Skip to content

gigamon: add CEF/UDP input to ami data stream#18402

Open
sanjay-2307 wants to merge 1 commit intoelastic:mainfrom
sanjay-2307:gigamon/add-cef-udp-input
Open

gigamon: add CEF/UDP input to ami data stream#18402
sanjay-2307 wants to merge 1 commit intoelastic:mainfrom
sanjay-2307:gigamon/add-cef-udp-input

Conversation

@sanjay-2307
Copy link
Copy Markdown

@sanjay-2307 sanjay-2307 commented Apr 15, 2026

WHAT:
Adds a UDP input for CEF log ingestion to the existing Gigamon AMI
data stream alongside the existing HTTP Endpoint (JSON) input.

  • Added UDP input in manifest.yml for CEF log collection
  • Added cef-pipeline.yml for GigamonMdata* field normalization before rejoining the main default pipeline

WHY:
Gigamon AMI supports two output formats - JSON over HTTP and CEF over
UDP. The existing package only supported JSON. This change adds CEF
support within the same data stream so both inputs share the same
index, ECS mappings, and dashboards.

@sanjay-2307 sanjay-2307 requested a review from a team as a code owner April 15, 2026 05:48
@cla-checker-service
Copy link
Copy Markdown

cla-checker-service bot commented Apr 15, 2026
edited
Loading

💚 CLA has been signed

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Apr 15, 2026

Reviewers

Buildkite won't run for external contributors automatically; you need to add a comment:

  • /test : will kick off a build in Buildkite.

NOTE: https://github.com/elastic/integrations/blob/main/.buildkite/pull-requests.json contains all those details.

@sanjay-2307 sanjay-2307 force-pushed the gigamon/add-cef-udp-input branch 2 times, most recently from 3c3e011 to df66721 Compare April 15, 2026 06:31
@kcreddy
Copy link
Copy Markdown
Contributor

kcreddy commented Apr 15, 2026

/test

@kcreddy kcreddy added the Team:Integration-Experience Security Integrations Integration Experience [elastic/integration-experience] label Apr 15, 2026
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Apr 15, 2026

Pinging @elastic/integration-experience (Team:Integration-Experience)

@kcreddy kcreddy added Integration:gigamon Gigamon (Partner supported) enhancement New feature or request labels Apr 15, 2026
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Apr 15, 2026
edited
Loading

💔 Build Failed

Failed CI Steps

History

@sanjay-2307 sanjay-2307 force-pushed the gigamon/add-cef-udp-input branch from df66721 to 32d4883 Compare April 15, 2026 10:46
@sanjay-2307
Copy link
Copy Markdown
Author

sanjay-2307 commented Apr 17, 2026

@kcreddy could you please drop a comment to initiate the test ?

@kcreddy
Copy link
Copy Markdown
Contributor

kcreddy commented Apr 17, 2026

/test

@sanjay-2307
Copy link
Copy Markdown
Author

sanjay-2307 commented Apr 18, 2026

@kcreddy we noticed a few fields that still need to be renamed or dropped. I’ll update those early next week, and then you can proceed with merging the PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

enhancement New feature or request Integration:gigamon Gigamon (Partner supported) Team:Integration-Experience Security Integrations Integration Experience [elastic/integration-experience]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sanjay-2307 @kcreddy @elasticmachine