-
Notifications
You must be signed in to change notification settings - Fork 434
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem child ingest pipeline bug #11367
base: main
Are you sure you want to change the base?
Conversation
@r0ot Could you provide an example document that is causing the pipeline errors? |
I don't have a real-world document I could provide but the example I gave in my description should be sufficient. If the user's datasource isn't elastic endpoint and only provided |
Hi, @r0ot we are testing this, can you also share what Elastic stack version you are using, as well as the ProblemChild/Living off the Land Detection package version you are on? |
Upon testing, this doesn't raise an error like I thought, it rather just returns false. The notation used here could be cleaned up with So not a bug but an improvement. |
packages/problemchild/elasticsearch/ingest_pipeline/problem_child_ingest_pipeline.yml
Outdated
Show resolved
Hide resolved
Hi, thanks again for the PR; for now we're considering rolling this up into the next release we make for this package. Will keep you posted! |
Proposed commit message
The painless script
if
block serving as the entry point into the problem child inference pipeline has a bug in its logic checking for the appropriate host operating system. It separates its checks for various sub-fields ofhost.os
and it's actual accessing of those fields from thectx
object, potentially leading to errors trying to access keys that don't exist.For example, if a document contains
host.os.family
but doesn't containhost.os.type
, this painless script will raise an error instead of simply failing.Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots