Skip to content

Commit c8df4fb

Browse files
committed
Avoid adding documents with errors to the transform
1 parent e74212f commit c8df4fb

File tree

3 files changed

+12
-2
lines changed

3 files changed

+12
-2
lines changed

packages/ti_opencti/changelog.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
# newer versions go on top
2+
- version: "2.9.0"
3+
changes:
4+
- description: Avoid adding documents with errors to the transform destination index.
5+
type: enhancement
6+
link: https://github.com/elastic/integrations/pull/99999
27
- version: "2.8.0"
38
changes:
49
- description: Add script processor to drop all nulls / empty strings.

packages/ti_opencti/elasticsearch/transform/latest_ioc/transform.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,11 @@
22
source:
33
index:
44
- "logs-ti_opencti.indicator-*"
5+
query:
6+
bool:
7+
must_not:
8+
exists:
9+
field: error.message
510
# The version suffix on the dest.index should be incremented if a breaking
611
# change is made to the index mapping. You must also bump the
712
# fleet_transform_version for any change to this transform configuration to
@@ -34,4 +39,4 @@ _meta:
3439
managed: true
3540
# Bump this version to delete, reinstall, and restart the transform during
3641
# package installation.
37-
fleet_transform_version: 0.4.0
42+
fleet_transform_version: 0.5.0

packages/ti_opencti/manifest.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
format_version: "3.4.0"
22
name: ti_opencti
33
title: OpenCTI
4-
version: "2.8.0"
4+
version: "2.9.0"
55
description: "Ingest threat intelligence indicators from OpenCTI with Elastic Agent."
66
type: integration
77
source:

0 commit comments

Comments
 (0)