Use decode_xml_wineventlog in windows Splunk inputs

marc-gr · marc-gr · commit f17bac758f20 · 2021-04-20T11:21:30.000+02:00
diff --git a/packages/windows/changelog.yml b/packages/windows/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.5.2"
+  changes:
+    - description: Change Splunk input to use the decode_xml_wineventlog processor.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/
 - version: "0.5.1"
   changes:
     - description: Add support for Sysmon v13 events.
diff --git a/packages/windows/data_stream/forwarded/agent/stream/httpjson.yml.hbs b/packages/windows/data_stream/forwarded/agent/stream/httpjson.yml.hbs
@@ -68,12 +68,12 @@ processors:
       fail_on_error: false
   - drop_fields:
       fields: json
-  - decode_xml:
+  - decode_xml_wineventlog:
       field: event.original
       target_field: winlog
-      schema: wineventlog
       ignore_missing: true
       ignore_failure: true
+      map_ecs_fields: true
   - timestamp:
       field: winlog.time_created
       layouts:
diff --git a/packages/windows/data_stream/powershell/agent/stream/httpjson.yml.hbs b/packages/windows/data_stream/powershell/agent/stream/httpjson.yml.hbs
@@ -68,12 +68,12 @@ processors:
       fail_on_error: false
   - drop_fields:
       fields: json
-  - decode_xml:
+  - decode_xml_wineventlog:
       field: event.original
       target_field: winlog
-      schema: wineventlog
       ignore_missing: true
       ignore_failure: true
+      map_ecs_fields: true
   - timestamp:
       field: winlog.time_created
       layouts:
diff --git a/packages/windows/data_stream/powershell_operational/agent/stream/httpjson.yml.hbs b/packages/windows/data_stream/powershell_operational/agent/stream/httpjson.yml.hbs
@@ -68,12 +68,12 @@ processors:
       fail_on_error: false
   - drop_fields:
       fields: json
-  - decode_xml:
+  - decode_xml_wineventlog:
       field: event.original
       target_field: winlog
-      schema: wineventlog
       ignore_missing: true
       ignore_failure: true
+      map_ecs_fields: true
   - timestamp:
       field: winlog.time_created
       layouts:
diff --git a/packages/windows/data_stream/sysmon_operational/agent/stream/httpjson.yml.hbs b/packages/windows/data_stream/sysmon_operational/agent/stream/httpjson.yml.hbs
@@ -68,12 +68,12 @@ processors:
       fail_on_error: false
   - drop_fields:
       fields: json
-  - decode_xml:
+  - decode_xml_wineventlog:
       field: event.original
       target_field: winlog
-      schema: wineventlog
       ignore_missing: true
       ignore_failure: true
+      map_ecs_fields: true
   - timestamp:
       field: winlog.time_created
       layouts:
diff --git a/packages/windows/manifest.yml b/packages/windows/manifest.yml
@@ -1,6 +1,6 @@
 name: windows
 title: Windows
-version: 0.5.1
+version: 0.5.2
 description: Windows Integration
 type: integration
 categories:
