Conversation
|
This PR does not modify any files shipped with the agent. To help streamline the release process, please consider adding the |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6134aabd73
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
haproxy/assets/logs/haproxy.yaml
Outdated
| ocsf: | ||
| isOcsf: true | ||
| filter: | ||
| query: "-@http.method:* @load_balancer.service_name:*" |
There was a problem hiding this comment.
The Network Activity [4001] filter requires @load_balancer.service_name:*, but the existing haproxy.default pattern for Connect from ... logs does not populate that field (it only has haproxy.mode and destination/client endpoints). This means TCP-mode connect lines like Connect from ... (frontend/TCP) miss both OCSF class pipelines: they are excluded here, and the HTTP pipeline only accepts @haproxy.mode:HTTP, so those events keep only partial OCSF metadata without class_uid/category_uid.
Useful? React with 👍 / 👎.
Update haproxy_tests.yaml to include full OCSF field expectations now that the OCSF pipeline has been added to haproxy.yaml. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 participant
What does this PR do?
Creates OCSF pipelines for haproxy. Populates classes 4001 and 4002