elastic · efd6 · Jan 31, 2024 · Jan 30, 2024 · Jan 31, 2024 · muthu-mps
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.2.1"
+  changes:
+    - description: Fix ingest pipeline conditional field handling.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/9003
 - version: "1.2.0"
   changes:
     - description: Limit request tracer log count to five.

@@ -102,7 +102,7 @@ processors:
 
 - remove:
     field: event.original
-    if: "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))"
+    if: "ctx.tags == null || !(ctx.tags.contains('preserve_original_event'))"
     ignore_failure: true
     ignore_missing: true
 

@@ -259,25 +259,25 @@ processors:
     value: Up/Pending
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.json?.current_state?.contains("0")
+    if: ctx.json?.current_state?.contains("0") == true
 - set:
     field: nagios_xi.host.current_state
     value: Warning
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.json?.current_state?.contains("1")
+    if: ctx.json?.current_state?.contains("1") == true
 - set:
     field: nagios_xi.host.current_state
     value: Critical
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.json?.current_state?.contains("2")
+    if: ctx.json?.current_state?.contains("2") == true
 - set:
     field: nagios_xi.host.current_state
     value: Unknown
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.json?.current_state?.contains("3")
+    if: ctx.json?.current_state?.contains("3") == true
 - rename:
     field: json.has_been_checked
     target_field: nagios_xi.host.has_been_checked
@@ -447,7 +447,7 @@ processors:
       drop(ctx);
 - remove:
     field: event.original
-    if: ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))
+    if: ctx.tags == null || !(ctx.tags.contains('preserve_original_event'))
     ignore_failure: true
     ignore_missing: true
 - remove:

@@ -239,25 +239,25 @@ processors:
     value: Up/Pending
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.json?.current_state?.contains("0")
+    if: ctx.json?.current_state?.contains("0") == true
 - set:
     field: nagios_xi.service.current_state
     value: Warning
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.json?.current_state?.contains("1")
+    if: ctx.json?.current_state?.contains("1") == true
 - set:
     field: nagios_xi.service.current_state
     value: Critical
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.json?.current_state?.contains("2")
+    if: ctx.json?.current_state?.contains("2") == true
 - set:
     field: nagios_xi.service.current_state
     value: Unknown
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.json?.current_state?.contains("3")
+    if: ctx.json?.current_state?.contains("3") == true
 - rename:
     field: json.has_been_checked
     target_field: nagios_xi.service.has_been_checked
@@ -395,13 +395,13 @@ processors:
     override: true
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.check_command?.contains("check_local_users")
+    if: ctx.nagios_xi?.service?.check_command?.contains("check_local_users") == true
 - dissect:
     field: nagios_xi.service.current_users.performance_data
     pattern: users=%{nagios_xi.service.current_users.users};%{}
     ignore_missing: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("current_users")
+    if: ctx.nagios_xi?.service?.containsKey("current_users") == true
 - convert:
     field: nagios_xi.service.current_users.users
     type: double
@@ -412,21 +412,21 @@ processors:
     value: nagios_xi.current_users
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("current_users")
+    if: ctx.nagios_xi?.service?.containsKey("current_users") == true
 
 - set:
     copy_from: nagios_xi.service.temp
     field: nagios_xi.service.current_load
     override: true
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.check_command?.contains("check_local_load")
+    if: ctx.nagios_xi?.service?.check_command?.contains("check_local_load") == true
 - dissect:
     field: nagios_xi.service.current_load.performance_data
     pattern: load1=%{nagios_xi.service.current_load.load1};%{?}load5=%{nagios_xi.service.current_load.load5};%{?}load15=%{nagios_xi.service.current_load.load15};%{?}
     ignore_missing: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("current_load")
+    if: ctx.nagios_xi?.service?.containsKey("current_load") == true
 - convert:
     field: nagios_xi.service.current_load.load1
     type: double
@@ -447,21 +447,25 @@ processors:
     value: nagios_xi.current_load
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("current_load")
+    if: ctx.nagios_xi?.service?.containsKey("current_load") == true
 
 - set:
     copy_from: nagios_xi.service.temp
     field: nagios_xi.service.ssh
     override: true
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.check_command?.contains("check_ssh") || ctx?.nagios_xi?.service?.check_command?.contains("check_xi_service_ssh")
+    if: >-
+      ctx.nagios_xi?.service?.check_command != null && (
+        ctx.nagios_xi.service.check_command?.contains("check_ssh") ||
+        ctx.nagios_xi.service.check_command?.contains("check_xi_service_ssh")
+      )
 - dissect:
     field: nagios_xi.service.ssh.performance_data
     pattern: time=%{nagios_xi.service.ssh.time}s%{}
     ignore_missing: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("ssh")
+    if: ctx.nagios_xi?.service?.containsKey("ssh") == true
 - convert:
     field: nagios_xi.service.ssh.time
     type: double
@@ -472,21 +476,25 @@ processors:
     value: nagios_xi.ssh
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("ssh")
+    if: ctx.nagios_xi?.service?.containsKey("ssh") == true
 
 - set:
     copy_from: nagios_xi.service.temp
     field: nagios_xi.service.ping
     override: true
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.check_command?.contains("check_ping") || ctx?.nagios_xi?.service?.check_command?.contains("check_xi_service_ping")
+    if: >-
+      ctx.nagios_xi?.service?.check_command != null && (
+        ctx.nagios_xi.service.check_command?.contains("check_ping") ||
+        ctx.nagios_xi.service.check_command?.contains("check_xi_service_ping")
+      )
 - dissect:
     field: nagios_xi.service.ping.performance_data
     pattern: rta=%{nagios_xi.service.ping.rta}ms;%{?}pl=%{nagios_xi.service.ping.pl}%;%{?}
     ignore_missing: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("ping")
+    if: ctx.nagios_xi?.service?.containsKey("ping") == true
 - convert:
     field: nagios_xi.service.ping.rta
     type: double
@@ -502,21 +510,21 @@ processors:
     value: nagios_xi.ping
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("ping")
+    if: ctx.nagios_xi?.service?.containsKey("ping") == true
 
 - set:
     copy_from: nagios_xi.service.temp
     field: nagios_xi.service.swap_usage
     override: true
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.check_command?.contains("check_local_swap")
+    if: ctx.nagios_xi?.service?.check_command?.contains("check_local_swap") == true
 - dissect:
     field: nagios_xi.service.swap_usage.performance_data
     pattern: swap=%{nagios_xi.service.swap_usage.free_swap}MB;%{};%{};%{};%{nagios_xi.service.swap_usage.total_swap}
     ignore_missing: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("swap_usage")
+    if: ctx.nagios_xi?.service?.containsKey("swap_usage") == true
 - convert:
     field: nagios_xi.service.swap_usage.free_swap
     type: long
@@ -529,7 +537,7 @@ processors:
     ignore_failure: true
 - script:
     source: |
-        if(ctx?.nagios_xi?.service?.containsKey("swap_usage")) {
+        if(ctx.nagios_xi?.service?.containsKey("swap_usage") == true) {
             ctx.nagios_xi.service.swap_usage.used_swap = ctx.nagios_xi.service.swap_usage.total_swap - ctx.nagios_xi.service.swap_usage.free_swap
         }
     ignore_failure: true
@@ -538,21 +546,21 @@ processors:
     value: nagios_xi.swap_usage
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("swap_usage")
+    if: ctx.nagios_xi?.service?.containsKey("swap_usage") == true
 
 - set:
     copy_from: nagios_xi.service.temp
     field: nagios_xi.service.process
     override: true
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.check_command?.contains("check_local_procs")
+    if: ctx.nagios_xi?.service?.check_command?.contains("check_local_procs") == true
 - dissect:
     field: nagios_xi.service.process.performance_data
     pattern: procs=%{nagios_xi.service.process.total};%{}
     ignore_missing: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("process")
+    if: ctx.nagios_xi?.service?.containsKey("process") == true
 - convert:
     field: nagios_xi.service.process.total
     type: double
@@ -563,21 +571,25 @@ processors:
     value: nagios_xi.process
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("process")
+    if: ctx.nagios_xi?.service?.containsKey("process") == true
 
 - set:
     copy_from: nagios_xi.service.temp
     field: nagios_xi.service.http
     override: true
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.check_command?.contains("check_http") || ctx?.nagios_xi?.service?.check_command?.contains("check_xi_service_http")
+    if: >-
+      ctx.nagios_xi?.service?.check_command != null && (
+        ctx.nagios_xi.service.check_command?.contains("check_http") ||
+        ctx.nagios_xi.service.check_command?.contains("check_xi_service_http")
+      )
 - dissect:
     field: nagios_xi.service.http.performance_data
     pattern: time=%{nagios_xi.service.http.time}s;;;%{?un}size=%{nagios_xi.service.http.size}B;%{?}
     ignore_missing: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("http")
+    if: ctx.nagios_xi?.service?.containsKey("http") == true
 - convert:
     field: nagios_xi.service.http.time
     type: double
@@ -593,21 +605,21 @@ processors:
     value: nagios_xi.http
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("http")
+    if: ctx.nagios_xi?.service?.containsKey("http") == true
 
 - set:
     copy_from: nagios_xi.service.temp
     field: nagios_xi.service.root_partition
     override: true
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.check_command?.contains("check_local_disk")
+    if: ctx.nagios_xi?.service?.check_command?.contains("check_local_disk") == true
 - dissect:
     field: nagios_xi.service.root_partition.performance_data
     pattern: "%{?}=%{nagios_xi.service.root_partition.used_space}M%{};%{};%{};%{};%{nagios_xi.service.root_partition.total_space}"
     ignore_missing: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("root_partition")
+    if: ctx.nagios_xi?.service?.containsKey("root_partition") == true
 - convert:
     field: nagios_xi.service.root_partition.total_space
     type: long
@@ -620,7 +632,7 @@ processors:
     ignore_failure: true
 - script:
     source: |
-        if(ctx?.nagios_xi?.service?.containsKey("root_partition")) {
+        if(ctx.nagios_xi?.service?.containsKey("root_partition") == true) {
             ctx.nagios_xi.service.root_partition.free_space = ctx.nagios_xi.service.root_partition.total_space - ctx.nagios_xi.service.root_partition.used_space
         }
     ignore_failure: true
@@ -629,22 +641,32 @@ processors:
     value: nagios_xi.root_partition
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.nagios_xi?.service?.containsKey("root_partition")
+    if: ctx.nagios_xi?.service?.containsKey("root_partition") == true
 
 - set:
     field: event.dataset
     value: nagios_xi.custom
     ignore_empty_value: true
     ignore_failure: true
-    if: '!(ctx?.nagios_xi?.service?.containsKey("current_users") || ctx?.nagios_xi?.service?.containsKey("current_load") || ctx?.nagios_xi?.service?.containsKey("ssh") || ctx?.nagios_xi?.service?.containsKey("ping") || ctx?.nagios_xi?.service?.containsKey("swap_usage") || ctx?.nagios_xi?.service?.containsKey("process") || ctx?.nagios_xi?.service?.containsKey("http") || ctx?.nagios_xi?.service?.containsKey("root_partition"))'
+    if: >-
+      ctx.nagios_xi?.service == null || !(
+        ctx.nagios_xi.service.containsKey("current_users") ||
+        ctx.nagios_xi.service.containsKey("current_load") ||
+        ctx.nagios_xi.service.containsKey("ssh") ||
+        ctx.nagios_xi.service.containsKey("ping") ||
+        ctx.nagios_xi.service.containsKey("swap_usage") ||
+        ctx.nagios_xi.service.containsKey("process") ||
+        ctx.nagios_xi.service.containsKey("http") ||
+        ctx.nagios_xi.service.containsKey("root_partition")
+      )
 - set:
     copy_from: nagios_xi.service.temp
     field: nagios_xi.service.custom
     override: true
     ignore_empty_value: true
     ignore_failure: true
-    if: ctx?.event?.dataset?.contains("nagios_xi.custom")
-    
+    if: ctx.event?.dataset?.contains("nagios_xi.custom") == true
+
 - set:
     field: event.kind
     value: metric
@@ -681,7 +703,7 @@ processors:
 
 - remove:
     field: event.original
-    if: "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))"
+    if: "ctx.tags == null || !(ctx.tags.contains('preserve_original_event'))"
     ignore_failure: true
     ignore_missing: true
 

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: nagios_xi
 title: "Nagios XI"
-version: "1.2.0"
+version: "1.2.1"
 license: basic
 description: Collect Logs and Metrics from Nagios XI with Elastic Agent.
 type: integration