elastic · zmoog · Nov 21, 2023 · Nov 9, 2023 · Nov 9, 2023 · Nov 9, 2023
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.31.2"
+  changes:
+    - description: Fix pipeline error parsing DNS logs with empty rdata field.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/8447
 - version: "2.31.1"
   changes:
     - description: Add Cloud Run docs and fix policy template name to allow adding Cloud Run logs to the policy.

@@ -0,0 +1 @@
+{"insertId":"1f28uoif27xwp0","jsonPayload":{"authAnswer":false,"protocol":"UDP","queryName":"api.eu-1.crowdstrike.","queryType":"A","rdata":"","responseCode":"NXDOMAIN","serverLatency":2,"sourceNetwork":"security-operations-network"},"logName":"projects/YYY/logs/dns.googleapis.com%2Fdns_queries","receiveTimestamp":"2023-11-09T12:25:20.853671182Z","resource":{"labels":{"location":"europe-west1","project_id":"YYY","source_type":"gce-vm","target_name":"","target_type":"external"},"type":"dns_query"},"severity":"NOTICE","timestamp":"2023-11-09T12:25:19.911990487Z"}
@@ -0,0 +1,62 @@
+{
+    "expected": [
+        {
+            "@timestamp": "2023-11-09T12:25:19.911Z",
+            "cloud": {
+                "project": {
+                    "id": "YYY"
+                },
+                "provider": "gcp",
+                "region": "europe-west1"
+            },
+            "dns": {
+                "question": {
+                    "name": "api.eu-1.crowdstrike",
+                    "type": "A"
+                },
+                "response_code": "NXDOMAIN"
+            },
+            "ecs": {
+                "version": "8.8.0"
+            },
+            "event": {
+                "action": "dns-query",
+                "category": "network",
+                "id": "1f28uoif27xwp0",
+                "kind": "event",
+                "original": "{\"insertId\":\"1f28uoif27xwp0\",\"jsonPayload\":{\"authAnswer\":false,\"protocol\":\"UDP\",\"queryName\":\"api.eu-1.crowdstrike.\",\"queryType\":\"A\",\"rdata\":\"\",\"responseCode\":\"NXDOMAIN\",\"serverLatency\":2,\"sourceNetwork\":\"security-operations-network\"},\"logName\":\"projects/YYY/logs/dns.googleapis.com%2Fdns_queries\",\"receiveTimestamp\":\"2023-11-09T12:25:20.853671182Z\",\"resource\":{\"labels\":{\"location\":\"europe-west1\",\"project_id\":\"YYY\",\"source_type\":\"gce-vm\",\"target_name\":\"\",\"target_type\":\"external\"},\"type\":\"dns_query\"},\"severity\":\"NOTICE\",\"timestamp\":\"2023-11-09T12:25:19.911990487Z\"}",
+                "outcome": "failure"
+            },
+            "gcp": {
+                "dns": {
+                    "auth_answer": false,
+                    "protocol": "UDP",
+                    "query_name": "api.eu-1.crowdstrike.",
+                    "query_type": "A",
+                    "response_code": "NXDOMAIN",
+                    "server_latency": 2,
+                    "source_network": "security-operations-network",
+                    "source_type": "gce-vm",
+                    "target_type": "external"
+                }
+            },
+            "log": {
+                "level": "NOTICE",
+                "logger": "projects/YYY/logs/dns.googleapis.com%2Fdns_queries"
+            },
+            "network": {
+                "iana_number": "17",
+                "protocol": "dns",
+                "transport": "udp"
+            },
+            "related": {
+                "hosts": [
+                    "api.eu-1.crowdstrike"
+                ]
+            },
+            "tags": [
+                "preserve_original_event"
+            ]
+        }
+    ]
+}
@@ -129,7 +129,7 @@ processors:
       ignore_failure: true
 ### Internal DNS query parsing
   - script:
-      if: ctx?.gcp?.dns?.rdata != null
+      if: ctx.gcp?.dns?.rdata != null && ctx.gcp.dns.rdata != ""
       lang: painless
       tag: Process DNS RData
       description: This script processes the DNS RData into `dns.answers`.

@@ -1,6 +1,6 @@
 name: gcp
 title: Google Cloud Platform
-version: "2.31.1"
+version: "2.31.2"
 description: Collect logs and metrics from Google Cloud Platform with Elastic Agent.
 type: integration
 icons: