Avoid adding documents with errors to the transform

Author: chemamartinez

packages/ti_opencti/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.9.0"
+  changes:
+    - description: Avoid adding documents with errors to the transform destination index.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/99999
 - version: "2.8.0"
   changes:
     - description: Add script processor to drop all nulls / empty strings.

packages/ti_opencti/elasticsearch/transform/latest_ioc/transform.yml

@@ -2,6 +2,11 @@
 source:
   index:
     - "logs-ti_opencti.indicator-*"
+  query:
+    bool:
+      must_not:
+        exists:
+          field: error.message
 # The version suffix on the dest.index should be incremented if a breaking
 # change is made to the index mapping. You must also bump the
 # fleet_transform_version for any change to this transform configuration to
@@ -34,4 +39,4 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during
   # package installation.
-  fleet_transform_version: 0.4.0
+  fleet_transform_version: 0.5.0

packages/ti_opencti/manifest.yml

@@ -1,7 +1,7 @@
 format_version: "3.4.0"
 name: ti_opencti
 title: OpenCTI
-version: "2.8.0"
+version: "2.9.0"
 description: "Ingest threat intelligence indicators from OpenCTI with Elastic Agent."
 type: integration
 source: