New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[hi]*: ensure event.kind is correctly set for pipeline errors #6616
Conversation
hashicorp_vault, hid_bravura_monitor, imperva, infoblox_bloxone_ddi, infoblox_nios and iptables
🌐 Coverage report
|
reason for revert: the iptables package depends on journald which is failing with ``` { "log.level": "error", "@timestamp": "2023-06-20T02:59:49.371Z", "message": "Input 'journald' failed with: input.go:130: input journald-iptables.log-7d04ae60-0f16-11ee-976c-55635f4b2750 failed (id=journald-iptables.log-7d04ae60-0f16-11ee-976c-55635f4b2750)\n\tinput.go:174: failed to create reader for /run/service_logs/iptables.journal journal (path=/run/service_logs/iptables.journal): reader.go:119: failed to open journal file /run/service_logs/iptables.journal (path=/run/service_logs/iptables.journal): failed to open journals in paths [\"/run/service_logs/iptables.journal\"]: protocol not supported", "component": { "binary": "filebeat", "dataset": "elastic_agent.filebeat", "id": "journald-default", "type": "journald" }, "log": { "source": "journald-default" }, "id": "journald-iptables.log-7d04ae60-0f16-11ee-976c-55635f4b2750", "ecs.version": "1.6.0", "log.logger": "input.journald", "log.origin": { "file.line": 131, "file.name": "compat/compat.go" }, "service.name": "filebeat" } ```
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
Package iptables - 1.9.0 containing this change is available at https://epr.elastic.co/search?package=iptables |
Package hashicorp_vault - 1.12.0 containing this change is available at https://epr.elastic.co/search?package=hashicorp_vault |
Package hid_bravura_monitor - 1.8.0 containing this change is available at https://epr.elastic.co/search?package=hid_bravura_monitor |
Package imperva - 0.16.0 containing this change is available at https://epr.elastic.co/search?package=imperva |
Package infoblox_bloxone_ddi - 1.5.0 containing this change is available at https://epr.elastic.co/search?package=infoblox_bloxone_ddi |
Package infoblox_nios - 1.9.0 containing this change is available at https://epr.elastic.co/search?package=infoblox_nios |
What does this PR do?
Modify hashicorp_vault, hid_bravura_monitor, imperva, infoblox_bloxone_ddi and infoblox_nios to correctly set
event.kind
for pipeline errors and ensureerror.message
is an array.iptables was included but upstream failures block testing so it is omitted.
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots