Simplify box_events onboarding#19604
Conversation
✅ Elastic Docs Style Checker (Vale)No issues found on modified lines! The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale. |
MichelLosier
changed the title
🚀 Benchmarks reportTo see the full report comment with |
|
✅ All changelog entries have the correct PR link. |
💚 Build Succeeded
History
|
andrewkroh
added
Integration:box_events
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
|
@MichelLosier we want Agentless to be the default/recommended ingest method. Here the screenshot is still showing "Agent based" as the method of deployment. This is the pattern: We need a toggle for the datastream also: 
|
|
👀 I have started reviewing the PR |
![vera-review-bot[bot]](https://avatars.githubusercontent.com/in/3297022?s=60&v=4){kind=small}
| - append: | ||
| field: error.message | ||
| value: '{{{ _ingest.on_failure_message }}}' | ||
| value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' |
There was a problem hiding this comment.
🟡 MEDIUM data_stream/events/.../default.yml:1422
Top-level on_failure uses invalid _ingest.pipeline variable
The rewritten pipeline-level on_failure error message references {{{_ingest.pipeline}}}. Inside an on_failure block the only valid metadata fields are _ingest.on_failure_message, _ingest.on_failure_processor_type, _ingest.on_failure_processor_tag, and _ingest.on_failure_pipeline — _ingest.pipeline does not exist in that context, so it renders as an empty string. The recorded error will read ...in pipeline failed with message:... with the pipeline name missing, degrading triage. Every processor-level on_failure handler in this same file already uses the correct {{{_ingest.on_failure_pipeline}}}, so this one occurrence is inconsistent with the rest of the pipeline.
Recommendation:
Use the on_failure-scoped pipeline variable, matching the processor-level handlers in this file:
on_failure:
- set:
field: event.kind
value: pipeline_error
- append:
field: tags
value: preserve_original_event
allow_duplicates: false
- append:
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'🤖 AI-Generated Review | Vera Review Bot | 📚 Knowledge base: integration-skills
⚠️ Automated review — verify suggestions before applying.
| - version: "3.3.2" | ||
| changes: | ||
| - description: Reorganize variables, and make agentless the default deployment mode. | ||
| type: bugfix |
There was a problem hiding this comment.
🔵 LOW changelog.yml:5
Changelog entry typed bugfix describes an enhancement
The new 3.3.2 entry is typed bugfix, but its description — "Reorganize variables, and make agentless the default deployment mode" — is a user-visible behavior/UX change (new default deployment mode plus Fleet UI re-layout via sections), not a defect fix. Mistyping it as bugfix misrepresents the change in the generated changelog and release notes.
Recommendation:
Type the entry as an enhancement:
- version: "3.3.2"
changes:
- description: Reorganize variables, and make agentless the default deployment mode.
type: enhancement
link: https://github.com/elastic/integrations/pull/19604🤖 AI-Generated Review | Vera Review Bot | 📚 Knowledge base: integration-skills
⚠️ Automated review — verify suggestions before applying.
4 participants
Description
Closes: https://github.com/elastic/ingest-dev/issues/8152
Updates box_events integration with a few changes to simplify the experience:
show_user: false(Advanced section)Note although the original issue called for a "Connection Settings" section, this would be unused since the Connection related (url) field fall into the advanced section.
Proposed commit message
box events:
Sets agentless as the default deployment type and simplifies ordering and organization of variables.
Adds tags to pipeline processors as required by the new package-spec version
Checklist
changelog.ymlfile.Screenshots