[cisco_nexus] Generate processor tags and normalize error handler

taylor-swanson · taylor-swanson · commit 900865febf7f · 2025-10-21T15:29:26.000-05:00
- Generate tags for processors missing tags
- Normalize the pipeline error handler
diff --git a/packages/cisco_nexus/changelog.yml b/packages/cisco_nexus/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.4.4"
+  changes:
+    - description: Generate processor tags and normalize error handler.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15533
 - version: "1.4.3"
   changes:
     - description: Fix whitespace issue with grok pattern.
diff --git a/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml
@@ -51,6 +51,7 @@ processors:
         - "^%{NEXUS_TIMESTAMP:temp.timestamp}%{SPACE}(%{IP:cisco_nexus.log.ip_address}|%{NOTSPACE:cisco_nexus.log.switch_name})%{SPACE}%{NEXUS_BODY}$"
       on_failure:
         - append:
+            tag: append_error_message_6a5a74a1
             field: error.message
             value: "Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}"
   # If a timezone is present from the vendor, we will check if it matches an entry in the tz_map to convert it.
@@ -119,6 +120,7 @@ processors:
         - MMM d HH:mm:ss.SSS
       on_failure:
         - append:
+            tag: append_error_message_ebfd3d8f
             field: error.message
             value: "Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}"
   # Sets the @timestamp field when a timezone exists or has been set by tz_offset.
@@ -148,6 +150,7 @@ processors:
         - MMM d HH:mm:ss.SSS
       on_failure:
         - append:
+            tag: append_error_message_39d81770
             field: error.message
             value: "Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}"
   # To parse the syslog timestamp into the correct format when event.timezone is set
@@ -166,6 +169,7 @@ processors:
         - MMM d HH:mm:ss.SSS
       on_failure:
         - append:
+            tag: append_error_message_8eb784d7
             field: error.message
             value: "Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}"
   # To parse the syslog timestamp into the correct format when event.timezone is not set
@@ -183,6 +187,7 @@ processors:
         - MMM d HH:mm:ss.SSS
       on_failure:
         - append:
+            tag: append_error_message_6e22be52
             field: error.message
             value: "Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}"
 
@@ -269,6 +274,7 @@ processors:
         }
       on_failure:
         - append:
+            tag: append_error_message_aae2588f
             field: error.message
             value: "Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}"
   - script:
@@ -281,6 +287,7 @@ processors:
         ctx.log.syslog.facility.code = (ctx.cisco_nexus.log.priority_number - ctx.event.severity)/8;
       on_failure:
         - append:
+            tag: append_error_message_000f13b5
             field: error.message
             value: "Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}"
   - trim:
@@ -346,7 +353,11 @@ processors:
 on_failure:
   - append:
       field: error.message
-      value: "Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}"
+      value: >-
+        Processor '{{{ _ingest.on_failure_processor_type }}}'
+        {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
+        {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
+        failed with message '{{{ _ingest.on_failure_message }}}'
   - set:
       field: event.kind
       value: pipeline_error
diff --git a/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/pipeline_extract_message.yml b/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/pipeline_extract_message.yml
@@ -1,6 +1,7 @@
 ---
 processors:
   - grok:
+      tag: grok_message_229845cb
       description: Extract IF_DOWN_ADMIN_DOWN, IF_ADMIN_UP, SPEED, IF_DUPLEX, IF_RX_FLOW_CONTROL, IF_TX_FLOW_CONTROL, IF_UP, IF_XCVR_WARNING MNEMONIC.
       field: message
       if: "['IF_DOWN_ADMIN_DOWN','IF_ADMIN_UP','SPEED','IF_DUPLEX','IF_RX_FLOW_CONTROL','IF_TX_FLOW_CONTROL','IF_UP','IF_XCVR_WARNING'].contains(ctx.event?.code.toUpperCase())"
@@ -14,6 +15,7 @@ processors:
         - '^(?:%{GREEDYDATA}%{SPACE}(?i)interface)%{SPACE}%{DATA:cisco_nexus.log.interface.name}, %{GREEDYDATA}$'
       ignore_failure: true
   - grok:
+      tag: grok_message_2528203a
       description: Extract VSHD_SYSLOG_CONFIG_I, DETECT_MULTIPLE_PEERS, UPDOWN, CFGWRITE_STARTED, LINEPROTO MNEMONIC.
       field: message
       if: "['VSHD_SYSLOG_CONFIG_I','DETECT_MULTIPLE_PEERS','UPDOWN','CFGWRITE_STARTED','LINEPROTO'].contains(ctx.event?.code.toUpperCase())"
@@ -25,6 +27,7 @@ processors:
         - '^%{DATA}(PID %{NUMBER:process.pid:long})%{GREEDYDATA}$'
       ignore_failure: true
   - grok:
+      tag: grok_message_3172da53
       description: Extract SYSTEM_MSG MNEMONIC.
       field: message
       if: "['SYSTEM_MSG'].contains(ctx.event?.code.toUpperCase())"
@@ -36,6 +39,7 @@ processors:
         - '^%{DATA} : %{GREEDYDATA:temp.message2}$'
       ignore_failure: true
   - grok:
+      tag: grok_message_f92a0857
       description: Extract INVAL_IP, L2FM_MAC_MOVE2, DUPLEX_MISMATCH, NATIVE_VLAN_MISMATCH, THRESHOLD_VIOLATION MNEMONIC.
       field: message
       if: "['INVAL_IP','L2FM_MAC_MOVE2','DUPLEX_MISMATCH','NATIVE_VLAN_MISMATCH','THRESHOLD_VIOLATION'].contains(ctx.event?.code.toUpperCase())"
@@ -46,6 +50,7 @@ processors:
         - '^%{DATA:cisco_nexus.log.interface.name}: Rx power high warning; Operating value: %{DATA:cisco_nexus.log.operating_value}, Threshold value: %{DATA:cisco_nexus.log.threshold_value}.$'
       ignore_failure: true
   - grok:
+      tag: grok_message_a1e9a4a1
       description: Extract LOGIN_SUCCESS, LOGOUT,LOGOUT_C6K MNEMONIC.
       field: message
       if: "['LOGIN_SUCCESS','LOGOUT','LOGOUT_C6K'].contains(ctx.event?.code.toUpperCase())"
@@ -61,6 +66,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_8428fc3c
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - gsub:
@@ -71,20 +77,23 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_660fea7e
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - uppercase:
       field: source.mac
       ignore_missing: true
       tag: 'uppercase_source_mac'
   - kv:
+      tag: kv_temp_message_to_temp_af9c5b5f
       field: temp.message
       target_field: temp
       field_split: '\s+'
       value_split: '='
       ignore_missing: true
       ignore_failure: true
   - kv:
+      tag: kv_temp_message2_to_temp_d53f7654
       field: temp.message2
       target_field: temp
       field_split: ' ; '
@@ -208,4 +217,8 @@ on_failure:
       value: pipeline_error
   - append:
       field: error.message
-      value: '{{{ _ingest.on_failure_message }}}'
+      value: >-
+        Processor '{{{ _ingest.on_failure_processor_type }}}'
+        {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
+        {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
+        failed with message '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/cisco_nexus/manifest.yml b/packages/cisco_nexus/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.3"
 name: cisco_nexus
 title: Cisco Nexus
-version: "1.4.3"
+version: "1.4.4"
 description: Collect logs from Cisco Nexus with Elastic Agent.
 type: integration
 categories:
