Skip to content

Commit

Permalink
google_workspace,jamf_protect,ti_mandiant: add "preserve_original_eve…
Browse files Browse the repository at this point in the history
…nt" tag to documents with event.kind set to "pipeline_error"

This manually replays the changes in #12046.
  • Loading branch information
efd6 committed Dec 16, 2024
1 parent 53e2c5a commit aab6a0a
Show file tree
Hide file tree
Showing 25 changed files with 94 additions and 3 deletions.
5 changes: 5 additions & 0 deletions packages/google_workspace/changelog.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "2.27.0"
changes:
- description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".
type: enhancement
link: https://github.com/elastic/integrations/pull/99999999
- version: "2.26.1"
changes:
- description: Fix string literals in painless scripts.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -382,3 +382,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
Original file line number Diff line number Diff line change
Expand Up @@ -823,6 +823,10 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
Original file line number Diff line number Diff line change
Expand Up @@ -1056,6 +1056,10 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
Original file line number Diff line number Diff line change
Expand Up @@ -357,3 +357,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
Original file line number Diff line number Diff line change
Expand Up @@ -554,3 +554,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
Original file line number Diff line number Diff line change
Expand Up @@ -276,6 +276,10 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
Original file line number Diff line number Diff line change
Expand Up @@ -337,3 +337,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
Original file line number Diff line number Diff line change
Expand Up @@ -377,3 +377,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
Original file line number Diff line number Diff line change
Expand Up @@ -307,6 +307,10 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,10 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
Original file line number Diff line number Diff line change
Expand Up @@ -527,6 +527,10 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,10 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
Original file line number Diff line number Diff line change
Expand Up @@ -371,3 +371,7 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,10 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
2 changes: 1 addition & 1 deletion packages/google_workspace/manifest.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: google_workspace
title: Google Workspace
version: "2.26.1"
version: "2.27.0"
source:
license: Elastic-2.0
description: Collect logs from Google Workspace with Elastic Agent.
Expand Down
5 changes: 5 additions & 0 deletions packages/jamf_protect/changelog.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "2.8.0"
changes:
- description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".
type: enhancement
link: https://github.com/elastic/integrations/pull/99999999
- version: "2.7.0"
changes:
- description: Do not remove `event.original` in main ingest pipeline.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -486,6 +486,10 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
Original file line number Diff line number Diff line change
Expand Up @@ -353,6 +353,10 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
- append:
field: error.message
value: >-
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,10 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,10 @@ on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
- append:
field: error.message
value: '{{{ _ingest.on_failure_message }}}'
2 changes: 1 addition & 1 deletion packages/jamf_protect/manifest.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: 3.0.3
name: jamf_protect
title: Jamf Protect
version: "2.7.0"
version: "2.8.0"
description: Receives events from Jamf Protect with Elastic Agent.
type: integration
categories:
Expand Down
5 changes: 5 additions & 0 deletions packages/ti_mandiant_advantage/changelog.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.7.0"
changes:
- description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error".
type: enhancement
link: https://github.com/elastic/integrations/pull/99999999
- version: "1.6.0"
changes:
- description: Add support for proxy configuration.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -415,3 +415,7 @@ on_failure:
field: event.kind
value: pipeline_error
allow_duplicates: false
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
2 changes: 1 addition & 1 deletion packages/ti_mandiant_advantage/manifest.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: 3.0.2
name: ti_mandiant_advantage
title: "Mandiant Advantage"
version: "1.6.0"
version: "1.7.0"
source:
license: "Elastic-2.0"
description: "Collect Threat Intelligence from products within the Mandiant Advantage platform."
Expand Down

0 comments on commit aab6a0a

Please sign in to comment.