[aws] add ignore_failure: true for uri_parts processor in s3access data stream

packages/aws/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "6.4.1"
+  changes:
+    - description: Ignore `uri_parts` failures on S3 access log request paths that the URI parser cannot handle.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/17915
 - version: "6.4.0"
   changes:
     - description: Set host.id alongside host.target.entity.id in CloudTrail pipeline for entity store host entity resolution.

packages/aws/data_stream/s3access/_dev/test/pipeline/test-s3-server-access.log

@@ -10,4 +10,5 @@
 b854390a51155554b82ce2759564a1135bce83133d004f4d2001f157e13985d7 flow-log-test [25/Mar/2025:19:28:02 +0000] - AmazonS3 366DB3C4B325AB11 S3.EXPIRE.OBJECT 0/chum/_vars/logtests/PlannerModule/5f6ea3b7da96ab304a77225d5b2b2a55e54b74e4ddfdf14b9b1d853d77515b88_9febba22f08b11ef8cf6020058a9efab/2024/12/30/164700/kitt_189/_spcu_sride__state_svx__feature__flags.sst "-" - - - 317 - - "-" "-" qsEq9bDa2VyxyZ4cz0c7oBnF67VYTTij DMlPb9al4CvVBck150CgpEIIYgtSI3HC/atetNVYwPtHZffW6jfpg+BrffhbT9/B - - - - - - -
 b854390a51155554b82ce2759564a1135bce83133d004f4d2001f157e13985d7 flow-log-test [25/Mar/2025:19:28:02 +0000] - AmazonS3 366DB3C4B325AB11 S3.EXPIRE.OBJECT 0/chum/_vars/logtests/PlannerModule/5f6ea3b7da96ab304a77225d5b2b2a55e54b74e4ddfdf14b9b1d853d77515b88_9febba22f08b11ef8cf6020058a9efab/2024/12/30/164700/kitt_189/_spcu_sride__state_svx__feature__flags.sst "-" - - - 317 - - "-" "-" qsEq9bDa2VyxyZ4cz0c7oBnF67VYTTij DMlPb9al4CvVBck150CgpEIIYgtSI3HC/atetNVYwPtHZffW6jfpg+BrffhbT9/B - - - - - - Yes
 b854390a51155554b82ce2759564a1135bce83133d004f4d2001f157e13985d7 flow-log-test [25/Mar/2025:19:28:02 +0000] - AmazonS3 366DB3C4B325AB11 S3.PUT.OBJECT test/special(chars*'!%)/75*75/log.txt "-" - - - 317 - - "-" "-" qsEq9bDa2VyxyZ4cz0c7oBnF67VYTTij DMlPb9al4CvVBck150CgpEIIYgtSI3HC/atetNVYwPtHZffW6jfpg+BrffhbT9/B - - - - - - Yes
-28bdbd9102b76c3da07c44e094b16b382f90f94be71626f4d9589b1309d2d7ef flow-log-test [09/Mar/2026:18:02:43 +0000] 89.160.20.156 - 366DB3C4B325AB11 REST.GET.BUCKET - "GET / HTTP/1.1" 403 AccessDenied 243 - 13 - "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/143.0.7499.4 Safari/537.36" - QdHzj6QLWVMoGDnJfussGKPweg8C0I2WgSv4z3pyYQdGPwWM4jl/0MXIVyrDVaWbPTC+kQDuxEQ= - - - test.s3.us-east-1.amazonaws.com:80 - - us-east-1
+28bdbd9102b76c3da07c44e094b16b382f90f94be71626f4d9589b1309d2d7ef flow-log-test [09/Mar/2026:18:02:43 +0000] 89.160.20.156 - 366DB3C4B325AB11 REST.GET.BUCKET - "GET / HTTP/1.1" 403 AccessDenied 243 - 13 - "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/143.0.7499.4 Safari/537.36" - QdHzj6QLWVMoGDnJfussGKPweg8C0I2WgSv4z3pyYQdGPwWM4jl/0MXIVyrDVaWbPTC+kQDuxEQ= - - - test.s3.us-east-1.amazonaws.com:80 - - us-east-1
+28bdbd9102b76c3da07c44e094b16b382f90f94be71626f4d9589b1309d2d7ef flow-log-test [18/Mar/2026:12:50:37 +0000] 89.160.20.156 49270618ecb247530e3aaca082aa98189697ac391ec1d2b8026093126e95049292c316e3211b0101b4db50037e008ae3 3F2F49V625XST8BS REST.GET.OBJECT %255B%255B...optional%255D%255D "GET /[[...optional]] HTTP/1.1" 404 NoSuchKey 286 - 31 - "-" "Amazon CloudFront" - ESUNEMajKog4Ur24BOJQfaqV2E3a+2pjCCuMZSnwjCif5oJwNK+s+Kvpf6g0g7HV0/G0LhWL1oo= SigV4 TLS_AES_128_GCM_SHA256 AuthHeader flow-log-test.s3.amazonaws.com TLSv1.3 - - -

packages/aws/data_stream/s3access/_dev/test/pipeline/test-s3-server-access.log-expected.json

@@ -1164,6 +1164,120 @@
                 },
                 "version": "143.0.7499"
             }
+        },
+        {
+            "@timestamp": "2026-03-18T12:50:37.000Z",
+            "aws": {
+                "s3access": {
+                    "authentication_type": "AuthHeader",
+                    "bucket": "flow-log-test",
+                    "bucket_owner": "28bdbd9102b76c3da07c44e094b16b382f90f94be71626f4d9589b1309d2d7ef",
+                    "bytes_sent": 286,
+                    "cipher_suite": "TLS_AES_128_GCM_SHA256",
+                    "error_code": "NoSuchKey",
+                    "host_header": "flow-log-test.s3.amazonaws.com",
+                    "host_id": "ESUNEMajKog4Ur24BOJQfaqV2E3a+2pjCCuMZSnwjCif5oJwNK+s+Kvpf6g0g7HV0/G0LhWL1oo=",
+                    "http_status": 404,
+                    "key": "%255B%255B...optional%255D%255D",
+                    "operation": "REST.GET.OBJECT",
+                    "remote_ip": "89.160.20.156",
+                    "request_id": "3F2F49V625XST8BS",
+                    "request_uri": "GET /[[...optional]] HTTP/1.1",
+                    "requester": "49270618ecb247530e3aaca082aa98189697ac391ec1d2b8026093126e95049292c316e3211b0101b4db50037e008ae3",
+                    "signature_version": "SigV4",
+                    "tls_version": "TLSv1.3",
+                    "total_time": 31,
+                    "user_agent": "Amazon CloudFront"
+                }
+            },
+            "client": {
+                "address": "89.160.20.156",
+                "geo": {
+                    "city_name": "Linköping",
+                    "continent_name": "Europe",
+                    "country_iso_code": "SE",
+                    "country_name": "Sweden",
+                    "location": {
+                        "lat": 58.4167,
+                        "lon": 15.6167
+                    },
+                    "region_iso_code": "SE-E",
+                    "region_name": "Östergötland County"
+                },
+                "ip": "89.160.20.156",
+                "user": {
+                    "id": "49270618ecb247530e3aaca082aa98189697ac391ec1d2b8026093126e95049292c316e3211b0101b4db50037e008ae3"
+                }
+            },
+            "cloud": {
+                "provider": "aws",
+                "region": "amazonaws"
+            },
+            "ecs": {
+                "version": "8.11.0"
+            },
+            "event": {
+                "action": "REST.GET.OBJECT",
+                "category": [
+                    "web"
+                ],
+                "code": "NoSuchKey",
+                "duration": 31000000,
+                "id": "3F2F49V625XST8BS",
+                "kind": "event",
+                "original": "28bdbd9102b76c3da07c44e094b16b382f90f94be71626f4d9589b1309d2d7ef flow-log-test [18/Mar/2026:12:50:37 +0000] 89.160.20.156 49270618ecb247530e3aaca082aa98189697ac391ec1d2b8026093126e95049292c316e3211b0101b4db50037e008ae3 3F2F49V625XST8BS REST.GET.OBJECT %255B%255B...optional%255D%255D \"GET /[[...optional]] HTTP/1.1\" 404 NoSuchKey 286 - 31 - \"-\" \"Amazon CloudFront\" - ESUNEMajKog4Ur24BOJQfaqV2E3a+2pjCCuMZSnwjCif5oJwNK+s+Kvpf6g0g7HV0/G0LhWL1oo= SigV4 TLS_AES_128_GCM_SHA256 AuthHeader flow-log-test.s3.amazonaws.com TLSv1.3 - - -",
+                "outcome": "failure",
+                "type": [
+                    "access"
+                ]
+            },
+            "geo": {
+                "city_name": "Linköping",
+                "continent_name": "Europe",
+                "country_iso_code": "SE",
+                "country_name": "Sweden",
+                "location": {
+                    "lat": 58.4167,
+                    "lon": 15.6167
+                },
+                "region_iso_code": "SE-E",
+                "region_name": "Östergötland County"
+            },
+            "http": {
+                "request": {
+                    "method": "GET"
+                },
+                "response": {
+                    "body": {
+                        "bytes": 286
+                    },
+                    "status_code": 404
+                },
+                "version": "1.1"
+            },
+            "related": {
+                "ip": [
+                    "89.160.20.156"
+                ],
+                "user": [
+                    "28bdbd9102b76c3da07c44e094b16b382f90f94be71626f4d9589b1309d2d7ef"
+                ]
+            },
+            "tags": [
+                "preserve_original_event"
+            ],
+            "tls": {
+                "cipher": "TLS_AES_128_GCM_SHA256",
+                "version": "1.3",
+                "version_protocol": "tls"
+            },
+            "user_agent": {
+                "device": {
+                    "name": "Other"
+                },
+                "name": "Other",
+                "original": "Amazon CloudFront"
+            }
         }
     ]
 }

packages/aws/data_stream/s3access/elasticsearch/ingest_pipeline/default.yml

@@ -75,6 +75,7 @@ processors:
       field: _temp_.url
       target_field: url
       keep_original: true
+      ignore_failure: true
       if: ctx._temp_?.url != null
   - append:
       field: related.user

packages/aws/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.4.0
 name: aws
 title: AWS
-version: 6.4.0
+version: 6.4.1
 description: Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent.
 type: integration
 categories: