From a4d0692a5813bb0fe48e4825fd9ddc02320545e2 Mon Sep 17 00:00:00 2001 From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com> Date: Fri, 3 Apr 2026 12:18:11 +0200 Subject: [PATCH 01/10] Add boolean for Event.original to audit_logs Add booleon the kuberbetes integration, to preserve the message to event.original. Same as logs from AWS/Azure/Google --- packages/kubernetes/data_stream/audit_logs/manifest.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/packages/kubernetes/data_stream/audit_logs/manifest.yml b/packages/kubernetes/data_stream/audit_logs/manifest.yml index 46590e36abd..36fa650f7e7 100644 --- a/packages/kubernetes/data_stream/audit_logs/manifest.yml +++ b/packages/kubernetes/data_stream/audit_logs/manifest.yml @@ -476,3 +476,11 @@ streams: multi: false required: false show_user: false + - name: preserve_original_event + required: false + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false From 8dfd14201a1cd3b7be7e8d6f33c1a28ed8bec6c1 Mon Sep 17 00:00:00 2001 From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com> Date: Fri, 3 Apr 2026 12:20:06 +0200 Subject: [PATCH 02/10] Add boolean for Event.original to container_logs --- .../kubernetes/data_stream/container_logs/manifest.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/packages/kubernetes/data_stream/container_logs/manifest.yml b/packages/kubernetes/data_stream/container_logs/manifest.yml index 7ddf0c39192..c4be66ac983 100644 --- a/packages/kubernetes/data_stream/container_logs/manifest.yml +++ b/packages/kubernetes/data_stream/container_logs/manifest.yml @@ -112,6 +112,14 @@ streams: type: yaml default: "" + - name: preserve_original_event + required: false + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false # Ensures agents have permissions to write data to `logs-*-*` elasticsearch: dynamic_dataset: true From ead0c26270523e0e19d7470cea671c3f9b43a52d Mon Sep 17 00:00:00 2001 From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com> Date: Fri, 3 Apr 2026 13:49:49 +0200 Subject: [PATCH 03/10] Preserve_original_event added to agent/stream --- .../data_stream/audit_logs/agent/stream/stream.yml.hbs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages/kubernetes/data_stream/audit_logs/agent/stream/stream.yml.hbs b/packages/kubernetes/data_stream/audit_logs/agent/stream/stream.yml.hbs index e6a89db2047..96875d9c3c1 100644 --- a/packages/kubernetes/data_stream/audit_logs/agent/stream/stream.yml.hbs +++ b/packages/kubernetes/data_stream/audit_logs/agent/stream/stream.yml.hbs @@ -12,6 +12,9 @@ processors: {{processors}} {{/if}} tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} {{#each tags as |tag|}} - {{tag}} {{/each}} From 0f66c29ed8e93f060297c5a6b9afa4e91b4b794c Mon Sep 17 00:00:00 2001 From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com> Date: Fri, 3 Apr 2026 14:37:35 +0200 Subject: [PATCH 04/10] Update changelog and manifest --- packages/kubernetes/changelog.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/packages/kubernetes/changelog.yml b/packages/kubernetes/changelog.yml index eed402a5961..e6296c82b90 100644 --- a/packages/kubernetes/changelog.yml +++ b/packages/kubernetes/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.85.1" + changes: + - description: Add preserve_original_event option to manifest of audit_logs and container_logs. + type: enhancement + link: https://github.com/elastic/integrations/pull/18215 - version: "1.85.0" changes: - description: Add client secret authentication support for Azure Event Hub with RBAC. From 90fa781ba5627ee88aa591b49d6c92f56e25fd9e Mon Sep 17 00:00:00 2001 From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com> Date: Fri, 3 Apr 2026 14:38:05 +0200 Subject: [PATCH 05/10] Bump up manifest version --- packages/kubernetes/manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/kubernetes/manifest.yml b/packages/kubernetes/manifest.yml index b9bba50222c..603c496248d 100644 --- a/packages/kubernetes/manifest.yml +++ b/packages/kubernetes/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.2 name: kubernetes title: Kubernetes -version: 1.85.0 +version: 1.85. description: Collect logs and metrics from Kubernetes clusters with Elastic Agent. type: integration categories: From ddd8e73395b4afd0b444b03d5d473ae0d72d8932 Mon Sep 17 00:00:00 2001 From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com> Date: Fri, 3 Apr 2026 14:38:24 +0200 Subject: [PATCH 06/10] Bump up manifest version --- packages/kubernetes/manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/kubernetes/manifest.yml b/packages/kubernetes/manifest.yml index 603c496248d..1d457a80816 100644 --- a/packages/kubernetes/manifest.yml +++ b/packages/kubernetes/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.2 name: kubernetes title: Kubernetes -version: 1.85. +version: 1.85.1 description: Collect logs and metrics from Kubernetes clusters with Elastic Agent. type: integration categories: From 0dc1246b1fcedacc19d098da97493b65d9ac05a0 Mon Sep 17 00:00:00 2001 From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com> Date: Tue, 7 Apr 2026 10:50:49 +0200 Subject: [PATCH 07/10] Added preserve_original_event to container_logs --- .../container_logs/agent/stream/stream.yml.hbs | 8 ++++++++ .../kubernetes/data_stream/container_logs/manifest.yml | 10 ++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/packages/kubernetes/data_stream/container_logs/agent/stream/stream.yml.hbs b/packages/kubernetes/data_stream/container_logs/agent/stream/stream.yml.hbs index 7c99063a62e..67f10b1feed 100644 --- a/packages/kubernetes/data_stream/container_logs/agent/stream/stream.yml.hbs +++ b/packages/kubernetes/data_stream/container_logs/agent/stream/stream.yml.hbs @@ -33,6 +33,14 @@ parsers: format: {{ containerParserFormat }} {{ additionalParsersConfig }} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag|}} + - {{tag}} +{{/each}} + processors: {{! Why do we need to add the following processors? diff --git a/packages/kubernetes/data_stream/container_logs/manifest.yml b/packages/kubernetes/data_stream/container_logs/manifest.yml index c4be66ac983..fa62bf4fff3 100644 --- a/packages/kubernetes/data_stream/container_logs/manifest.yml +++ b/packages/kubernetes/data_stream/container_logs/manifest.yml @@ -16,7 +16,6 @@ streams: for details on how to set the ID to avoid data duplication. type: text show_user: false - - name: paths type: text required: true @@ -119,7 +118,14 @@ streams: description: Preserves a raw copy of the original event, added to the field `event.original` type: bool multi: false - default: false + default: false + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: # Ensures agents have permissions to write data to `logs-*-*` elasticsearch: dynamic_dataset: true From 7e163f9a495144b66a0fd51618f24eb3602fd76a Mon Sep 17 00:00:00 2001 From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com> Date: Tue, 7 Apr 2026 10:55:44 +0200 Subject: [PATCH 08/10] Changed tags to not required with no defaults --- packages/kubernetes/data_stream/container_logs/manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/kubernetes/data_stream/container_logs/manifest.yml b/packages/kubernetes/data_stream/container_logs/manifest.yml index fa62bf4fff3..e4ba96b14a8 100644 --- a/packages/kubernetes/data_stream/container_logs/manifest.yml +++ b/packages/kubernetes/data_stream/container_logs/manifest.yml @@ -123,7 +123,7 @@ streams: type: text title: Tags multi: true - required: true + required: false show_user: true default: # Ensures agents have permissions to write data to `logs-*-*` From 31bdbd122bfac0e5622097b8a3413da757eacf5a Mon Sep 17 00:00:00 2001 From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com> Date: Tue, 16 Jun 2026 14:40:03 +0200 Subject: [PATCH 09/10] Change based on MR 18215 --- packages/kubernetes/data_stream/audit_logs/manifest.yml | 2 +- packages/kubernetes/data_stream/container_logs/manifest.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/kubernetes/data_stream/audit_logs/manifest.yml b/packages/kubernetes/data_stream/audit_logs/manifest.yml index 36fa650f7e7..420c10fc75c 100644 --- a/packages/kubernetes/data_stream/audit_logs/manifest.yml +++ b/packages/kubernetes/data_stream/audit_logs/manifest.yml @@ -183,7 +183,7 @@ streams: - name: preserve_original_event required: true - show_user: true + show_user: false title: Preserve original event description: Preserves a raw copy of the original event, added to the field `event.original` type: bool diff --git a/packages/kubernetes/data_stream/container_logs/manifest.yml b/packages/kubernetes/data_stream/container_logs/manifest.yml index e4ba96b14a8..74565c6b183 100644 --- a/packages/kubernetes/data_stream/container_logs/manifest.yml +++ b/packages/kubernetes/data_stream/container_logs/manifest.yml @@ -119,6 +119,7 @@ streams: type: bool multi: false default: false + show_user: false - name: tags type: text title: Tags From 4e4c637c722488fa503069bc224ab2a07159d5f5 Mon Sep 17 00:00:00 2001 From: sbaas-hcs <129400548+sbaas-hcs@users.noreply.github.com> Date: Tue, 16 Jun 2026 14:47:51 +0200 Subject: [PATCH 10/10] Updated changelog --- packages/kubernetes/changelog.yml | 5 +++++ packages/kubernetes/manifest.yml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/kubernetes/changelog.yml b/packages/kubernetes/changelog.yml index 3a5f4a620e9..7173de2b2b9 100644 --- a/packages/kubernetes/changelog.yml +++ b/packages/kubernetes/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.85.2" + changes: + - description: Add preserve_original_event option to manifest of audit_logs and container_logs. + type: enhancement + link: https://github.com/elastic/integrations/pull/18215 - version: "1.85.1" changes: - description: Add container_logs system tests and update base-fields.yml diff --git a/packages/kubernetes/manifest.yml b/packages/kubernetes/manifest.yml index 1d457a80816..0d61c0d98aa 100644 --- a/packages/kubernetes/manifest.yml +++ b/packages/kubernetes/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.2 name: kubernetes title: Kubernetes -version: 1.85.1 +version: 1.85.2 description: Collect logs and metrics from Kubernetes clusters with Elastic Agent. type: integration categories: