Skip to content

sentinel_one: do not log empty template as DEGRADED health #16070

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 24, 2025
Merged

sentinel_one: do not log empty template as DEGRADED health #16070

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions packages/sentinel_one/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.43.2"
changes:
- description: Do not log expected empty template results as DEGRADED health in agent or group data streams.
type: bugfix
link: https://github.com/elastic/integrations/pull/16070
- version: "1.43.1"
changes:
- description: Do not log expected empty template results as DEGRADED health in activity, alert or threat data streams.
Expand Down
2 changes: 2 additions & 0 deletions packages/sentinel_one/data_stream/agent/_dev/test/policy/test-all.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ inputs:
- config_version: 2
cursor:
last_update_at:
do_not_log_failure: true
ignore_empty_value: true
value: '[[.last_event.updatedAt]]'
data_stream:
Expand Down Expand Up @@ -134,6 +135,7 @@ inputs:
request.url: http://host.tld/web/api/v2.1/agents
response.pagination:
- set:
do_not_log_failure: true
fail_on_template_error: true
target: url.params.cursor
value: '[[if (ne .last_response.body.pagination.nextCursor nil)]][[.last_response.body.pagination.nextCursor]][[end]]'
Expand Down
2 changes: 2 additions & 0 deletions packages/sentinel_one/data_stream/agent/_dev/test/policy/test-default.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ inputs:
- config_version: 2
cursor:
last_update_at:
do_not_log_failure: true
ignore_empty_value: true
value: '[[.last_event.updatedAt]]'
data_stream:
Expand Down Expand Up @@ -41,6 +42,7 @@ inputs:
request.url: http://host.tld/web/api/v2.1/agents
response.pagination:
- set:
do_not_log_failure: true
fail_on_template_error: true
target: url.params.cursor
value: '[[if (ne .last_response.body.pagination.nextCursor nil)]][[.last_response.body.pagination.nextCursor]][[end]]'
Expand Down
2 changes: 2 additions & 0 deletions packages/sentinel_one/data_stream/agent/agent/stream/httpjson.yml.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,12 @@ response.pagination:
target: url.params.cursor
value: '[[if (ne .last_response.body.pagination.nextCursor nil)]][[.last_response.body.pagination.nextCursor]][[end]]'
fail_on_template_error: true
do_not_log_failure: true
cursor:
last_update_at:
value: '[[.last_event.updatedAt]]'
ignore_empty_value: true
do_not_log_failure: true
response.split:
target: body.data
ignore_empty_value: true
Expand Down
2 changes: 2 additions & 0 deletions packages/sentinel_one/data_stream/group/_dev/test/policy/test-all.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ inputs:
- config_version: 2
cursor:
last_update_at:
do_not_log_failure: true
ignore_empty_value: true
value: '[[.last_event.updatedAt]]'
data_stream:
Expand Down Expand Up @@ -134,6 +135,7 @@ inputs:
request.url: http://host.tld/web/api/v2.1/groups
response.pagination:
- set:
do_not_log_failure: true
fail_on_template_error: true
target: url.params.cursor
value: '[[if (ne .last_response.body.pagination.nextCursor nil)]][[.last_response.body.pagination.nextCursor]][[end]]'
Expand Down
2 changes: 2 additions & 0 deletions packages/sentinel_one/data_stream/group/_dev/test/policy/test-default.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ inputs:
- config_version: 2
cursor:
last_update_at:
do_not_log_failure: true
ignore_empty_value: true
value: '[[.last_event.updatedAt]]'
data_stream:
Expand Down Expand Up @@ -41,6 +42,7 @@ inputs:
request.url: http://host.tld/web/api/v2.1/groups
response.pagination:
- set:
do_not_log_failure: true
fail_on_template_error: true
target: url.params.cursor
value: '[[if (ne .last_response.body.pagination.nextCursor nil)]][[.last_response.body.pagination.nextCursor]][[end]]'
Expand Down
2 changes: 2 additions & 0 deletions packages/sentinel_one/data_stream/group/agent/stream/httpjson.yml.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,12 @@ response.pagination:
target: url.params.cursor
value: '[[if (ne .last_response.body.pagination.nextCursor nil)]][[.last_response.body.pagination.nextCursor]][[end]]'
fail_on_template_error: true
do_not_log_failure: true
cursor:
last_update_at:
value: '[[.last_event.updatedAt]]'
ignore_empty_value: true
do_not_log_failure: true
response.split:
target: body.data
ignore_empty_value: true
Expand Down
2 changes: 1 addition & 1 deletion packages/sentinel_one/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: "3.4.0"
name: sentinel_one
title: SentinelOne
version: "1.43.1"
version: "1.43.2"
description: Collect logs from SentinelOne with Elastic Agent.
type: integration
categories:
Expand Down