Skip to content

[sysdig] Add agentless deployment#19470

Open
moxarth-rathod wants to merge 3 commits into
elastic:mainfrom
moxarth-rathod:sysdig-agentless
Open

[sysdig] Add agentless deployment#19470
moxarth-rathod wants to merge 3 commits into
elastic:mainfrom
moxarth-rathod:sysdig-agentless

Conversation

@moxarth-rathod

@moxarth-rathod moxarth-rathod commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Proposed commit message

sysdig: add agentless support, fix null handling and update kibana version constraint

Add agentless support and update the Kibana version constraint to avoid a known issue 
where selecting agentless deployment mode hides configuration fields and blocks deployment 
if inputs default to enabled: false. Remove null string values like "<NA>" and "{}" to 
avoid pipeline errors.

Ref: https://github.com/elastic/kibana/pull/265106

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install the elastic package locally.
  • Start the elastic stack using the elastic package.
  • Move to integrations/packages/sysdig directory.
  • Run the following command to run tests.

elastic-package test -v

Related issues

@moxarth-rathod moxarth-rathod self-assigned this Jun 10, 2026
@moxarth-rathod moxarth-rathod added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Integration:sysdig Sysdig Team:SDE-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Jun 10, 2026
@github-actions

github-actions Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

✅ Elastic Docs Style Checker (Vale)

No issues found on modified lines!

The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale.

@elastic-vault-github-plugin-prod

elastic-vault-github-plugin-prod Bot commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@moxarth-rathod moxarth-rathod marked this pull request as ready for review June 10, 2026 06:43
@moxarth-rathod moxarth-rathod requested review from a team as code owners June 10, 2026 06:43
@infra-vault-gh-plugin-prod

infra-vault-gh-plugin-prod Bot commented Jun 10, 2026

Copy link
Copy Markdown

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@github-actions github-actions Bot mentioned this pull request Jun 12, 2026
Open
kcreddy
kcreddy reviewed Jun 15, 2026
View reviewed changes
Comment thread packages/sysdig/manifest.yml
default:
enabled: true
agentless:
enabled: true

@kcreddy kcreddy Jun 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add release flag

Comment thread packages/sysdig/data_stream/event/elasticsearch/ingest_pipeline/default.yml Outdated
Comment on lines +250 to +253
- script:
description: Remove Sysdig placeholder and empty values from content fields before type conversion.
tag: script_sanitize_content_fields
lang: painless

@kcreddy kcreddy Jun 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to do this pass again? Since you added a processor to raw JSON at the beginning.

Comment thread packages/sysdig/changelog.yml
link: https://github.com/elastic/integrations/pull/19470
- description: Fix handling of null values in string for event data stream.
type: bugfix
link: https://github.com/elastic/integrations/pull/1

@kcreddy kcreddy Jun 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
link: https://github.com/elastic/integrations/pull/1
link: https://github.com/elastic/integrations/pull/19470

@kcreddy kcreddy Jun 18, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@moxarth-rathod, looks like this isn't fixed and CI failing due to this. Can you please check

@moxarth-rathod moxarth-rathod requested a review from kcreddy June 17, 2026 05:24
@elastic-vault-github-plugin-prod

elastic-vault-github-plugin-prod Bot commented Jun 17, 2026

Copy link
Copy Markdown

Changelog link mismatch — expected https://github.com/elastic/integrations/pull/19470 in the following file(s):

  • packages/sysdig/changelog.yml

Tip

If expected, add the changelog-link-check:skip label to skip this check. Or, if an issue link was intended, use .../issues/<n> instead.

View Buildkite build
@moxarth-rathod

@elasticmachine

elasticmachine commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown

💔 Build Failed

Failed CI Steps

History

cc @moxarth-rathod

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kcreddy kcreddy Awaiting requested review from kcreddy

At least 1 approving review is required to merge this pull request.

Assignees

@moxarth-rathod moxarth-rathod

Labels

bugfix Pull request that fixes a bug issue documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:sysdig Sysdig Team:SDE-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[sysdig] convert processor failing because of null values [sysdig] Add Agentless Deployment Support

3 participants

@moxarth-rathod @elasticmachine @kcreddy