Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

sailpoint_identity_sc: pass events as serialised json strings#15359

Merged
efd6 merged 4 commits intoelastic:mainfrom
efd6:s6425-sailpoint_identity_sc
Sep 17, 2025
Merged

sailpoint_identity_sc: pass events as serialised json strings#15359
efd6 merged 4 commits intoelastic:mainfrom
efd6:s6425-sailpoint_identity_sc

Conversation

@efd6
Copy link
Contributor

@efd6efd6 commentedSep 16, 2025
edited
Loading

Proposed commit message

sailpoint_identity_sc: pass events as serialised json stringsThis makes it possible to users who are passing events through logstashto use the agent.Also improve agent request, and ingest pipeline error handling.

Checklist

  • I have reviewedtips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package'schangelog.yml file.
  • I have verified that Kibana version constraints are current according toguidelines.
  • I have verified that any added dashboard complies with Kibana'sDashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6efd6 self-assigned thisSep 16, 2025
@efd6efd6 added enhancementNew feature or request Team:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations] Integration:sailpoint_identity_scSailpoint Identity Security Cloud labelsSep 16, 2025
This makes it possible to users who are passing events through logstashto use the agent.Also improve ingest pipeline error handling.
@efd6efd6force-pushed thes6425-sailpoint_identity_sc branch from22188dc tocb71252CompareSeptember 16, 2025 22:03
@elastic-vault-github-plugin-prod

🚀 Benchmarks report

To see the full report comment with/test benchmark fullreport

@efd6efd6 marked this pull request as ready for reviewSeptember 16, 2025 23:25
@efd6efd6 requested a review froma team as acode ownerSeptember 16, 2025 23:25
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

- set:
field: ecs.version
value: "8.11.0"

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Should we add in theterminate processor now too while doing this clean up?

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I thought about that and the CEL does not gracefully handle non-200 status codes. I'll add that too.

Comment on lines +8 to +16
- remove:
field: message
ignore_missing: true
if: ctx.event?.original != null
- rename:
field: message
target_field: event.original
ignore_missing: true
if: ctx.event?.original == null
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Would this logic be unnecessary if the CEL program were made to populate onlyevent.original?

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Considering the context of the bug that this is fixing, that could be a breaking change (it's not for the op of the issue, but it could be for someone else with a similar data flow).

@efd6efd6force-pushed thes6425-sailpoint_identity_sc branch fromdc09c1b tof83e863CompareSeptember 17, 2025 01:31
@elasticmachine
Copy link

💚 Build Succeeded

History

cc@efd6

@elastic-sonarqube
Copy link

Quality Gate failedQuality Gate failed

Failed conditions
25.6% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

@efd6efd6 merged commit27a870e intoelastic:mainSep 17, 2025
8 of 9 checks passed
@elastic-vault-github-plugin-prod

Package sailpoint_identity_sc - 1.2.0 containing this change is available athttps://epr.elastic.co/package/sailpoint_identity_sc/1.2.0/

robester0403 pushed a commit to robester0403/integrations that referenced this pull requestSep 17, 2025
…c#15359)This makes it possible to users who are passing events through logstashto use the agent.Also improve agent request, and ingest pipeline error handling.
tehbooom pushed a commit to tehbooom/integrations that referenced this pull requestNov 19, 2025
…c#15359)This makes it possible to users who are passing events through logstashto use the agent.Also improve agent request, and ingest pipeline error handling.
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@andrewkrohandrewkrohandrewkroh approved these changes

Assignees

@efd6efd6

Labels

enhancementNew feature or requestIntegration:sailpoint_identity_scSailpoint Identity Security CloudTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@efd6@elasticmachine@andrewkroh

Comments


[8]ページ先頭

©2009-2026 Movatter.jp