ssi_all: add "preserve_original_event" tag to documents with event.ki…

…nd set to "pipeline_error" Omit problematic package: eset_protect, jamf_protect and ti_mandiant_advantage. [git-generate] for f in $( ( for p in $( yq 'select(.owner.github == "elastic/security-service-integrations")|.name' packages/**/manifest.yml \ | grep -v -- --- ); do rg -l -g 'default.yml' "value: pipeline_error" packages/$p done )|sort|uniq|egrep -v 'eset_protect|jamf_protect|ti_mandiant_advantage' ); do (grep 'value: preserve_original_event' $f >/dev/null 2>&1) && continue perl -i -pe 'BEGIN{undef $/;} s/([a-z:"]) ( *)(- set:.*value: pipeline_error)/$1 $2$3 $2- append: $2 field: tags $2 value: preserve_original_event $2 allow_duplicates: false/smg' $f done for p in $(git diff --name-only HEAD~1|cut -d/ -f1,2|sort|uniq); do ( cd $p elastic-package changelog add \ --description 'Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".' \ --type enhancement \ --next minor \ --link #12046 )>/dev/null 2>&1 done
elastic · Dec 10, 2024 · 4e2052b · 4e2052b
1 parent dfe265e
commit 4e2052b
Show file tree

Hide file tree

Showing 612 changed files with 2,189 additions and 155 deletions.
diff --git a/packages/1password/changelog.yml b/packages/1password/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.31.0"
+  changes:
+    - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12046
 - version: "1.30.2"
   changes:
     - description: Unify the use of `user.full_name` and `user.name` in all data streams.

diff --git a/packages/1password/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml b/packages/1password/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml
@@ -138,6 +138,10 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
   - append:
       field: error.message
       value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml b/packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml
@@ -134,6 +134,10 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
   - append:
       field: error.message
       value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml b/packages/1password/data_stream/signin_attempts/elasticsearch/ingest_pipeline/default.yml
@@ -148,6 +148,10 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
   - append:
       field: error.message
       value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/1password/manifest.yml b/packages/1password/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: 1password
 title: "1Password"
-version: "1.30.2"
+version: "1.31.0"
 description: Collect logs from 1Password with Elastic Agent.
 type: integration
 categories:

diff --git a/packages/abnormal_security/changelog.yml b/packages/abnormal_security/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.1.0"
+  changes:
+    - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12046
 - version: "1.0.1"
   changes:
     - description: Fix broken link for the Abnormal Security integration.

diff --git a/...normal_security/data_stream/ai_security_mailbox/elasticsearch/ingest_pipeline/default.yml b/...normal_security/data_stream/ai_security_mailbox/elasticsearch/ingest_pipeline/default.yml
@@ -283,3 +283,7 @@ on_failure:
       field: event.kind
       tag: set_pipeline_error_to_event_kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
diff --git a/packages/abnormal_security/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/abnormal_security/data_stream/audit/elasticsearch/ingest_pipeline/default.yml
@@ -259,3 +259,7 @@ on_failure:
       field: event.kind
       tag: set_pipeline_error_to_event_kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
diff --git a/packages/abnormal_security/data_stream/case/elasticsearch/ingest_pipeline/default.yml b/packages/abnormal_security/data_stream/case/elasticsearch/ingest_pipeline/default.yml
@@ -222,3 +222,7 @@ on_failure:
       field: event.kind
       tag: set_pipeline_error_to_event_kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
diff --git a/packages/abnormal_security/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/abnormal_security/data_stream/threat/elasticsearch/ingest_pipeline/default.yml
@@ -543,3 +543,7 @@ on_failure:
       field: event.kind
       tag: set_pipeline_error_to_event_kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
diff --git a/packages/abnormal_security/manifest.yml b/packages/abnormal_security/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 3.2.1
 name: abnormal_security
 title: Abnormal Security
-version: 1.0.1
+version: 1.1.0
 description: Collect logs from Abnormal Security with Elastic Agent.
 type: integration
 categories:

diff --git a/packages/akamai/changelog.yml b/packages/akamai/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.27.0"
+  changes:
+    - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12046
 - version: "2.26.0"
   changes:
     - description: Handle input leniently.

diff --git a/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml b/packages/akamai/data_stream/siem/elasticsearch/ingest_pipeline/default.yml
@@ -545,6 +545,10 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
   - append:
       field: error.message
       value: >-

diff --git a/packages/akamai/manifest.yml b/packages/akamai/manifest.yml
@@ -1,6 +1,6 @@
 name: akamai
 title: Akamai
-version: "2.26.0"
+version: "2.27.0"
 description: Collect logs from Akamai with Elastic Agent.
 type: integration
 format_version: "3.0.2"

diff --git a/packages/amazon_security_lake/changelog.yml b/packages/amazon_security_lake/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.1.0"
+  changes:
+    - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12046
 - version: "2.0.0"
   changes:
     - description: Updated to support OCSF v1.1.0. with major pipeline rework and dynamic mapping support.

diff --git a/packages/amazon_security_lake/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/amazon_security_lake/data_stream/event/elasticsearch/ingest_pipeline/default.yml
@@ -1453,3 +1453,7 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
diff --git a/packages/amazon_security_lake/manifest.yml b/packages/amazon_security_lake/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.3"
 name: amazon_security_lake
 title: Amazon Security Lake
-version: "2.0.0"
+version: "2.1.0"
 description: Collect logs from Amazon Security Lake with Elastic Agent.
 type: integration
 categories: ["aws", "security"]

diff --git a/packages/atlassian_bitbucket/changelog.yml b/packages/atlassian_bitbucket/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.3.0"
+  changes:
+    - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12046
 - version: "2.2.2"
   changes:
     - description: Use triple-brace Mustache templating when referencing variables in ingest pipelines.

diff --git a/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_bitbucket/data_stream/audit/elasticsearch/ingest_pipeline/default.yml
@@ -443,6 +443,10 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
   - append:
       field: error.message
       value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/atlassian_bitbucket/manifest.yml b/packages/atlassian_bitbucket/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: atlassian_bitbucket
 title: Atlassian Bitbucket
-version: "2.2.2"
+version: "2.3.0"
 description: Collect logs from Atlassian Bitbucket with Elastic Agent.
 type: integration
 categories:

diff --git a/packages/atlassian_confluence/changelog.yml b/packages/atlassian_confluence/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.27.0"
+  changes:
+    - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12046
 - version: "1.26.1"
   changes:
     - description: Use triple-brace Mustache templating when referencing variables in ingest pipelines.

diff --git a/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_confluence/data_stream/audit/elasticsearch/ingest_pipeline/default.yml
@@ -434,6 +434,10 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
   - append:
       field: error.message
       value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/atlassian_confluence/manifest.yml b/packages/atlassian_confluence/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: atlassian_confluence
 title: Atlassian Confluence
-version: "1.26.1"
+version: "1.27.0"
 description: Collect logs from Atlassian Confluence with Elastic Agent.
 type: integration
 categories:

diff --git a/packages/atlassian_jira/changelog.yml b/packages/atlassian_jira/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.28.0"
+  changes:
+    - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12046
 - version: "1.27.2"
   changes:
     - description: Use triple-brace Mustache templating when referencing variables in ingest pipelines.

diff --git a/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/atlassian_jira/data_stream/audit/elasticsearch/ingest_pipeline/default.yml
@@ -413,6 +413,10 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
   - append:
       field: error.message
       value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/atlassian_jira/manifest.yml b/packages/atlassian_jira/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: atlassian_jira
 title: Atlassian Jira
-version: "1.27.2"
+version: "1.28.0"
 description: Collect logs from Atlassian Jira with Elastic Agent.
 type: integration
 categories:

diff --git a/packages/auth0/changelog.yml b/packages/auth0/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.19.0"
+  changes:
+    - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12046
 - version: "1.18.1"
   changes:
     - description: Fix dashboard visualisations containing empty data.

diff --git a/packages/auth0/data_stream/logs/elasticsearch/ingest_pipeline/default.yml b/packages/auth0/data_stream/logs/elasticsearch/ingest_pipeline/default.yml
@@ -1105,6 +1105,10 @@ on_failure:
 - set:
     field: event.kind
     value: pipeline_error
+- append:
+    field: tags
+    value: preserve_original_event
+    allow_duplicates: false
 - append:
     field: error.message
     value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/auth0/manifest.yml b/packages/auth0/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: auth0
 title: "Auth0"
-version: "1.18.1"
+version: "1.19.0"
 description: Collect logs from Auth0 with Elastic Agent.
 type: integration
 categories:

diff --git a/packages/authentik/changelog.yml b/packages/authentik/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.1.0"
+  changes:
+    - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12046
 - version: "1.0.0"
   changes:
     - description: Release package as GA.

diff --git a/packages/authentik/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/authentik/data_stream/event/elasticsearch/ingest_pipeline/default.yml
@@ -520,3 +520,7 @@ on_failure:
       field: event.kind
       tag: set_pipeline_error_to_event_kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
diff --git a/packages/authentik/data_stream/group/elasticsearch/ingest_pipeline/default.yml b/packages/authentik/data_stream/group/elasticsearch/ingest_pipeline/default.yml
@@ -160,3 +160,7 @@ on_failure:
       field: event.kind
       tag: set_pipeline_error_to_event_kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
diff --git a/packages/authentik/data_stream/user/elasticsearch/ingest_pipeline/default.yml b/packages/authentik/data_stream/user/elasticsearch/ingest_pipeline/default.yml
@@ -218,3 +218,7 @@ on_failure:
       field: event.kind
       tag: set_pipeline_error_to_event_kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
diff --git a/packages/authentik/manifest.yml b/packages/authentik/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 3.2.1
 name: authentik
 title: authentik
-version: 1.0.0
+version: 1.1.0
 description: Collect logs from authentik with Elastic Agent.
 type: integration
 categories:

diff --git a/packages/aws_bedrock/changelog.yml b/packages/aws_bedrock/changelog.yml
@@ -1,3 +1,8 @@
+- version: "0.16.0"
+  changes:
+    - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12046
 - version: "0.15.0"
   changes:
     - description: Retain contextualGroundingPolicy check details.

diff --git a/packages/aws_bedrock/data_stream/runtime/elasticsearch/ingest_pipeline/default.yml b/packages/aws_bedrock/data_stream/runtime/elasticsearch/ingest_pipeline/default.yml
@@ -69,6 +69,10 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
   - set:
       field: error.message
       value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
diff --git a/packages/aws_bedrock/manifest.yml b/packages/aws_bedrock/manifest.yml
@@ -3,7 +3,7 @@ name: aws_bedrock
 title: Amazon Bedrock
 description: Collect Amazon Bedrock model invocation logs and runtime metrics with Elastic Agent.
 type: integration
-version: "0.15.0"
+version: "0.16.0"
 categories:
   - aws
 conditions:

diff --git a/packages/azure_frontdoor/changelog.yml b/packages/azure_frontdoor/changelog.yml
@@ -1,3 +1,8 @@
+- version: "2.1.0"
+  changes:
+    - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12046
 - version: "2.0.1"
   changes:
     - description: Use triple-brace Mustache templating when referencing variables in ingest pipelines.

diff --git a/packages/azure_frontdoor/data_stream/access/elasticsearch/ingest_pipeline/default.yml b/packages/azure_frontdoor/data_stream/access/elasticsearch/ingest_pipeline/default.yml
@@ -342,6 +342,10 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
   - append:
       field: error.message
       value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/azure_frontdoor/data_stream/waf/elasticsearch/ingest_pipeline/default.yml b/packages/azure_frontdoor/data_stream/waf/elasticsearch/ingest_pipeline/default.yml
@@ -265,6 +265,10 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
   - append:
       field: error.message
       value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/azure_frontdoor/manifest.yml b/packages/azure_frontdoor/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: azure_frontdoor
 title: "Azure Frontdoor"
-version: "2.0.1"
+version: "2.1.0"
 description: "This Elastic integration collects logs from Azure Frontdoor."
 type: integration
 categories: