wiz: fix input error handling in ingest pipeline#10318
Conversation
Also add redact.fields entry to suppress redaction warning.
🚀 Benchmarks reportTo see the full report comment with |
💚 Build Succeeded
cc @efd6 |
|
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
kcreddy
left a comment
There was a problem hiding this comment.
Just minor clarification.
The change LGTM 👍🏼
| - fail: | ||
| if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null | ||
| message: error message set and no data to process | ||
| - set: | ||
| field: ecs.version | ||
| tag: set_ecs_version | ||
| value: '8.11.0' | ||
| - fail: | ||
| tag: cel_failure | ||
| if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null | ||
| message: error message set and no data to process |
There was a problem hiding this comment.
May I know what this change intends to do? Just trying to get some context for moving this processor.
There was a problem hiding this comment.
I think we should always have the ecs version in an ingested document. This is incidental to the main focus of the change, but fixes this single data stream where I had not made the change in the previous PR (note that the other two data streams are already in this state).
|
Package wiz - 1.3.1 containing this change is available at https://epr.elastic.co/search?package=wiz |
Proposed commit message
Also add redact.fields entry to suppress redaction warning.
Manually checked behaviour by changing 200 status codes in system test deployment to 401. Correct behaviour observed.
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Related issues
Screenshots