Fix build issues

elastic · Sep 19, 2024 · 9702a76 · 9702a76
1 parent 5e3f48f
commit 9702a76
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/packages/hpe_aruba_cx/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/hpe_aruba_cx/data_stream/log/elasticsearch/ingest_pipeline/default.yml
@@ -1,11 +1,14 @@
 ---
-description: Pipeline for processing sample logs
+description: Pipeline for processing sample logs.
+
 processors:
   - set:
       field: event.original
       copy_from: message
+      override: false
   - remove:
       field: message
+      ignore_missing: true
   - set:
       field: ecs.version
       value: '8.11.0'
@@ -15,10 +18,10 @@ processors:
   # TBD
   #
 
-  on_failure:
+on_failure:
   - set:
       field: event.kind
       value: pipeline_error
   - append:
       field: error.message
-      value: '{{{ _ingest.on_failure_message }}}'
+      value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/hpe_aruba_cx/docs/README.md b/packages/hpe_aruba_cx/docs/README.md
@@ -1464,6 +1464,7 @@ The `log` dataset collects the HPE Aruba CX logs.
 | event.action | The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. | keyword |
 | event.code | Identification code for this event, if one exists. Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID. | keyword |
 | event.end | `event.end` contains the date when the event ended or when the activity was last observed. | date |
+| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data is coming in at a regular interval or not. | keyword |
 | event.reason | Reason why this event happened, according to the source. This describes the why of a particular action or outcome captured in the event. Where `event.action` captures the action from the event, `event.reason` describes why that action was taken. For example, a web proxy with an `event.action` which denied the request may also populate `event.reason` with the reason why (e.g. `blocked site`). | keyword |
 | event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword |
 | file.name | Name of the file including the extension, without the directory. | keyword |