elastic
diff --git a/‎packages/zeek/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/zeek/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 17 additions & 1 deletion b/‎packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 17 additions & 1 deletion
diff --git a/‎packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/third-party.yml‎
Lines changed: 10 additions & 4 deletions b/‎packages/zeek/data_stream/capture_loss/elasticsearch/ingest_pipeline/third-party.yml‎
Lines changed: 10 additions & 4 deletions
diff --git a/‎packages/zeek/data_stream/capture_loss/manifest.yml‎
Lines changed: 0 additions & 1 deletion b/‎packages/zeek/data_stream/capture_loss/manifest.yml‎
Lines changed: 0 additions & 1 deletion
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "3.0.3"
+  changes:
+    - description: Generate processor tags and normalize error handler.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15721
 - version: "3.0.2"
   changes:
     - description: Remove unused agent files.
 
@@ -2,45 +2,57 @@
 description: Pipeline for normalizing Zeek capture_loss.log
 processors:
   - rename:
+      tag: rename_message_to_event_original_56a77271
       field: message
       target_field: event.original
       ignore_missing: true
       if: ctx.event?.original == null
   - json:
+      tag: json_event_original_to__temp__7408cf8c
       field: event.original
       target_field: _temp_
   - pipeline:
+      tag: pipeline_c69a6660
       if: ctx?._temp_?.result != null
       name: '{{ IngestPipeline "third-party" }}'
   - drop:
+      tag: drop_c70c3de1
       description: Drop if no timestamp (invalid json)
       if: 'ctx?._temp_?.ts == null'
   - rename:
+      tag: rename__temp__to_zeek_capture_loss_62ef1b3a
       target_field: zeek.capture_loss
       field: _temp_
       # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down
   - set:
+      tag: set_event_created_e3f09e3b
       field: event.created
       copy_from: "@timestamp"
   - set:
+      tag: set_ecs_version_f5923549
       field: ecs.version
       value: '8.17.0'
   - date:
+      tag: date_zeek_capture_loss_ts_aa14509f
       field: zeek.capture_loss.ts
       formats:
         - UNIX
         - ISO8601
   - set:
+      tag: set_event_kind_495d69f0
       field: event.kind
       value: metric
   - set:
+      tag: set_event_type_ec95f7f2
       field: event.type
       value: [info]
   - convert:
+      tag: convert_zeek_percent_lost_b0ba2ad8
       field: zeek.percent_lost
       type: long
       ignore_missing: true
   - remove:
+      tag: remove_73e0896e
       field:
         - zeek.capture_loss.ts
       ignore_missing: true
@@ -50,4 +62,8 @@ on_failure:
       value: pipeline_error
   - append:
       field: error.message
-      value: '{{{ _ingest.on_failure_message }}}'
+      value: >-
+        Processor '{{{ _ingest.on_failure_processor_type }}}'
+        {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
+        {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
+        failed with message '{{{ _ingest.on_failure_message }}}'
@@ -2,6 +2,7 @@
 description: Pipeline for parsing Zeek logs from third party api
 processors:
   - fingerprint:
+      tag: fingerprint_8e6b679f
       fields:
         - _temp_.result._cd
         - _temp_.result._indextime
@@ -12,21 +13,26 @@ processors:
       target_field: '_id'
       ignore_missing: true
   - set:
+      tag: set_event_original_5bbfe67e
       field: event.original
       copy_from: _temp_.result._raw
       ignore_empty_value: true
   - set:
+      tag: set_host_name_d99bf8df
       field: host.name
       copy_from: _temp_.result.host
       ignore_empty_value: true
   - set:
+      tag: set_log_file_path_76cd6132
       copy_from: _temp_.result.source
       field: log.file.path
       ignore_empty_value: true
   - remove:
+      tag: remove__temp__fc21405e
       field: _temp_
       ignore_missing: true
   - json:
+      tag: json_event_original_to__temp__7408cf8c
       field: event.original
       target_field: _temp_
 on_failure:
@@ -36,7 +42,7 @@ on_failure:
   - append:
       field: error.message
       value: >-
-        error in third party api pipeline:
-        error in [{{{_ingest.on_failure_processor_type}}}] processor{{{#_ingest.on_failure_processor_tag}}}
-        with tag [{{{_ingest.on_failure_processor_tag }}}]{{{/_ingest.on_failure_processor_tag}}}
-        {{{ _ingest.on_failure_message }}}
+        Processor '{{{ _ingest.on_failure_processor_type }}}'
+        {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
+        {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
+        failed with message '{{{ _ingest.on_failure_message }}}'
@@ -40,4 +40,3 @@ streams:
     template_path: log.yml.hbs
     title: Zeek capture_loss.log
     description: Collect Zeek capture_loss logs
-