Skip to content

feat: Preserve event.original when pipeline errors in integration-experience integrations (part 4) #15806

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat: Preserve event.original when pipeline errors in integration-experience integrations (part 4) #15806

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions packages/sophos/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "3.16.0"
changes:
- description: Preserve event.original on pipeline error.
type: enhancement
link: https://github.com/elastic/integrations/pull/15806
- version: "3.15.4"
changes:
- description: Generate processor tags and normalize error handler.
Expand Down
10 changes: 10 additions & 0 deletions packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,12 @@ processors:
return false;
}
dropEmptyFields(ctx);
- append:
tag: append_preserve_original_event_on_error
field: tags
value: preserve_original_event
allow_duplicates: false
if: ctx.error?.message != null
on_failure:
- append:
field: error.message
Expand All @@ -237,3 +243,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/dhcp.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,3 +169,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/dns.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,3 +97,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/http.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -324,3 +324,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/packetfilter.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -276,3 +276,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/antispam.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,3 +163,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/antivirus.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -263,3 +263,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/atp.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,3 +144,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/cfilter.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -200,3 +200,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
10 changes: 10 additions & 0 deletions packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -869,6 +869,12 @@ processors:
- sophos.xg.severity
- sophos.xg.src_country
ignore_missing: true
- append:
tag: append_preserve_original_event_on_error
field: tags
value: preserve_original_event
allow_duplicates: false
if: ctx.error?.message != null
on_failure:
- set:
field: event.kind
Expand All @@ -880,3 +886,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/event.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,3 +151,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/firewall.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -276,3 +276,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/idp.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,3 +138,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/sandstorm.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -159,3 +159,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/systemhealth.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,3 +230,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/waf.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,3 +207,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/wifi.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,3 +36,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
2 changes: 1 addition & 1 deletion packages/sophos/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: "3.0.3"
name: sophos
title: Sophos
version: "3.15.4"
version: "3.16.0"
description: Collect logs from Sophos with Elastic Agent.
categories:
- security
Expand Down
5 changes: 5 additions & 0 deletions packages/squid/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.4.0"
changes:
- description: Preserve event.original on pipeline error.
type: enhancement
link: https://github.com/elastic/integrations/pull/15806
- version: "1.3.2"
changes:
- description: Generate processor tags and normalize error handler.
Expand Down
10 changes: 10 additions & 0 deletions packages/squid/data_stream/log/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,12 @@ processors:
field:
- _tmp
ignore_missing: true
- append:
tag: append_preserve_original_event_on_error
field: tags
value: preserve_original_event
allow_duplicates: false
if: ctx.error?.message != null

on_failure:
- remove:
Expand All @@ -265,3 +271,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
2 changes: 1 addition & 1 deletion packages/squid/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: 3.2.1
name: squid
title: Squid Proxy
version: "1.3.2"
version: "1.4.0"
description: Collect and parse logs from Squid devices with Elastic Agent.
categories:
# Observability is a parent category for web
Expand Down
5 changes: 5 additions & 0 deletions packages/stormshield/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.4.0"
changes:
- description: Preserve event.original on pipeline error.
type: enhancement
link: https://github.com/elastic/integrations/pull/15806
- version: "1.3.2"
changes:
- description: Generate processor tags and normalize error handler.
Expand Down
4 changes: 4 additions & 0 deletions packages/stormshield/data_stream/log/elasticsearch/ingest_pipeline/count.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,3 +56,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
10 changes: 10 additions & 0 deletions packages/stormshield/data_stream/log/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -556,6 +556,12 @@ processors:
field: _temp_
ignore_missing: true
ignore_failure: true
- append:
tag: append_preserve_original_event_on_error
field: tags
value: preserve_original_event
allow_duplicates: false
if: ctx.error?.message != null

on_failure:
- append:
Expand All @@ -568,3 +574,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/stormshield/data_stream/log/elasticsearch/ingest_pipeline/filterstat.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,3 +62,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/stormshield/data_stream/log/elasticsearch/ingest_pipeline/monitor.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,3 +158,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
2 changes: 1 addition & 1 deletion packages/stormshield/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: 3.1.1
name: stormshield
title: "StormShield SNS"
version: "1.3.2"
version: "1.4.0"
source:
license: "Elastic-2.0"
description: "Stormshield SNS integration."
Expand Down
5 changes: 5 additions & 0 deletions packages/suricata/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "2.26.0"
changes:
- description: Preserve event.original on pipeline error.
type: enhancement
link: https://github.com/elastic/integrations/pull/15806
- version: "2.25.2"
changes:
- description: Generate processor tags and normalize error handler.
Expand Down
10 changes: 10 additions & 0 deletions packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -788,6 +788,12 @@ processors:
- dns.question.domain
- _tmp_
ignore_missing: true
- append:
tag: append_preserve_original_event_on_error
field: tags
value: preserve_original_event
allow_duplicates: false
if: ctx.error?.message != null
on_failure:
- set:
field: event.kind
Expand All @@ -799,3 +805,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/dns-answer-v1.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/dns-answer-v2.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,3 +48,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/dns.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,3 +111,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
4 changes: 4 additions & 0 deletions packages/suricata/data_stream/eve/elasticsearch/ingest_pipeline/tls.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -294,3 +294,7 @@ on_failure:
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
2 changes: 1 addition & 1 deletion packages/suricata/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: suricata
title: Suricata
version: "2.25.2"
version: "2.26.0"
description: Collect logs from Suricata with Elastic Agent.
type: integration
icons:
Expand Down
5 changes: 5 additions & 0 deletions packages/syslog_router/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "0.4.0"
changes:
- description: Preserve event.original on pipeline error.
type: enhancement
link: https://github.com/elastic/integrations/pull/15806
- version: "0.3.1"
changes:
- description: Generate processor tags and normalize error handler.
Expand Down
10 changes: 10 additions & 0 deletions packages/syslog_router/data_stream/log/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,12 @@ processors:
tag: set_ecs_version_135371bc
field: ecs.version
value: 8.16.0
- append:
tag: append_preserve_original_event_on_error
field: tags
value: preserve_original_event
allow_duplicates: false
if: ctx.error?.message != null

on_failure:
- append:
Expand All @@ -17,3 +23,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
2 changes: 1 addition & 1 deletion packages/syslog_router/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: 3.2.1
name: syslog_router
title: "Syslog Router"
version: 0.3.1
version: 0.4.0
description: "Route syslog events to integrations with Elastic Agent."
type: integration
categories:
Expand Down
Loading