cisco_meraki,zscalar_zpa: fix field mappings and definitions

packages/cisco_meraki/changelog.yml

@@ -1,7 +1,12 @@
 # newer versions go on top
+- version: "1.17.1"
+ changes:
+ - description: Add missing `client.as.*` field definitions.
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/8341
 - version: "1.17.0"
  changes:
- - description: Improve 'event.original' check to avoid errors if set.
+ - description: Improve `event.original` check to avoid errors if set.
  type: enhancement
  link: https://github.com/elastic/integrations/pull/8269
 - version: 1.16.1

packages/cisco_meraki/data_stream/log/fields/ecs.yml

@@ -1,5 +1,9 @@
 - external: ecs
  name: '@timestamp'
+- external: ecs
+ name: client.as.number
+- external: ecs
+ name: client.as.organization.name
 - external: ecs
  name: client.ip
 - external: ecs

packages/cisco_meraki/docs/README.md

@@ -92,6 +92,9 @@ The `cisco_meraki.log` dataset provides events from the configured syslog server
 | cisco_meraki.vap | | keyword |
 | cisco_meraki.wpa_auth | | flattened |
 | cisco_meraki.wpa_deauth | | flattened |
+| client.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long |
+| client.as.organization.name | Organization name. | keyword |
+| client.as.organization.name.text | Multi-field of `client.as.organization.name`. | match_only_text |
 | client.domain | The domain name of the client system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword |
 | client.geo.city_name | City name. | keyword |
 | client.geo.continent_name | Name of the continent. | keyword |

packages/cisco_meraki/manifest.yml

@@ -1,7 +1,7 @@
 format_version: "3.0.0"
 name: cisco_meraki
 title: Cisco Meraki
-version: "1.17.0"
+version: "1.17.1"
 description: Collect logs from Cisco Meraki with Elastic Agent.
 type: integration
 categories:

packages/zscaler_zpa/changelog.yml

@@ -1,7 +1,12 @@
 # newer versions go on top
+- version: "1.15.1"
+ changes:
+ - description: Fix `client.as.*` field mapping.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/8341
 - version: "1.15.0"
  changes:
- - description: Improve 'event.original' check to avoid errors if set.
+ - description: Improve `event.original` check to avoid errors if set.
  type: enhancement
  link: https://github.com/elastic/integrations/pull/8269
 - version: 1.14.0

packages/zscaler_zpa/data_stream/browser_access/elasticsearch/ingest_pipeline/default.yml

@@ -72,6 +72,14 @@ processors:
  - append:
  field: error.message
  value: '{{{_ingest.on_failure_message}}}'
+ - rename:
+ field: client.as.asn
+ target_field: client.as.number
+ ignore_missing: true
+ - rename:
+ field: client.as.organization_name
+ target_field: client.as.organization.name
+ ignore_missing: true
  - append:
  field: related.ip
  value: '{{{client.ip}}}'

packages/zscaler_zpa/manifest.yml

@@ -1,7 +1,7 @@
 format_version: "3.0.0"
 name: zscaler_zpa
 title: Zscaler Private Access
-version: "1.15.0"
+version: "1.15.1"
 source:
  license: Elastic-2.0
 description: Collect logs from Zscaler Private Access (ZPA) with Elastic Agent.