Applying review suggestions

eyalkoren · eyalkoren · commit 7208fce7908e · 2025-07-15T11:14:16.000+03:00
diff --git a/docs/reference/enrich-processor/normalize-for-stream.md b/docs/reference/enrich-processor/normalize-for-stream.md
@@ -168,25 +168,15 @@ For example, if the `message` field is an ECS-JSON, as follows:
 ```json
 {
   "@timestamp": "2023-10-01T12:00:00Z",
-  "message": {
-    "@timestamp": "2023-10-02T12:00:00Z",
-    "log.level": "INFO",
-    "service.name": "my-service",
-    "message": "The actual log message",
-    "http": {
-      "method": "GET",
-      "url": {
-        "path": "/api/v1/resource"
-      }
-    }
-  }
+  "message": "{\"@timestamp\":\"2023-10-01T12:01:00Z\",\"log.level\":\"INFO\",\"service.name\":\"my-service\",\"message\":\"The actual log message\",\"http\":{\"method\":\"GET\",\"url\":{\"path\":\"/api/v1/resource\"}}}"
+
 }
 ```
 it will be normalized into the following form:
 
 ```json
 {
-  "@timestamp": "2023-10-02T12:00:00Z",
+  "@timestamp": "2023-10-01T12:01:00Z",
   "severity_text": "INFO",
   "body": {
     "text": "The actual log message"
@@ -215,15 +205,7 @@ However, if the `message` field is not recognized as ECS format, as follows:
     "name": "my-service"
   },
   "tags": ["user-action", "api-call"],
-  "message": {
-    "root_cause": "Network error",
-    "http": {
-      "method": "GET",
-      "url": {
-        "path": "/api/v1/resource"
-      }
-    }
-  }
+  "message": "{\"root_cause\":\"Network error\",\"http\":{\"method\":\"GET\",\"url\":{\"path\":\"/api/v1/resource\"}}}"
 }
 ```
 it will be normalized into the following form:
diff --git a/modules/ingest-otel/src/test/java/org/elasticsearch/ingest/otel/NormalizeForStreamProcessorTests.java b/modules/ingest-otel/src/test/java/org/elasticsearch/ingest/otel/NormalizeForStreamProcessorTests.java
@@ -606,6 +606,33 @@ public void testExecute_nonEcsJsonMessageNormalization() throws IOException {
         assertEquals(message, get(get(result, "body"), "structured"));
     }
 
+    @SuppressWarnings("unchecked")
+    public void testOtherPrimitiveMessage() {
+        Map<String, Object> source = new HashMap<>();
+        source.put("message", 42);
+        IngestDocument document = new IngestDocument("index", "id", 1, null, null, source);
+
+        processor.execute(document);
+
+        Map<String, Object> result = document.getSource();
+        assertEquals(42, ((Map<String, Object>) result.get("body")).get("text"));
+    }
+
+    @SuppressWarnings("unchecked")
+    public void testObjectMessage() {
+        Map<String, Object> source = new HashMap<>();
+        Map<String, Object> message = new HashMap<>();
+        message.put("key1", "value1");
+        message.put("key2", "value2");
+        source.put("message", message);
+        IngestDocument document = new IngestDocument("index", "id", 1, null, null, source);
+
+        processor.execute(document);
+
+        Map<String, Object> result = document.getSource();
+        assertEquals(message, ((Map<String, Object>) result.get("body")).get("text"));
+    }
+
     private static String representJsonAsString(Map<String, Object> json) throws IOException {
         try (XContentBuilder xContentBuilder = XContentFactory.jsonBuilder()) {
             return Strings.toString(xContentBuilder.map(json));
