You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description of the issue:
organization.id is a common field that can be used in multi-tenant environments. However, there are multiple elastic managed pipelines (o365 audit, cisco meraki, google workspace, zscaler, and possibly more)
that try to set organization.id and fails if the organization.id already exists. It should be noted in the ECS documentation to not set this field upfront or pipelines should be changed. i will create an integrations bug report (which is where those pipelines are maintained).
Description of the issue:
organization.id is a common field that can be used in multi-tenant environments. However, there are multiple elastic managed pipelines (o365 audit, cisco meraki, google workspace, zscaler, and possibly more)
that try to set organization.id and fails if the organization.id already exists. It should be noted in the ECS documentation to not set this field upfront or pipelines should be changed. i will create an integrations bug report (which is where those pipelines are maintained).
reference o365audit pipeline
https://github.com/elastic/integrations/blob/b50c74066d3cca005259bcfccd7543b9dc4a107b/packages/o365/data_stream/audit/elasticsearch/ingest_pipeline/default.yml#L73
https://www.elastic.co/guide/en/ecs/current/ecs-organization.html#field-organization-id
Any additional context or examples:
The text was updated successfully, but these errors were encountered: