diff --git a/packages/kubernetes/changelog.yml b/packages/kubernetes/changelog.yml index 3a5f4a620e9..7173de2b2b9 100644 --- a/packages/kubernetes/changelog.yml +++ b/packages/kubernetes/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.85.2" + changes: + - description: Add preserve_original_event option to manifest of audit_logs and container_logs. + type: enhancement + link: https://github.com/elastic/integrations/pull/18215 - version: "1.85.1" changes: - description: Add container_logs system tests and update base-fields.yml diff --git a/packages/kubernetes/data_stream/audit_logs/agent/stream/stream.yml.hbs b/packages/kubernetes/data_stream/audit_logs/agent/stream/stream.yml.hbs index e6a89db2047..96875d9c3c1 100644 --- a/packages/kubernetes/data_stream/audit_logs/agent/stream/stream.yml.hbs +++ b/packages/kubernetes/data_stream/audit_logs/agent/stream/stream.yml.hbs @@ -12,6 +12,9 @@ processors: {{processors}} {{/if}} tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} {{#each tags as |tag|}} - {{tag}} {{/each}} diff --git a/packages/kubernetes/data_stream/audit_logs/manifest.yml b/packages/kubernetes/data_stream/audit_logs/manifest.yml index 46590e36abd..420c10fc75c 100644 --- a/packages/kubernetes/data_stream/audit_logs/manifest.yml +++ b/packages/kubernetes/data_stream/audit_logs/manifest.yml @@ -183,7 +183,7 @@ streams: - name: preserve_original_event required: true - show_user: true + show_user: false title: Preserve original event description: Preserves a raw copy of the original event, added to the field `event.original` type: bool @@ -476,3 +476,11 @@ streams: multi: false required: false show_user: false + - name: preserve_original_event + required: false + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false diff --git a/packages/kubernetes/data_stream/container_logs/agent/stream/stream.yml.hbs b/packages/kubernetes/data_stream/container_logs/agent/stream/stream.yml.hbs index 7c99063a62e..67f10b1feed 100644 --- a/packages/kubernetes/data_stream/container_logs/agent/stream/stream.yml.hbs +++ b/packages/kubernetes/data_stream/container_logs/agent/stream/stream.yml.hbs @@ -33,6 +33,14 @@ parsers: format: {{ containerParserFormat }} {{ additionalParsersConfig }} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag|}} + - {{tag}} +{{/each}} + processors: {{! Why do we need to add the following processors? diff --git a/packages/kubernetes/data_stream/container_logs/manifest.yml b/packages/kubernetes/data_stream/container_logs/manifest.yml index 7ddf0c39192..74565c6b183 100644 --- a/packages/kubernetes/data_stream/container_logs/manifest.yml +++ b/packages/kubernetes/data_stream/container_logs/manifest.yml @@ -16,7 +16,6 @@ streams: for details on how to set the ID to avoid data duplication. type: text show_user: false - - name: paths type: text required: true @@ -112,6 +111,22 @@ streams: type: yaml default: "" + - name: preserve_original_event + required: false + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false + show_user: false + - name: tags + type: text + title: Tags + multi: true + required: false + show_user: true + default: # Ensures agents have permissions to write data to `logs-*-*` elasticsearch: dynamic_dataset: true diff --git a/packages/kubernetes/manifest.yml b/packages/kubernetes/manifest.yml index 1d457a80816..0d61c0d98aa 100644 --- a/packages/kubernetes/manifest.yml +++ b/packages/kubernetes/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.2 name: kubernetes title: Kubernetes -version: 1.85.1 +version: 1.85.2 description: Collect logs and metrics from Kubernetes clusters with Elastic Agent. type: integration categories: