[AWS] Drop header log line in CloudFront events

packages/aws/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.29.1"
+ changes:
+ - description: Drop comments from CloudFront loglines
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/5017
 - version: "1.29.0"
  changes:
  - description: Add data_granularity parameter and rename period title to Collection Period.

packages/aws/data_stream/cloudfront_logs/_dev/test/pipeline/test-cloudfront.log

@@ -1,3 +1,5 @@
+#Version: 1.0
+#Fields: date time x-edge-location sc-bytes c-ip cs-method cs(Host) cs-uri-stem sc-status cs(Referer) cs(User-Agent) cs-uri-query cs(Cookie) x-edge-result-type x-edge-request-id x-host-header cs-protocol cs-bytes time-taken x-forwarded-for ssl-protocol ssl-cipher x-edge-response-result-type cs-protocol-version fle-status fle-encrypted-fields c-port time-to-first-byte x-edge-detailed-result-type sc-content-type sc-content-len sc-range-start sc-range-end
 2019-12-04	21:02:31	LAX1	392	89.160.20.112	GET	d111111abcdef8.cloudfront.net	/index.html	200	-	Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/78.0.3904.108%20Safari/537.36	-	-	Hit	SOX4xwn4XV6Q4rgb7XiVGOHms_BGlTAC4KyHmureZmBNrjGdRLiNIQ==	d111111abcdef8.cloudfront.net	https	23	0.001	-	TLSv1.2	ECDHE-RSA-AES128-GCM-SHA256	Hit	HTTP/2.0	-	-	11040	0.001	Hit	text/html	78	-	-
 2019-12-04	21:02:31	LAX1	392	2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6	GET	d111111abcdef8.cloudfront.net	/index.html	200	-	Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/78.0.3904.108%20Safari/537.36	-	-	Hit	k6WGMNkEzR5BEM_SaF47gjtX9zBDO2m349OY2an0QPEaUum1ZOLrow==	d111111abcdef8.cloudfront.net	https	23	0.000	-	TLSv1.2	ECDHE-RSA-AES128-GCM-SHA256	Hit	HTTP/2.0	-	-	11040	0.000	Hit	text/html	78	-	-
 2019-12-04	21:02:31	LAX1	392	89.160.20.112	GET	d111111abcdef8.cloudfront.net	/index.html	200	-	Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/78.0.3904.108%20Safari/537.36	-	-	Hit	f37nTMVvnKvV2ZSvEsivup_c2kZ7VXzYdjC-GUQZ5qNs-89BlWazbw==	d111111abcdef8.cloudfront.net	https	23	0.001	-	TLSv1.2	ECDHE-RSA-AES128-GCM-SHA256	Hit	HTTP/2.0	-	-	11040	0.001	Hit	text/html	78	-	-

packages/aws/data_stream/cloudfront_logs/_dev/test/pipeline/test-cloudfront.log-expected.json

@@ -1,5 +1,7 @@
 {
  "expected": [
+ null,
+ null,
  {
  "@timestamp": "2019-12-04T21:02:31.000Z",
  "aws": {

packages/aws/data_stream/cloudfront_logs/elasticsearch/ingest_pipeline/default.yml

@@ -28,6 +28,9 @@ processors:
  ignore_missing: true
  if: 'ctx.event?.original != null'
  description: 'The `message` field is no longer required if the document has an `event.original` field.'
+ - drop: 
+ if: "ctx.event.original.startsWith('#')"
+ description: "Drop if logline contains header(s), which startswith `#`"
  - grok:
  field: event.original
  patterns:

packages/aws/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: aws
 title: AWS
-version: 1.29.0
+version: 1.29.1
 license: basic
 description: Collect logs and metrics from Amazon Web Services with Elastic Agent.
 type: integration