New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GCP Audit Logs Integration v2.14.0 - Ingest Pipeline fails #4589
Comments
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
@rediasec Can you provide a sanitised |
|
Any news on this one i see the same thing? |
I confirm that I have the same issue with the latest version of the integration: 2.16.0 |
Just got the same issue and following @anrsec suggestion I edited the The only difference is that I'm using this conditional:
From google documentation, it seems that the
I can make a PR with this fix. |
Added the PR with the suggested change by @anrsec
|
Due to an error in a "Convert" processor, the ingest pipeline fails to properly parse and map the log fields:
For example,
json.protoPayload.methodName
should have been mapped toevent.action
but didn't happen when the following field was present:error.message: 'private' is not an IP string literal.
This can be fixed by changing an existing
Convert
Processor fromlogs-gcp.audit-2.14.0
managed ingest pipeline to the following:The text was updated successfully, but these errors were encountered: