test": {
          "my_name": "Standard_LRS"
      }
  }

or option 2

"requestBody": {
      "testData": {
          "myTest": 123
      }
  },
  "responseBody": {
      "skuTest": {
          "myName": "Standard_LRS"
      }
  }

Same can be applied to nested fields as well. Converting the nested fields without converting base field would lead to naming inconsistency.

@stefans-elastic
Copy link
Contributor Author

stefans-elastic commented Nov 3, 2025

@muthu-mps the change has been implemented.

muthu-mps
muthu-mps reviewed Nov 4, 2025
View reviewed changes
...es/azure/data_stream/activitylogs/_dev/test/pipeline/test-activitylogs-raw.log-expected.json Outdated
}
},
"responseBody": {
"skuTest": {
Copy link
Contributor

@muthu-mps muthu-mps Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we replace with actual field name? The values can have sample data but the field names should reflect the actual name. Same applies to requestBody.

Copy link
Contributor Author

@stefans-elastic stefans-elastic Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

found example of requestBody and responseBody and updated the test data

@elasticmachine
Copy link

elasticmachine commented Nov 4, 2025

💚 Build Succeeded

History

@muthu-mps muthu-mps mentioned this pull request Nov 4, 2025
Closed
tommyers-elastic
tommyers-elastic approved these changes Nov 5, 2025
View reviewed changes
Copy link
Contributor

@tommyers-elastic tommyers-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@stefans-elastic stefans-elastic merged commit 0652bdb into elastic:main Nov 5, 2025
7 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Nov 5, 2025

Package azure - 1.29.0 containing this change is available at https://epr.elastic.co/package/azure/1.29.0/

@leandrojmp
Copy link
Contributor

leandrojmp commented Nov 13, 2025

Hello, just saw this update in the integration available and was checking the PR.

What is being changed here? the field azure.activitylogs.properties is mapped as flattened, so this is just parsing the json on the nested responseBody and requestBody but does not change any of the mappings, right?

@efd6
Copy link
Contributor

efd6 commented Nov 13, 2025

@leandrojmp This ensures that the field is an object and not a string since apparently sometimes it is sent as a JSON marshaling of an object.

tehbooom pushed a commit to tehbooom/integrations that referenced this pull request Nov 19, 2025
@stefans-elastic @lucian-ioan
[azure][activitylogs] add json processor to responseBody and requestB…
c9be822 
…ody (elastic#15690)

* add json processor to responseBody and requestBody

* extra test case

* update manifest and changelog

* fix field name in processor

* cover requestBody in tests

* update expected results

* Update packages/azure/data_stream/activitylogs/elasticsearch/ingest_pipeline/default.yml

Co-authored-by: Lucian Ioan <[email protected]>

* Update packages/azure/data_stream/activitylogs/elasticsearch/ingest_pipeline/default.yml

Co-authored-by: Lucian Ioan <[email protected]>

* Update packages/azure/data_stream/activitylogs/elasticsearch/ingest_pipeline/default.yml

Co-authored-by: Lucian Ioan <[email protected]>

* address PR comments

* update test data with real field names

---------

Co-authored-by: Lucian Ioan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chemamartinez chemamartinez chemamartinez approved these changes

@tommyers-elastic tommyers-elastic tommyers-elastic approved these changes

@giorgi-imerlishvili-elastic giorgi-imerlishvili-elastic giorgi-imerlishvili-elastic approved these changes

@muthu-mps muthu-mps Awaiting requested review from muthu-mps

+1 more reviewer

@lucian-ioan lucian-ioan lucian-ioan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement New feature or request Integration:azure Azure Logs Team:Obs-InfraObs Observability Infrastructure Monitoring team [elastic/obs-infraobs-integrations] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Azure] Escaped JSON in azure.activitylogs.properties

10 participants

@stefans-elastic @elasticmachine @muthu-mps @leandrojmp @efd6 @chemamartinez @lucian-ioan @tommyers-elastic @giorgi-imerlishvili-elastic @andrewkroh