Skip to content

Fix Citrix ADC parsing of TCP CONN_TERMINATE events with trailing whitespace#18438

Merged
qcorporation merged 6 commits intomainfrom
fix/issue-27329-j83
Apr 21, 2026
Merged

Fix Citrix ADC parsing of TCP CONN_TERMINATE events with trailing whitespace#18438
qcorporation merged 6 commits intomainfrom
fix/issue-27329-j83

Conversation

@qcorporation
Copy link
Copy Markdown
Contributor

@qcorporation qcorporation commented Apr 16, 2026

Proposed commit message

Fixes parsing of TCP CONN_TERMINATE events in the Citrix ADC integration.
Previously, Source IP/Port, Destination IP/Port, Total_bytes_send, and
Total_bytes_recv were not extracted from the message payload.

  • Added/extended grok pattern to capture these fields and map them to
    source.ip, source.port, destination.ip, destination.port,
    source.bytes, destination.bytes.
  • Added pipeline test coverage for CONN_TERMINATE events.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • elastic-package test pipeline --data-stream log passes (new + existing events)
  • elastic-package check clean
  • Manual verification: ingest the customer's sample message through the updated pipeline; confirm all six fields are present in the resulting document.

@qcorporation qcorporation self-assigned this Apr 16, 2026
macroscopeapp[bot]
macroscopeapp Bot reviewed Apr 16, 2026
View reviewed changes
Comment thread packages/citrix_adc/changelog.yml Outdated
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Apr 16, 2026

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@qcorporation qcorporation marked this pull request as ready for review April 16, 2026 21:06
@qcorporation qcorporation requested review from a team as code owners April 16, 2026 21:06
@andrewkroh andrewkroh added the Team:Integration-Experience Security Integrations Integration Experience [elastic/integration-experience] label Apr 17, 2026
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Apr 17, 2026

Pinging @elastic/integration-experience (Team:Integration-Experience)

robester0403
robester0403 approved these changes Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@robester0403 robester0403 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Look good.

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Apr 20, 2026

💚 Build Succeeded

History

cc @qcorporation

@qcorporation qcorporation merged commit f1ddd92 into main Apr 21, 2026
9 checks passed
@qcorporation qcorporation deleted the fix/issue-27329-j83 branch April 21, 2026 12:39
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Apr 21, 2026

Package citrix_adc - 1.18.5 containing this change is available at https://epr.elastic.co/package/citrix_adc/1.18.5/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@macroscopeapp macroscopeapp[bot] macroscopeapp[bot] left review comments

@jrmolin jrmolin jrmolin approved these changes

@robester0403 robester0403 robester0403 approved these changes

Assignees

@qcorporation qcorporation

Labels

Integration:citrix_adc Citrix ADC Team:Integration-Experience Security Integrations Integration Experience [elastic/integration-experience]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@qcorporation @elasticmachine @jrmolin @robester0403 @andrewkroh