wrong if statement in x-pack/filebeat/module/fortinet/firewall/ingest/event.yml

[0x00Jeff]

What does this PR do?

this PR corrects a wrong field name in event.yml config for beats

Why is it important?

without this correction, filebeats will send the wrong output to elasticsearch when the type of the log entry is event

in this line, the rename processor tests if destination.address null, if yes it renames fortinet.firewall.dst_host to it, and in this, the processor (mistakenly) tests if destination.address is null again, then renames fortinet.firewall.dst_host to destination.domain. it should test if destination.domain is null instead of ctx.destination.address

Checklist

• [ ] My code follows the style guidelines of this project
• [ ] I have commented my code, particularly in hard-to-understand areas
• [ ] I have made corresponding changes to the documentation
• [ ] I have made corresponding change to the default configuration files
• [ ] I have added tests that prove my fix is effective or that my feature works
• [ ] I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

• [ ]

How to test this PR locally

in the case where the change needs to be tested, one has to setup filebeats parse fortinet logs that are of type event

[cla-checker-service]

❌ Author of the following commits did not sign a Contributor Agreement:
5848f45, 24c7fa2, d3c3b4e

Please, read and sign the above mentioned agreement if you want to contribute to this project

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @0x00Jeff? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

[elasticmachine]

❕ Build Aborted

The PR is not allowed to run in the CI yet

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-02-08T13:14:10.221+0000

• Duration: 5 min 1 sec

Steps errors

Expand to view the steps failures

Load a resource file from a library

• Took 0 min 0 sec . View more details here
• Description: approval-list/elastic/beats.yml

Error signal

• Took 0 min 0 sec . View more details here
• Description: githubApiCall: The REST API call https://api.github.com/orgs/elastic/members/0x00Jeff return the message : java.lang.Exception: httpRequest: Failure connecting to the service https://api.github.com/orgs/elastic/members/0x00Jeff : httpRequest: Failure connecting to the service https://api.github.com/orgs/elastic/members/0x00Jeff : Code: 404Error: {"message":"User does not exist or is not a member of the organization","documentation_url":"https://docs.github.com/rest/reference/orgs#check-organization-membership-for-a-user"}

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[kcreddy]

Hey @0x00Jeff, thanks for opening the PR.
Could you please do the following:

1. Sign the CLA
2. Add changelog entry
3. Run integration tests

[kcreddy]

Change requested as per the comment: #34446 (comment)

[0x00Jeff]

hey @kcreddy , I don't know what should I put in the title field in the CLA to sign it as an individual ? can you explain what goes in to that field ?

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b main upstream/main
git merge upstream/main
git push upstream main

[kcreddy]

Hey @0x00Jeff, title field not quite important to us. Usually contributors write there whatever they want. Like Mr/Ms/Engineer/Developer/DevOps

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b main upstream/main
git merge upstream/main
git push upstream main

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b main upstream/main
git merge upstream/main
git push upstream main

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @0x00Jeff? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

[elasticmachine]

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)