Skip to content

Update unique keys for latest issues transform to catch all updates #15700

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Update unique keys for latest issues transform to catch all updates #15700

wants to merge 5 commits into from
+9 −6

Conversation

clement-fouque
Copy link
Contributor

@clement-fouque clement-fouque commented Oct 20, 2025
edited
Loading

Proposed commit message

This pull request updates the configuration for the GitHub issues Elasticsearch transform to improve how the latest state of issues is tracked and stored. The main focus is on making the transform more robust by using more reliable unique keys and bumping the transform version.

The previous transform wasn't taking into account all updates (e.g. adding a label to an issue). Since the field github.issues.updated_at changes each time the issue is updated, this field covers more use cases that the initial github.issues.created_at field. I've also changed the unique issue identifier from url to github.issues.id.

Key changes:

Transform logic improvements:

  • Changed the unique_key fields in latest_issues/transform.yml to use github.issues.id and github.issues.updated_at instead of repository and URL fields. This ensures that the transform identifies the latest issue state more reliably and efficiently.

Versioning:

  • Updated the _meta.fleet_transform_version from 1.0.0 to 2.0.0 to indicate a breaking change and trigger reinstallation and restart of the transform.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@clement-fouque clement-fouque added breaking change bugfix Pull request that fixes a bug issue Integration:github GitHub labels Oct 20, 2025
@clement-fouque
Copy link
Contributor Author

I confirmed locally that the transform is working as expected.
image
image

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@clement-fouque clement-fouque marked this pull request as ready for review October 20, 2025 22:12
@clement-fouque clement-fouque requested a review from a team as a code owner October 20, 2025 22:12
efd6
efd6 reviewed Oct 20, 2025
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not a refactor; it changes behaviour. Can we have a clearer title to explain what is being done?

@clement-fouque clement-fouque changed the title refactor(transform): update unique keys for latest issues and bump ve… Update unique keys for latest issues transform to catch all updates Oct 21, 2025
@clement-fouque
Copy link
Contributor Author

I’ve updated the title and PR description, and changed the version from ⁠2.18.0 to ⁠2.17.1. Initially, I thought this was a breaking change. However, since the transform is deleted and recreated, it’s not a breaking change after all.

@efd6, could you please review? Thanks.

@andrewkroh andrewkroh added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Oct 21, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elasticmachine
Copy link

💚 Build Succeeded

History

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efd6 efd6 efd6 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bugfix Pull request that fixes a bug issue Integration:github GitHub Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@clement-fouque @elasticmachine @efd6 @andrewkroh