sentinel_one: do not log empty template as DEGRADED health

efd6 · efd6 · commit 86a7c47faf9c · 2025-11-21T11:29:04.000+10:30
diff --git a/packages/sentinel_one/changelog.yml b/packages/sentinel_one/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.43.2"
+  changes:
+    - description: Do not log expected empty template results as DEGRADED health in agent or group data streams.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/16070
 - version: "1.43.1"
   changes:
     - description: Do not log expected empty template results as DEGRADED health in activity, alert or threat data streams.
diff --git a/packages/sentinel_one/data_stream/agent/_dev/test/policy/test-all.expected b/packages/sentinel_one/data_stream/agent/_dev/test/policy/test-all.expected
@@ -9,6 +9,7 @@ inputs:
         - config_version: 2
           cursor:
             last_update_at:
+                do_not_log_failure: true
                 ignore_empty_value: true
                 value: '[[.last_event.updatedAt]]'
           data_stream:
@@ -134,6 +135,7 @@ inputs:
           request.url: http://host.tld/web/api/v2.1/agents
           response.pagination:
             - set:
+                do_not_log_failure: true
                 fail_on_template_error: true
                 target: url.params.cursor
                 value: '[[if (ne .last_response.body.pagination.nextCursor nil)]][[.last_response.body.pagination.nextCursor]][[end]]'
diff --git a/packages/sentinel_one/data_stream/agent/_dev/test/policy/test-default.expected b/packages/sentinel_one/data_stream/agent/_dev/test/policy/test-default.expected
@@ -9,6 +9,7 @@ inputs:
         - config_version: 2
           cursor:
             last_update_at:
+                do_not_log_failure: true
                 ignore_empty_value: true
                 value: '[[.last_event.updatedAt]]'
           data_stream:
@@ -41,6 +42,7 @@ inputs:
           request.url: http://host.tld/web/api/v2.1/agents
           response.pagination:
             - set:
+                do_not_log_failure: true
                 fail_on_template_error: true
                 target: url.params.cursor
                 value: '[[if (ne .last_response.body.pagination.nextCursor nil)]][[.last_response.body.pagination.nextCursor]][[end]]'
diff --git a/packages/sentinel_one/data_stream/agent/agent/stream/httpjson.yml.hbs b/packages/sentinel_one/data_stream/agent/agent/stream/httpjson.yml.hbs
@@ -39,10 +39,12 @@ response.pagination:
       target: url.params.cursor
       value: '[[if (ne .last_response.body.pagination.nextCursor nil)]][[.last_response.body.pagination.nextCursor]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 cursor:
   last_update_at:
     value: '[[.last_event.updatedAt]]'
     ignore_empty_value: true
+    do_not_log_failure: true
 response.split:
   target: body.data
   ignore_empty_value: true
diff --git a/packages/sentinel_one/data_stream/group/_dev/test/policy/test-all.expected b/packages/sentinel_one/data_stream/group/_dev/test/policy/test-all.expected
@@ -9,6 +9,7 @@ inputs:
         - config_version: 2
           cursor:
             last_update_at:
+                do_not_log_failure: true
                 ignore_empty_value: true
                 value: '[[.last_event.updatedAt]]'
           data_stream:
@@ -134,6 +135,7 @@ inputs:
           request.url: http://host.tld/web/api/v2.1/groups
           response.pagination:
             - set:
+                do_not_log_failure: true
                 fail_on_template_error: true
                 target: url.params.cursor
                 value: '[[if (ne .last_response.body.pagination.nextCursor nil)]][[.last_response.body.pagination.nextCursor]][[end]]'
diff --git a/packages/sentinel_one/data_stream/group/_dev/test/policy/test-default.expected b/packages/sentinel_one/data_stream/group/_dev/test/policy/test-default.expected
@@ -9,6 +9,7 @@ inputs:
         - config_version: 2
           cursor:
             last_update_at:
+                do_not_log_failure: true
                 ignore_empty_value: true
                 value: '[[.last_event.updatedAt]]'
           data_stream:
@@ -41,6 +42,7 @@ inputs:
           request.url: http://host.tld/web/api/v2.1/groups
           response.pagination:
             - set:
+                do_not_log_failure: true
                 fail_on_template_error: true
                 target: url.params.cursor
                 value: '[[if (ne .last_response.body.pagination.nextCursor nil)]][[.last_response.body.pagination.nextCursor]][[end]]'
diff --git a/packages/sentinel_one/data_stream/group/agent/stream/httpjson.yml.hbs b/packages/sentinel_one/data_stream/group/agent/stream/httpjson.yml.hbs
@@ -39,10 +39,12 @@ response.pagination:
       target: url.params.cursor
       value: '[[if (ne .last_response.body.pagination.nextCursor nil)]][[.last_response.body.pagination.nextCursor]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 cursor:
   last_update_at:
     value: '[[.last_event.updatedAt]]'
     ignore_empty_value: true
+    do_not_log_failure: true
 response.split:
   target: body.data
   ignore_empty_value: true
diff --git a/packages/sentinel_one/manifest.yml b/packages/sentinel_one/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.4.0"
 name: sentinel_one
 title: SentinelOne
-version: "1.43.1"
+version: "1.43.2"
 description: Collect logs from SentinelOne with Elastic Agent.
 type: integration
 categories:
