Fix bug in Third Party REST API ingest pipeline #1201
Conversation
| Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
leehinman force-pushed the 1146_splunk_pipeline branch from 2a8af38 to 2d1dcf5 Compare 💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪 |
P1llus left a comment
P1llus left a comment There was a problem hiding this comment.
LGTM, thanks a lot for this work, it cleans up some of the technical debt from my earlier changes.
Initially this was planned once a package could share pipelines, but I think it was good to do it already now!
There was a problem hiding this comment.
Just a general question, I am quite sure that set always correctly overwrites fields right? Since event.original is already set at this point?
There was a problem hiding this comment.
Correct, set overwrites any previous value
- Apache - Zeek - Nginx - CloudTrail - move third party api processing to separate pipeline - convert rename to set so value can be overwritten Fixes elastic#1146
leehinman force-pushed the 1146_splunk_pipeline branch from 2d1dcf5 to b05f9c4 Compare 4 participants
What does this PR do?
Fixes bug in Third Party REST API ingest pipelines where a rename of
host.name would fail because it was already set. Also moves third
party api processing to a separate pipeline.
Checklist
changelog.ymlfile.- [ ] If I'm introducing a new feature, I have modified the Kibana version constraint in my package'smanifest.ymlfile to point to the latest Elastic stack release (e.g.^7.13.0).How to test this PR locally
need to install Splunk & ingest data into that, then configure these
integrations. Bug isn't visible with pipeline tests.
Related issues