Skip to content

[np]*: ensure event.kind is correctly set for pipeline errors #6662

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 22, 2023
Merged

[np]*: ensure event.kind is correctly set for pipeline errors #6662

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions packages/netscout/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "0.16.0"
changes:
- description: Ensure event.kind is correctly set for pipeline errors.
type: enhancement
link: https://github.com/elastic/integrations/pull/6662
- version: "0.15.0"
changes:
- description: Update package to ECS 8.8.0.
Expand Down
5 changes: 4 additions & 1 deletion packages/netscout/data_stream/sightline/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,9 @@ processors:
ignore_failure: true
ignore_missing: true
on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: "{{ _ingest.on_failure_message }}"
value: '{{{ _ingest.on_failure_message }}}'
2 changes: 1 addition & 1 deletion packages/netscout/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: 2.7.0
name: netscout
title: Arbor Peakflow SP Logs
version: "0.15.0"
version: "0.16.0"
description: Collect and parse logs from Netscout Arbor Peakflow SP with Elastic Agent.
categories: ["security", "network"]
type: integration
Expand Down
5 changes: 5 additions & 0 deletions packages/netskope/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.9.0"
changes:
- description: Ensure event.kind is correctly set for pipeline errors.
type: enhancement
link: https://github.com/elastic/integrations/pull/6662
- version: "1.8.0"
changes:
- description: Update package to ECS 8.8.0.
Expand Down
9 changes: 6 additions & 3 deletions packages/netskope/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1348,6 +1348,9 @@ processors:
ignore_failure: true
ignore_missing: true
on_failure:
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
9 changes: 6 additions & 3 deletions packages/netskope/data_stream/events/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1088,6 +1088,9 @@ processors:
ignore_failure: true
ignore_missing: true
on_failure:
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
2 changes: 1 addition & 1 deletion packages/netskope/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: 1.0.0
name: netskope
title: "Netskope"
version: "1.8.0"
version: "1.9.0"
license: basic
description: Collect logs from Netskope with Elastic Agent.
type: integration
Expand Down
5 changes: 5 additions & 0 deletions packages/panw/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "3.12.0"
changes:
- description: Ensure event.kind is correctly set for pipeline errors.
type: enhancement
link: https://github.com/elastic/integrations/pull/6662
- version: "3.11.0"
changes:
- description: Split panw.panos.url_category_list field in threat logs
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/authentication.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,9 @@ processors:
copy_from: _temp_.user_agent
ignore_failure: true
on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: >-
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,9 @@ processors:
value: unknown

on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: >-
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/correlated_event.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,9 @@ processors:
ignore_failure: true

on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: >-
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/decryption.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,9 @@ processors:
ctx.tls.version_protocol = ctx._temp_?.tls.substring(0,3).toLowerCase();
ctx.tls.version = ctx._temp_?.tls.substring(3,6);
on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: >-
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1662,6 +1662,9 @@ processors:
dropEmptyFields(ctx);

on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: 'error.message'
value: '{{{ _ingest.on_failure_message }}} {{{ _ingest.on_failure_processor_type }}}'
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/globalprotect.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,9 @@ processors:
ignore_failure: true

on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: >-
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/gtp.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,9 @@ processors:
ignore_failure: true

on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: >-
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/hipmatch.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,9 @@ processors:
ignore_failure: true

on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: >-
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/ip_tag.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,9 @@ processors:
ignore_failure: true

on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: >-
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/sctp.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,9 @@ processors:
ignore_failure: true

on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: >-
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/system.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,9 @@ processors:
ignore_failure: true

on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: >-
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/threat.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -348,6 +348,9 @@ processors:
separator: ","

on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: >-
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/traffic.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,9 @@ processors:
on_failure: [{'append': {'field': 'error.message', 'value': '{{{ _ingest.on_failure_message }}}'}}]

on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: >-
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/tunnel_inspection.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,9 @@ processors:
ignore_failure: true

on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: >-
Expand Down
3 changes: 3 additions & 0 deletions packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/userid.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,9 @@ processors:
on_failure: [{'append': {'field': 'error.message', 'value': '{{{ _ingest.on_failure_message }}}'}}]

on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: >-
Expand Down
2 changes: 1 addition & 1 deletion packages/panw/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: panw
title: Palo Alto Next-Gen Firewall
version: "3.11.0"
version: "3.12.0"
release: ga
description: Collect logs from Palo Alto next-gen firewalls with Elastic Agent.
type: integration
Expand Down
5 changes: 5 additions & 0 deletions packages/panw_cortex_xdr/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.12.0"
changes:
- description: Ensure event.kind is correctly set for pipeline errors.
type: enhancement
link: https://github.com/elastic/integrations/pull/6662
- version: "1.11.0"
changes:
- description: Update package to ECS 8.8.0.
Expand Down
5 changes: 4 additions & 1 deletion packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -560,5 +560,8 @@ processors:
ignore_missing: true
on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: "{{ _ingest.on_failure_message }}"
value: '{{{ _ingest.on_failure_message }}}'
2 changes: 1 addition & 1 deletion packages/panw_cortex_xdr/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: panw_cortex_xdr
title: Palo Alto Cortex XDR
version: "1.11.0"
version: "1.12.0"
release: ga
description: Collect logs from Palo Alto Cortex XDR with Elastic Agent.
type: integration
Expand Down
5 changes: 5 additions & 0 deletions packages/pfsense/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.9.0"
changes:
- description: Ensure event.kind is correctly set for pipeline errors.
type: enhancement
link: https://github.com/elastic/integrations/pull/6662
- version: "1.8.0"
changes:
- description: Update package to ECS 8.8.0.
Expand Down
5 changes: 4 additions & 1 deletion packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,9 @@ on_failure:
field:
- _tmp
ignore_failure: true
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: '{{ _ingest.on_failure_message }}'
value: '{{{ _ingest.on_failure_message }}}'
5 changes: 4 additions & 1 deletion packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/dhcp.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,9 @@ processors:
allow_duplicates: false
if: "ctx.pfsense?.log?.dhcp?.hostname != null"
on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: '{{ _ingest.on_failure_message }}'
value: '{{{ _ingest.on_failure_message }}}'
5 changes: 4 additions & 1 deletion packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/firewall.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,9 @@ processors:
- UNIX
- UNIX_MS
on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: '{{ _ingest.on_failure_message }}'
value: '{{{ _ingest.on_failure_message }}}'
5 changes: 4 additions & 1 deletion packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/haproxy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,5 +99,8 @@ processors:
ignore_missing: true
on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: '{{ _ingest.on_failure_message }}'
value: '{{{ _ingest.on_failure_message }}}'
5 changes: 4 additions & 1 deletion packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/ipsec.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ processors:
field: network.protocol
value: ipsec
on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: '{{ _ingest.on_failure_message }}'
value: '{{{ _ingest.on_failure_message }}}'
5 changes: 4 additions & 1 deletion packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/openvpn.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@ processors:
field: network.protocol
value: openvpn
on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: '{{ _ingest.on_failure_message }}'
value: '{{{ _ingest.on_failure_message }}}'
5 changes: 4 additions & 1 deletion packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/php-fpm.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,9 @@ processors:
target_field: host.name
ignore_missing: true
on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: '{{ _ingest.on_failure_message }}'
value: '{{{ _ingest.on_failure_message }}}'
5 changes: 4 additions & 1 deletion packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/squid.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,8 @@ processors:
if: "ctx.http?.response?.status_code != null && ctx.http.response.status_code >= 400"
on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: '{{ _ingest.on_failure_message }}'
value: '{{{ _ingest.on_failure_message }}}'
5 changes: 4 additions & 1 deletion packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/unbound.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,9 @@ processors:
copy_from: source
ignore_empty_value: true
on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: error.message
value: '{{ _ingest.on_failure_message }}'
value: '{{{ _ingest.on_failure_message }}}'
2 changes: 1 addition & 1 deletion packages/pfsense/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: pfsense
title: pfSense
version: "1.8.0"
version: "1.9.0"
release: ga
description: Collect logs from pfSense and OPNsense with Elastic Agent.
type: integration
Expand Down
Loading