Skip to content

[watchguard_firebox] Generate processor tags and normalize error handler #15720

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 24, 2025
+231 −22
Merged

[watchguard_firebox] Generate processor tags and normalize error handler #15720

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
07ab321
[watchguard_firebox] Generate processor tags and normalize error handler
taylor-swanson Oct 22, 2025
8d0e36b
changelog
taylor-swanson Oct 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions packages/watchguard_firebox/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.4.2"
changes:
- description: Generate processor tags and normalize error handler.
type: enhancement
link: https://github.com/elastic/integrations/pull/15720
- version: "1.4.1"
changes:
- description: Changed owners.
Expand Down
14 changes: 12 additions & 2 deletions packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ processors:
- MMM d HH:mm:ss
on_failure:
- append:
tag: append_error_message_b0297dd5
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- set:
Expand All @@ -92,6 +93,7 @@ processors:
- ISO8601
on_failure:
- append:
tag: append_error_message_fd3ea189
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- dissect:
Expand All @@ -101,6 +103,7 @@ processors:
pattern: 'msg_id="%{watchguard_firebox.log.msg_id}" %{watchguard_firebox.log.body}'
ignore_failure: true
- set:
tag: set_message_7d799e76
field: message
if: ctx.watchguard_firebox?.log?.msg_id == null
copy_from: watchguard_firebox.log.body
Expand Down Expand Up @@ -4643,6 +4646,7 @@ processors:
tag: pipeline_alarm
on_failure:
- append:
tag: append_error_message_605bff8e
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- pipeline:
Expand All @@ -4651,6 +4655,7 @@ processors:
tag: pipeline_event
on_failure:
- append:
tag: append_error_message_a3d465c5
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- pipeline:
Expand All @@ -4659,6 +4664,7 @@ processors:
tag: pipeline_diagnostic
on_failure:
- append:
tag: append_error_message_4a3507d8
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- pipeline:
Expand All @@ -4667,6 +4673,7 @@ processors:
tag: pipeline_traffic
on_failure:
- append:
tag: append_error_message_f41bb89e
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- remove:
Expand Down Expand Up @@ -4708,8 +4715,11 @@ processors:
on_failure:
- append:
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
value: >-
Processor '{{{ _ingest.on_failure_processor_type }}}'
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- set:
field: event.kind
tag: set_pipeline_error_to_event_kind
value: pipeline_error
24 changes: 23 additions & 1 deletion packages/watchguard_firebox/data_stream/log/elasticsearch/ingest_pipeline/pipeline_alarm.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,10 @@ processors:
ignore_missing: true
on_failure:
- remove:
tag: remove_watchguard_firebox_log_current_connection_2649fa10
field: watchguard_firebox.log.current_connection
- append:
tag: append_error_message_e81abeee
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- convert:
Expand All @@ -94,8 +96,10 @@ processors:
ignore_missing: true
on_failure:
- remove:
tag: remove_watchguard_firebox_log_limit_839e53b5
field: watchguard_firebox.log.limit
- append:
tag: append_error_message_ff17b824
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- convert:
Expand All @@ -107,8 +111,10 @@ processors:
if: ctx.watchguard_firebox?.log?.source_ip != ''
on_failure:
- remove:
tag: remove_watchguard_firebox_log_source_ip_370728c9
field: watchguard_firebox.log.source_ip
- append:
tag: append_error_message_16b096e2
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- convert:
Expand All @@ -119,8 +125,10 @@ processors:
ignore_missing: true
on_failure:
- remove:
tag: remove_watchguard_firebox_log_packets_count_e0db6e9e
field: watchguard_firebox.log.packets_count
- append:
tag: append_error_message_fe0e7cf3
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- convert:
Expand All @@ -132,8 +140,10 @@ processors:
if: ctx.watchguard_firebox?.log?.destination_ip != ''
on_failure:
- remove:
tag: remove_watchguard_firebox_log_destination_ip_feafb71d
field: watchguard_firebox.log.destination_ip
- append:
tag: append_error_message_09c68349
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- convert:
Expand All @@ -144,8 +154,10 @@ processors:
ignore_missing: true
on_failure:
- remove:
tag: remove_watchguard_firebox_log_source_port_ec827b49
field: watchguard_firebox.log.source_port
- append:
tag: append_error_message_5fa3c2ac
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- convert:
Expand All @@ -156,8 +168,10 @@ processors:
ignore_missing: true
on_failure:
- remove:
tag: remove_watchguard_firebox_log_destination_port_4b15ad84
field: watchguard_firebox.log.destination_port
- append:
tag: append_error_message_288a44be
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- convert:
Expand All @@ -168,8 +182,10 @@ processors:
ignore_missing: true
on_failure:
- remove:
tag: remove_watchguard_firebox_log_current_session_87d38cdc
field: watchguard_firebox.log.current_session
- append:
tag: append_error_message_1b1ca630
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- convert:
Expand All @@ -180,8 +196,10 @@ processors:
ignore_missing: true
on_failure:
- remove:
tag: remove_watchguard_firebox_log_port_c033485b
field: watchguard_firebox.log.port
- append:
tag: append_error_message_a4d483ee
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'

Expand Down Expand Up @@ -248,7 +266,11 @@ processors:
on_failure:
- append:
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
value: >-
Processor '{{{ _ingest.on_failure_processor_type }}}'
{{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
{{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
failed with message '{{{ _ingest.on_failure_message }}}'
- set:
field: event.kind
value: pipeline_error
Loading