Skip to content

[ping_federate] Apply timezone setting correctly in the audit data stream#14222

Merged
chrisberkhout merged 2 commits into
elastic:mainfrom
chrisberkhout:ping_federate-timezone-in-decode_cef
Jun 16, 2025
Merged

[ping_federate] Apply timezone setting correctly in the audit data stream#14222
chrisberkhout merged 2 commits into
elastic:mainfrom
chrisberkhout:ping_federate-timezone-in-decode_cef

Conversation

@chrisberkhout

@chrisberkhout chrisberkhout commented Jun 13, 2025

Copy link
Copy Markdown
Contributor

Proposed commit message

[ping_federate] Apply timezone setting correctly

In the audit data stream, configure the `decode_cef` Beats processor[1]
to use the provided time zone, to avoid it mislabelling a local time as
UTC.

[1]: https://www.elastic.co/docs/reference/beats/filebeat/processor-decode-cef

Discussion

Here's how a system test document's output changes with this setting:

image

The event.ingested value is the correct ingest time.

In 1.0.0, the local time is taken to be UTC, but in the fixed version it is assigned the configured offset and stored as the correct UTC equivalent.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@chrisberkhout chrisberkhout self-assigned this Jun 13, 2025
@chrisberkhout chrisberkhout added the bugfix Pull request that fixes a bug issue label Jun 13, 2025
@chrisberkhout chrisberkhout requested a review from a team as a code owner June 13, 2025 17:27
@chrisberkhout chrisberkhout added Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Integration:ping_federate PingFederate labels Jun 13, 2025
@elasticmachine

Copy link
Copy Markdown

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elastic-sonarqube

Copy link
Copy Markdown

@elasticmachine

Copy link
Copy Markdown

💚 Build Succeeded

cc @chrisberkhout

@chrisberkhout chrisberkhout merged commit d2925b2 into elastic:main Jun 16, 2025
7 checks passed
@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package ping_federate - 1.0.1 containing this change is available at https://epr.elastic.co/package/ping_federate/1.0.1/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bugfix Pull request that fixes a bug issue Integration:ping_federate PingFederate Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants