security-service-integrations: retain event.original value upon pipeline errors #12067
Labels
enhancement
New feature or request
Team:Security-Service Integrations
Security Service Integrations Team [elastic/security-service-integrations]
This is the security-service-integrations sub issue for #12045.
add preserve_original_event in primary on_failure handlers ssi_all: add "preserve_original_event" tag to documents with event.kind set to "pipeline_error" #12046 google_workspace,jamf_protect,ti_mandiant: add "preserve_original_event" tag to documents with event.kind set to "pipeline_error" #12108
add preserve_original_event in cases of manual setting
event.kind
to "pipeline_error" ssi_all: add "preserve_original_event" tag to documents with event.kind manually set to "pipeline_error" #12109ensure no remove event.original processors remain ssi_all: do not remove event.original in main ingest pipeline #12076 okta: do not remove event.original in main ingest #12127
quatch
The text was updated successfully, but these errors were encountered: