zeek: fix handling of potentially null method call receivers

packages/zeek/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.22.3"
+  changes:
+    - description: Fix ingest pipeline conditional field handling.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/9005
 - version: "2.22.2"
   changes:
     - description: Changed owners

packages/zeek/data_stream/kerberos/elasticsearch/ingest_pipeline/default.yml

@@ -182,7 +182,7 @@ processors:
       field: zeek.kerberos.client
       pattern: "%{user.name}/%{user.domain}"
       ignore_missing: true
-      if: ctx.zeek?.kerberos?.client.contains('/')
+      if: ctx.zeek?.kerberos?.client.contains('/') == true
   - date:
       field: zeek.kerberos.ts
       formats:

packages/zeek/data_stream/known_certs/elasticsearch/ingest_pipeline/default.yml

@@ -43,11 +43,11 @@ processors:
   - set:
       field: network.type
       value: ipv4
-      if: ctx.host?.ip.contains('.')
+      if: ctx.host?.ip.contains('.') == true
   - set:
       field: network.type
       value: ipv6
-      if: ctx.host?.ip.contains(':')
+      if: ctx.host?.ip.contains(':') == true
   - append:
       field: related.ip
       value: "{{{host.ip}}}"

packages/zeek/data_stream/known_hosts/elasticsearch/ingest_pipeline/default.yml

@@ -43,11 +43,11 @@ processors:
   - set:
       field: network.type
       value: ipv4
-      if: ctx.host?.ip.contains('.')
+      if: ctx.host?.ip.contains('.') == true
   - set:
       field: network.type
       value: ipv6
-      if: ctx.host?.ip.contains(':')
+      if: ctx.host?.ip.contains(':') == true
   - append:
       field: related.ip
       value: "{{{host.ip}}}"

packages/zeek/data_stream/known_services/elasticsearch/ingest_pipeline/default.yml

@@ -42,11 +42,11 @@ processors:
   - set:
       field: network.type
       value: ipv4
-      if: ctx.host?.ip.contains('.')
+      if: ctx.host?.ip.contains('.') == true
   - set:
       field: network.type
       value: ipv6
-      if: ctx.host?.ip.contains(':')
+      if: ctx.host?.ip.contains(':') == true
   - append:
       field: related.ip
       value: "{{{host.ip}}}"

packages/zeek/data_stream/ntp/elasticsearch/ingest_pipeline/default.yml

@@ -92,11 +92,11 @@ processors:
   - set:
       field: network.type
       value: ipv4
-      if: ctx.source?.ip.contains('.')
+      if: ctx.source?.ip.contains('.') == true
   - set:
       field: network.type
       value: ipv6
-      if: ctx.source?.ip.contains(':')
+      if: ctx.source?.ip.contains(':') == true
   - community_id:
       ignore_missing: true
   - date:

packages/zeek/data_stream/signature/elasticsearch/ingest_pipeline/default.yml

@@ -80,11 +80,11 @@ processors:
   - set:
       field: network.type
       value: ipv4
-      if: ctx.source?.ip.contains('.')
+      if: ctx.source?.ip.contains('.') == true
   - set:
       field: network.type
       value: ipv6
-      if: ctx.source?.ip.contains(':')
+      if: ctx.source?.ip.contains(':') == true
   - append:
       field: related.ip
       value: "{{{source.ip}}}"

packages/zeek/data_stream/software/elasticsearch/ingest_pipeline/default.yml

@@ -47,11 +47,11 @@ processors:
   - set:
       field: network.type
       value: ipv4
-      if: ctx.host?.ip.contains('.')
+      if: ctx.host?.ip.contains('.') == true
   - set:
       field: network.type
       value: ipv6
-      if: ctx.host?.ip.contains(':')
+      if: ctx.host?.ip.contains(':') == true
   - append:
       field: related.ip
       value: "{{{host.ip}}}"

packages/zeek/manifest.yml

@@ -1,6 +1,6 @@
 name: zeek
 title: Zeek
-version: "2.22.2"
+version: "2.22.3"
 description: Collect logs from Zeek with Elastic Agent.
 type: integration
 icons: