elastic
diff --git a/‎packages/citrix_adc/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/citrix_adc/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/citrix_adc/data_stream/log/elasticsearch/ingest_pipeline/alg_feature.yml‎
Lines changed: 15 additions & 3 deletions b/‎packages/citrix_adc/data_stream/log/elasticsearch/ingest_pipeline/alg_feature.yml‎
Lines changed: 15 additions & 3 deletions
diff --git a/‎packages/citrix_adc/data_stream/log/elasticsearch/ingest_pipeline/appfw_feature.yml‎
Lines changed: 19 additions & 2 deletions b/‎packages/citrix_adc/data_stream/log/elasticsearch/ingest_pipeline/appfw_feature.yml‎
Lines changed: 19 additions & 2 deletions
diff --git a/‎packages/citrix_adc/data_stream/log/elasticsearch/ingest_pipeline/bot_feature.yml‎
Lines changed: 7 additions & 2 deletions b/‎packages/citrix_adc/data_stream/log/elasticsearch/ingest_pipeline/bot_feature.yml‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎packages/citrix_adc/data_stream/log/elasticsearch/ingest_pipeline/cef.yml‎
Lines changed: 7 additions & 5 deletions b/‎packages/citrix_adc/data_stream/log/elasticsearch/ingest_pipeline/cef.yml‎
Lines changed: 7 additions & 5 deletions
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.17.4"
+  changes:
+    - description: Generate processor tags and normalize error handler.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15535
 - version: "1.17.3"
   changes:
     - description: "Add support for additional log format patterns in sslvpn_clisec"
 
@@ -1,5 +1,5 @@
 ---
-description:  Pipeline for Citrix Native messages of ALG feature.
+description: Pipeline for Citrix Native messages of ALG feature.
 processors:
   - grok:
       description: Extract fields from message of ALG feature.
@@ -21,6 +21,7 @@ processors:
       if: ctx.citrix_adc?.log?.destination?.ip != null && ctx.citrix_adc.log.destination.ip != ''
       on_failure:
         - append:
+            tag: append_error_message_64d71fc8
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - set:
@@ -36,6 +37,7 @@ processors:
       if: ctx.citrix_adc?.log?.natted?.ip != null && ctx.citrix_adc.log.natted.ip != ''
       on_failure:
         - append:
+            tag: append_error_message_cd6327c2
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - set:
@@ -50,6 +52,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_63689943
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - set:
@@ -64,6 +67,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_2f2ef7d3
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - set:
@@ -88,6 +92,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_4220ffd0
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - set:
@@ -128,6 +133,7 @@ processors:
       if: ctx.citrix_adc?.log?.source?.ip != null && ctx.citrix_adc.log.source.ip != ''
       on_failure:
         - append:
+            tag: append_error_message_5cfe9f0e
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - set:
@@ -142,6 +148,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_7bbfad17
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - set:
@@ -166,6 +173,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_57291f76
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - convert:
@@ -175,6 +183,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_01ca5790
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
 on_failure:
@@ -183,5 +192,8 @@ on_failure:
       value: pipeline_error
   - append:
       field: error.message
-      value: |-
-        Processor "{{{ _ingest.on_failure_processor_type }}}" with tag "{{{ _ingest.on_failure_processor_tag }}}" in pipeline "{{{ _ingest.on_failure_pipeline }}}" failed with message "{{{ _ingest.on_failure_message }}}"
+      value: >-
+        Processor '{{{ _ingest.on_failure_processor_type }}}'
+        {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
+        {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
+        failed with message '{{{ _ingest.on_failure_message }}}'
@@ -40,6 +40,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_d523a6fe
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - set:
@@ -59,6 +60,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_0da74670
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - convert:
@@ -68,6 +70,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_6745e0fc
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - convert:
@@ -77,6 +80,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_38441d00
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - convert:
@@ -86,6 +90,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_3fb880ab
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - convert:
@@ -95,6 +100,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_1fe3e086
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - convert:
@@ -104,6 +110,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_24909ef5
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - convert:
@@ -113,6 +120,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_d4f1affa
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - convert:
@@ -122,6 +130,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_de2f3c8d
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - convert:
@@ -131,6 +140,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_126e11f6
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - convert:
@@ -140,6 +150,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_9def762d
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - convert:
@@ -149,6 +160,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_e5d2bbec
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - convert:
@@ -158,6 +170,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_78e78597
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - convert:
@@ -167,6 +180,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_8a0c76fc
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
 on_failure:
@@ -175,5 +189,8 @@ on_failure:
       value: pipeline_error
   - append:
       field: error.message
-      value: |-
-        Processor "{{{ _ingest.on_failure_processor_type }}}" with tag "{{{ _ingest.on_failure_processor_tag }}}" in pipeline "{{{ _ingest.on_failure_pipeline }}}" failed with message "{{{ _ingest.on_failure_message }}}"
+      value: >-
+        Processor '{{{ _ingest.on_failure_processor_type }}}'
+        {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
+        {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
+        failed with message '{{{ _ingest.on_failure_message }}}'
@@ -16,6 +16,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_94c6ac32
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
   - convert:
@@ -25,6 +26,7 @@ processors:
       ignore_missing: true
       on_failure:
         - append:
+            tag: append_error_message_eb1ac20e
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
 on_failure:
@@ -33,5 +35,8 @@ on_failure:
       value: pipeline_error
   - append:
       field: error.message
-      value: |-
-        Processor "{{{ _ingest.on_failure_processor_type }}}" with tag "{{{ _ingest.on_failure_processor_tag }}}" in pipeline "{{{ _ingest.on_failure_pipeline }}}" failed with message "{{{ _ingest.on_failure_message }}}"
+      value: >-
+        Processor '{{{ _ingest.on_failure_processor_type }}}'
+        {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
+        {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
+        failed with message '{{{ _ingest.on_failure_message }}}'
@@ -21,7 +21,7 @@ processors:
       field: citrix.extended
       tag: remove_extended
       if: ctx.citrix?.extended_kv != null
-  
+
   # https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/logs.html#common-event-format-cef-logs
   - convert:
       # src – source IP address
@@ -117,7 +117,7 @@ processors:
       tag: rename_extended_kv_cs6
       target_field: citrix.signature_violation_category
       ignore_missing: true
-  
+
   - rename:
       field: citrix.extended_kv
       tag: rename_extended_kv
@@ -127,9 +127,11 @@ processors:
 on_failure:
   - append:
       field: error.message
-      value: |-
-        Processor "{{{ _ingest.on_failure_processor_type }}}" with tag "{{{ _ingest.on_failure_processor_tag }}}" in pipeline "{{{ _ingest.on_failure_pipeline }}}" failed with message "{{{ _ingest.on_failure_message }}}"
+      value: >-
+        Processor '{{{ _ingest.on_failure_processor_type }}}'
+        {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
+        {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
+        failed with message '{{{ _ingest.on_failure_message }}}'
   - set:
       field: event.kind
-      tag: set_pipeline_error_to_event_kind
       value: pipeline_error