[OpenCanary] Correct issue with remove processors for source and destination ports

[MakoWish]

Type of Change:

• Bug

Proposed commit message

Fixes and issue where all source and destination details were removed if the source or destination port was an invalid "-1". The intent was to remove source.port if the value was "-1", or destination.port if the value was "-1". The remove processors were removing the root source or destination fields.

integrations/packages/opencanary/data_stream/events/elasticsearch/ingest_pipeline/default.yml

Lines 736 to 749 in 466ca32

	- remove:
	description: Remove malformed source.* fields for LOG_BASE_MSG events
	tag: remove_source_port
	field: source
	if: ctx.source?.port == -1
	ignore_missing: true
	ignore_failure: true
	- remove:
	description: Remove malformed destination.* fields for LOG_BASE_MSG events
	tag: remove_destination_port
	field: destination
	if: ctx.destination?.port == -1
	ignore_missing: true
	ignore_failure: true

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Related issues

• Closes [Bug] OpenCanary Beta Integration Pipeline Issues #10287

[efd6]

/test

[elasticmachine]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[efd6]

nit then LGTM

[efd6]

/test

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 0f5ee15

History

• 💚 Build #12975 succeeded 6cc3e17

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
66.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

[efd6]

Thanks

[elasticmachine]

Package opencanary - 0.1.1 containing this change is available at https://epr.elastic.co/search?package=opencanary