I'm trying to update some mappings for an Elastic Agent integration, specifically Suricata. I see some test input files and expected output files, but I haven't found a test that actually uses them.
Hi Jason,
Thank you for the question. For the Suricata, if you want to update the ingest pipeline and parsing logic, your best bet is to use elastic-package to run the system and pipeline tests. There is documentation online on how to run these tests.
Quickly, you'd bring up the stack locally elastic-package stack up -d
navigate on the command line to ./packages/suricata (within the elastic/integrations repo) and then run either the system elastic-package test system -v
or the pipeline tests elastic-package test pipeline -v
The integration pipeline is multi-element, there's beats that does enrichment, there's also an ingest pipeline that gets installed and is a destination for when agent sends data to elasticsearch. The code within elastic/integrations is released out of band from the stack release and consists of configuration that can be done to agent/beats, configuration of the ingest pipeline and visual assets.
So to answer your question, no. elastic/integrations works in conjunction of the beats/agent repo
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.