Please post all questions and issues on https://discuss.elastic.co/c/beats
before opening a Github Issue. Your questions will reach a wider audience there,
and if we confirm that there is a bug, then you can open a new issue.
For security vulnerabilities please only send reports to security@elastic.co.
See https://www.elastic.co/community/security for more information.
Please include configurations and logs if available.
For confirmed bugs, please report:
We came across a confounding mapping for the CloudTrail processor in Filebeat, where a CloudTrail digest file is mapped to ECS. A CloudTrail digest file contains both a S3 reference to itself as well as to the previous digest file (see docs). The Filebeat processor maps the previous digest file to file.path instead of the current one, which is sometimes null (see configuration for the ingest pipeline). This behavior is unexpected.
Please post all questions and issues on https://discuss.elastic.co/c/beats
before opening a Github Issue. Your questions will reach a wider audience there,
and if we confirm that there is a bug, then you can open a new issue.
For security vulnerabilities please only send reports to security@elastic.co.
See https://www.elastic.co/community/security for more information.
Please include configurations and logs if available.
For confirmed bugs, please report:
We came across a confounding mapping for the CloudTrail processor in Filebeat, where a CloudTrail digest file is mapped to ECS. A CloudTrail digest file contains both a S3 reference to itself as well as to the previous digest file (see docs). The Filebeat processor maps the previous digest file to
file.pathinstead of the current one, which is sometimes null (see configuration for the ingest pipeline). This behavior is unexpected.