fix duplicate processors, tags

taylor-swanson · taylor-swanson · commit 65a342e29fc1 · 2025-10-06T11:56:18.000-05:00
diff --git a/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/default.yml
@@ -84,7 +84,7 @@ processors:
       tag: set_3a851ed4
   - date:
       field: temp.timestamp
-      tag: 'date_set_timestamp'
+      tag: 'date_set_timestamp_tz'
       timezone: '{{{event.timezone}}}'
       if: ctx.temp?.timestamp != null && ctx.temp.timestamp != '' && ctx.event?.timezone != null
       formats:
@@ -175,7 +175,7 @@ processors:
       tag: 'script_for_set_log.syslog.severity.code_log.syslog.facility.code'
       if: ctx.log?.level != null && ctx.log.level != '' && ctx.log.syslog?.priority != null && ctx.log.syslog.priority != ''
       lang: painless
-      source: |-
+      source: |
         ArrayList severities = new ArrayList(['emergency','alert','critical','error','warning','notice','information','debug']);
         HashMap sevrityMap = new HashMap();
         HashMap facilityMap = new HashMap();
@@ -267,7 +267,7 @@ processors:
       tag: remove_779d3744
   - script:
       lang: painless
-      source: |-
+      source: |
         boolean drop(Object o) {
           if (o == null || o == '') {
             return true;
diff --git a/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/pipeline_mail.yml b/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/pipeline_mail.yml
@@ -31,24 +31,6 @@ processors:
       value: 'end'
       if: ctx.fortinet_fortimail?.log?.sub_type == 'webmail'
       tag: append_2ff73bea
-  - append:
-      field: fortinet_fortimail.log.user
-      value: '{{{temp.user}}}'
-      allow_duplicates: false
-      if: ctx.temp?.user != null
-      tag: append_2f9ddf13
-  - append:
-      field: user.name
-      value: '{{{temp.user}}}'
-      allow_duplicates: false
-      if: ctx.temp?.user != null
-      tag: append_9b60aa7f
-  - append:
-      field: related.user
-      value: '{{{temp.user}}}'
-      allow_duplicates: false
-      if: ctx.temp?.user != null
-      tag: append_4554486f
   - grok:
       field: message
       if: ctx.fortinet_fortimail?.log?.sub_type == 'webmail'
diff --git a/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/pipeline_system.yml b/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/pipeline_system.yml
@@ -77,24 +77,6 @@ processors:
       if: (ctx.fortinet_fortimail?.log?.sub_type == 'system' && ctx.fortinet_fortimail.log.message.toLowerCase().contains('change')) || (ctx.fortinet_fortimail?.log?.sub_type == 'update' && ctx.fortinet_fortimail.log.message.toLowerCase().contains('update'))
       override: true
       tag: set_c5fda874
-  - append:
-      field: fortinet_fortimail.log.user
-      value: '{{{temp.user}}}'
-      allow_duplicates: false
-      if: ctx.temp?.user != null
-      tag: append_2f9ddf13
-  - append:
-      field: user.name
-      value: '{{{temp.user}}}'
-      allow_duplicates: false
-      if: ctx.temp?.user != null
-      tag: append_9b60aa7f
-  - append:
-      field: related.user
-      value: '{{{temp.user}}}'
-      allow_duplicates: false
-      if: ctx.temp?.user != null
-      tag: append_4554486f
   - grok:
       field: message
       ignore_missing: true
