Fix multi-line string handling for config variable

The default value for `fdr_parsing_script` is a multline line string. When the handlebar template was evaluated this created invalid YAML. By changing the variable type to 'yaml' Kibana produces config that is valid. It looks like sqs.notification_parse_script: >- function parse(n) { var m = JSON.parse(n); var evts = []; var files = m.files; ... I cannot find any documentation for the 'yaml' variable type so I hoping this is how it was expected to be used.
elastic · Feb 15, 2022 · 225ff2f · 225ff2f
1 parent b8b2751
commit 225ff2f
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 4 deletions.
diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.2.3"
+  changes:
+    - description: Change type of 'fdr_parsing_script' variable to 'yaml' that the multi-line value is treated as a string.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/
 - version: "1.2.2"
   changes:
     - description: Add Ingest Pipeline script to map IANA Protocol Numbers
@@ -8,7 +13,7 @@
   changes:
     - description: Fix issue with "Is FDR Queue" selector having no effect.
       type: bugfix
-      link: https://github.com/elastic/integrations/pull/
+      link: https://github.com/elastic/integrations/pull/2653
 - version: "1.2.0"
   changes:
     - description: Update to ECS 8.0

diff --git a/packages/crowdstrike/data_stream/fdr/agent/stream/aws-s3.yml.hbs b/packages/crowdstrike/data_stream/fdr/agent/stream/aws-s3.yml.hbs
@@ -33,7 +33,7 @@ fips_enabled: {{fips_enabled}}
 proxy_url: {{proxy_url}}
 {{/if}}
 {{#if is_fdr_queue}}
-sqs.notification_parse_script: {{fdr_parsing_script}}
+sqs.notification_parsing_script.source: {{fdr_parsing_script}}
 {{/if}}
 {{#if tags.length}}
 tags:

diff --git a/packages/crowdstrike/data_stream/fdr/manifest.yml b/packages/crowdstrike/data_stream/fdr/manifest.yml
@@ -105,7 +105,7 @@ streams:
         show_user: false
         description: URL to proxy connections in the form of http[s]://<user>:<password>@<server name/ip>:<port>
       - name: fdr_parsing_script
-        type: text
+        type: yaml
         title: FDR Notification Parsing Script
         multi: false
         required: true

diff --git a/packages/crowdstrike/manifest.yml b/packages/crowdstrike/manifest.yml
@@ -1,6 +1,6 @@
 name: crowdstrike
 title: CrowdStrike Logs
-version: 1.2.2
+version: 1.2.3
 description: Collect and parse falcon logs from Crowdstrike products with Elastic Agent.
 type: integration
 format_version: 1.0.0