Skip to content

feat: api gateway broadcom parser#3052

Merged
sbylica-splunk merged 7 commits into
developfrom
feat/api_gateway_broadcom_parser
May 14, 2026
Merged

feat: api gateway broadcom parser#3052
sbylica-splunk merged 7 commits into
developfrom
feat/api_gateway_broadcom_parser

Conversation

@sbylica-splunk
Copy link
Copy Markdown
Contributor

@sbylica-splunk sbylica-splunk commented Apr 30, 2026
edited
Loading

Implements: #2709

@ajasnosz ajasnosz changed the title Feat/api gateway broadcom parser feat: api gateway broadcom parser May 4, 2026
@sbylica-splunk sbylica-splunk marked this pull request as ready for review May 13, 2026 10:49
@sbylica-splunk sbylica-splunk requested review from Kawron and ajasnosz May 13, 2026 10:50
Kawron
Kawron requested changes May 13, 2026
View reviewed changes
Comment thread package/etc/conf.d/conflib/syslog/app-syslog-broadcom_layer7_api_gateway.conf
};

application app-syslog-broadcom_layer7_api_gateway[sc4s-syslog] {
filter {
Copy link
Copy Markdown
Collaborator

@Kawron Kawron May 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to add program filter as well? Just to make sure that if some other log contains com.l7tech.traffic won't be missclassified?

Copy link
Copy Markdown
Collaborator

@Kawron Kawron May 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or maybe can it be put to sc4s-pgm topic and there it can have both filter on program and msg

Copy link
Copy Markdown
Contributor Author

@sbylica-splunk sbylica-splunk May 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, added a program filter, should work better

Comment thread tests/test_broadcom_layer7_api_gateway.py Outdated
sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])

st = env.from_string(
'search index=netops _time={{ epoch }} sourcetype="broadcom:layer7_api_gateway" (host="{{ host }}" OR "{{ host }}")'
Copy link
Copy Markdown
Collaborator

@Kawron Kawron May 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this last OR necessary?

Copy link
Copy Markdown
Contributor Author

@sbylica-splunk sbylica-splunk May 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably not, copied it from the beyondtrust test, I'll check it out without

@sbylica-splunk sbylica-splunk merged commit a087602 into develop May 14, 2026
22 of 24 checks passed
@sbylica-splunk sbylica-splunk deleted the feat/api_gateway_broadcom_parser branch May 14, 2026 08:34
@github-actions github-actions Bot locked and limited conversation to collaborators May 14, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@Kawron Kawron Kawron approved these changes

@rjha-splunk rjha-splunk Awaiting requested review from rjha-splunk rjha-splunk is a code owner

@ajasnosz ajasnosz Awaiting requested review from ajasnosz

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sbylica-splunk @Kawron