"failed eval: ERROR: <input>:203:31: index out of bounds: 0
| !has(config_rules.worklist) ? // Exit early due to POST failure.
| ..............................^", "Processor json with tag json_event_original in pipeline logs-aws.config-3.14.0 failed with message: field [original] not present as part of path [event.original]"
{
"_index": ".ds-logs-aws.config-default-2025.08.18-000001",
"_id": "AZi9FqIhGIvBbe1q9P3d",
"_version": 1,
"_source": {
"@timestamp": "2025-08-18T12:10:18.741Z",
"agent": {
"ephemeral_id": "662b290a-d3d6-4d85-8a18-ede8de63b347",
"id": "644d582a-21a1-4acb-888b-574f5735cb0d",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "9.1.1"
},
"cloud": {
"provider": "aws"
},
"data_stream": {
"dataset": "aws.config",
"namespace": "default",
"type": "logs"
},
"ecs": {
"version": "8.17.0"
},
"elastic_agent": {
"id": "644d582a-21a1-4acb-888b-574f5735cb0d",
"snapshot": false,
"version": "9.1.1"
},
"error": {
"message": [
"failed eval: ERROR: <input>:203:31: index out of bounds: 0\n | !has(config_rules.worklist) ? // Exit early due to POST failure.\n | ..............................^",
"Processor json with tag json_event_original in pipeline logs-aws.config-3.14.0 failed with message: field [original] not present as part of path [event.original]"
]
},
"event": {
"agent_id_status": "verified",
"category": [
"configuration"
],
"dataset": "aws.config",
"ingested": "2025-08-18T12:10:19Z",
"kind": "pipeline_error",
"type": [
"info"
]
},
"input": {
"type": "cel"
},
"observer": {
"vendor": "AWS Config"
},
"result": {
"evaluation": "unknown"
},
"tags": [
"preserve_original_event",
"forwarded",
"aws-config"
]
},
"fields": {
"elastic_agent.version": [
"9.1.1"
],
"event.category": [
"configuration"
],
"result.evaluation": [
"unknown"
],
"observer.vendor": [
"AWS Config"
],
"agent.type": [
"filebeat"
],
"event.module": [
"aws"
],
"agent.name.text": [
"docker-fleet-agent"
],
"agent.name": [
"docker-fleet-agent"
],
"elastic_agent.snapshot": [
false
],
"event.agent_id_status": [
"verified"
],
"event.kind": [
"pipeline_error"
],
"elastic_agent.id": [
"644d582a-21a1-4acb-888b-574f5735cb0d"
],
"data_stream.namespace": [
"default"
],
"input.type": [
"cel"
],
"data_stream.type": [
"logs"
],
"tags": [
"preserve_original_event",
"forwarded",
"aws-config"
],
"cloud.provider": [
"aws"
],
"event.ingested": [
"2025-08-18T12:10:19.000Z"
],
"@timestamp": [
"2025-08-18T12:10:18.741Z"
],
"agent.id": [
"644d582a-21a1-4acb-888b-574f5735cb0d"
],
"ecs.version": [
"8.17.0"
],
"error.message": [
"failed eval: ERROR: <input>:203:31: index out of bounds: 0\n | !has(config_rules.worklist) ? // Exit early due to POST failure.\n | ..............................^",
"Processor json with tag json_event_original in pipeline logs-aws.config-3.14.0 failed with message: field [original] not present as part of path [event.original]"
],
"data_stream.dataset": [
"aws.config"
],
"event.type": [
"info"
],
"agent.ephemeral_id": [
"662b290a-d3d6-4d85-8a18-ede8de63b347"
],
"agent.version": [
"9.1.1"
],
"event.dataset": [
"aws.config"
]
}
}
I reproduced the error message in both FIPS cloud stack and local stack (with elastic-package)
Integration Name
AWS [aws]
Dataset Name
aws.config
Integration Version
3.14.0
Agent Version
9.1.1
Agent Output Type
elasticsearch
Elasticsearch Version
9.1.1
OS Version and Architecture
Mac OS X (arm64) (irrelevant)
Software/API Version
No response
Error Message
Event Original
I toggled the "Preserve original event" but it was not added to the document:
What did you do?
okta-aws-cliWhat did you see?
Error message
What did you expect to see?
No error message
Anything else?
I reproduced the error message in both FIPS cloud stack and local stack (with elastic-package)