cisco*: ensure event.kind is correctly set for pipeline errors

packages/cisco_aironet/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.4.0"
+  changes:
+    - description: Ensure event.kind is correctly set for pipeline errors.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/6600
 - version: "1.3.0"
   changes:
     - description: Update package to ECS 8.8.0.

packages/cisco_aironet/data_stream/log/elasticsearch/ingest_pipeline/default.yml

@@ -293,10 +293,10 @@ processors:
       ignore_failure: true
       ignore_missing: true
 
-
-
-
 on_failure:
   - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
       field: error.message
-      value: '{{ _ingest.on_failure_message }}'
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_aironet/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 2.7.0
 name: cisco_aironet
 title: "Cisco Aironet"
-version: "1.3.0"
+version: "1.4.0"
 description: "Integration for Cisco Aironet WLC Logs"
 type: integration
 categories:

packages/cisco_asa/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.18.0"
+  changes:
+    - description: Ensure event.kind is correctly set for pipeline errors.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/6600
 - version: "2.17.1"
   changes:
     - description: Fix VPN event.action

packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml

@@ -2595,6 +2595,9 @@ on_failure:
         - _temp_
         - _conf
       ignore_missing: true
+  - set:
+      field: event.kind
+      value: pipeline_error
   - append:
       field: "error.message"
       value: "{{{ _ingest.on_failure_message }}}"

packages/cisco_asa/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: cisco_asa
 title: Cisco ASA
-version: "2.17.1"
+version: "2.18.0"
 license: basic
 description: Collect logs from Cisco ASA with Elastic Agent.
 type: integration

packages/cisco_duo/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.13.0"
+  changes:
+    - description: Ensure event.kind is correctly set for pipeline errors.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/6600
 - version: "1.12.0"
   changes:
     - description: Update package to ECS 8.8.0.

packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml

@@ -165,6 +165,9 @@ processors:
       ignore_failure: true
       ignore_missing: true
 on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
   - append:
       field: error.message
       value: '{{{_ingest.on_failure_message}}}'

packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml

@@ -427,6 +427,9 @@ processors:
       ignore_failure: true
       ignore_missing: true
 on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
   - append:
       field: error.message
       value: '{{{_ingest.on_failure_message}}}'

packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml

@@ -87,6 +87,9 @@ processors:
       ignore_failure: true
       ignore_missing: true
 on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
   - append:
       field: error.message
       value: '{{{_ingest.on_failure_message}}}'

packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml

@@ -35,6 +35,9 @@ processors:
       ignore_failure: true
       ignore_missing: true
 on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
   - append:
       field: error.message
       value: '{{{_ingest.on_failure_message}}}'

packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml

@@ -59,6 +59,9 @@ processors:
       ignore_failure: true
       ignore_missing: true
 on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
   - append:
       field: error.message
       value: '{{{_ingest.on_failure_message}}}'

packages/cisco_duo/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 2.7.0
 name: cisco_duo
 title: Cisco Duo
-version: "1.12.0"
+version: "1.13.0"
 description: Collect logs from Cisco Duo with Elastic Agent.
 type: integration
 categories:

packages/cisco_ftd/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.13.0"
+  changes:
+    - description: Ensure event.kind is correctly set for pipeline errors.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/6600
 - version: "2.12.1"
   changes:
     - description: Fix VPN event.action

packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml

@@ -2435,6 +2435,9 @@ on_failure:
         - _temp_
         - _conf
       ignore_missing: true
+  - set:
+      field: event.kind
+      value: pipeline_error
   - append:
       field: "error.message"
       value: "{{{ _ingest.on_failure_message }}}"

packages/cisco_ftd/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: cisco_ftd
 title: Cisco FTD
-version: "2.12.1"
+version: "2.13.0"
 license: basic
 description: Collect logs from Cisco FTD with Elastic Agent.
 type: integration

packages/cisco_ise/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.9.0"
+  changes:
+    - description: Ensure event.kind is correctly set for pipeline errors.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/6600
 - version: "1.8.0"
   changes:
     - description: Update package to ECS 8.8.0.

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml

@@ -169,6 +169,9 @@ processors:
         }
         dropEmptyFields(ctx);
 on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
   - append:
       field: error.message
       value: '{{{_ingest.on_failure_message}}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_ad_connector.yml

@@ -171,3 +171,10 @@ processors:
       target_field: cisco_ise.log.ad.srv.record
       ignore_failure: true
       ignore_missing: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_administrative_and_operational_audit.yml

@@ -527,3 +527,10 @@ processors:
       if: ctx.user?.name != null
       allow_duplicates: false
       ignore_failure: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_authentication_flow_diagnostics.yml

@@ -221,3 +221,10 @@ processors:
       target_field: cisco_ise.log.workflow.sequence.type
       ignore_failure: true
       ignore_missing: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_failed_attempts.yml

@@ -637,3 +637,10 @@ processors:
   - remove:
       field: cisco_ise.log.log_details.User-Name
       ignore_missing: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_guest.yml

@@ -144,3 +144,10 @@ processors:
       if: ctx.cisco_ise?.log?.guest?.user?.name != null
       allow_duplicates: false
       ignore_failure: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_identity_stores_diagnostics.yml

@@ -225,3 +225,10 @@ processors:
   - lowercase:
       field: network.protocol
       ignore_missing: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_internal_operations_diagnostics.yml

@@ -100,3 +100,10 @@ processors:
       target_field: cisco_ise.log.error.message
       ignore_failure: true
       ignore_missing: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_mydevices.yml

@@ -178,3 +178,10 @@ processors:
       target_field: cisco_ise.log.endpoint.coa
       ignore_failure: true
       ignore_missing: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_passed_authentications.yml

@@ -551,3 +551,10 @@ processors:
   - lowercase:
       field: network.protocol
       ignore_missing: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_policy_diagnostics.yml

@@ -179,3 +179,10 @@ processors:
         - _tmp
         - cisco_ise.log.log_details_raw
       ignore_missing: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_posture_and_client_provisioning_audit.yml

@@ -88,3 +88,10 @@ processors:
       if: ctx.client?.user?.name != null
       allow_duplicates: false
       ignore_failure: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_radius_accounting.yml

@@ -362,3 +362,10 @@ processors:
       target_field: cisco_ise.log.undefined_52
       ignore_failure: true
       ignore_missing: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_radius_diagnostics.yml

@@ -344,3 +344,10 @@ processors:
       value: '{{{user.name}}}'
       allow_duplicates: false
       ignore_failure: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_system_statistics.yml

@@ -278,3 +278,10 @@ processors:
       target_field: cisco_ise.log.sysstats.utilization.network
       ignore_failure: true
       ignore_missing: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_tacacs_accounting.yml

@@ -355,3 +355,10 @@ processors:
       field_split: '; '
       value_split: =
       ignore_failure: true
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/pipeline_threat_centric_nac.yml

@@ -114,4 +114,10 @@ processors:
       target_field: cisco_ise.log.connectivity
       ignore_failure: true
       ignore_missing: true
-
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_ise/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: cisco_ise
 title: Cisco ISE
-version: "1.8.0"
+version: "1.9.0"
 license: basic
 description: Collect logs from Cisco ISE with Elastic Agent.
 type: integration

packages/cisco_meraki/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.10.0"
+  changes:
+    - description: Ensure event.kind is correctly set for pipeline errors.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/6600
 - version: "1.9.0"
   changes:
     - description: Update package-spec version to 2.7.0.

packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml

@@ -301,5 +301,8 @@ processors:
 
 on_failure:
 - set:
+    field: event.kind
+    value: pipeline_error
+- append:
     field: error.message
-    value: '{{ _ingest.on_failure_message }}'
+    value: '{{{ _ingest.on_failure_message }}}'

packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/airmarshal.yml

@@ -65,3 +65,10 @@ processors:
 - rename:
     field: _temp.kv.fc_subtype
     target_field: cisco_meraki.fc_subtype
+on_failure:
+- set:
+    field: event.kind
+    value: pipeline_error
+- append:
+    field: error.message
+    value: '{{{ _ingest.on_failure_message }}}'