diff --git a/packages/servicenow/changelog.yml b/packages/servicenow/changelog.yml index c6e1c471a64..0efb6937975 100644 --- a/packages/servicenow/changelog.yml +++ b/packages/servicenow/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.2" + changes: + - description: Add explicit date parsing for the ECS '@timestamp' field. + type: bugfix + link: https://github.com/elastic/integrations/pull/16884 - version: "1.3.1" changes: - description: Fixed description for URL on the ServiceNow tables input. diff --git a/packages/servicenow/data_stream/event/_dev/test/pipeline/test-event-aws-with-display-values.log-expected.json b/packages/servicenow/data_stream/event/_dev/test/pipeline/test-event-aws-with-display-values.log-expected.json index 19979e58f02..4333f3c9d2a 100644 --- a/packages/servicenow/data_stream/event/_dev/test/pipeline/test-event-aws-with-display-values.log-expected.json +++ b/packages/servicenow/data_stream/event/_dev/test/pipeline/test-event-aws-with-display-values.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2024-09-11 01:15:50", + "@timestamp": "2024-09-11T01:15:50.000-07:00", "device": { "model": { "name": [ @@ -163,7 +163,7 @@ ] }, { - "@timestamp": "2015-07-06 11:59:27", + "@timestamp": "2015-07-06T11:59:27.000-07:00", "ecs": { "version": "8.17.0" }, diff --git a/packages/servicenow/data_stream/event/_dev/test/pipeline/test-event-aws.log-expected.json b/packages/servicenow/data_stream/event/_dev/test/pipeline/test-event-aws.log-expected.json index eb8dab2616d..8c4ba4af99f 100644 --- a/packages/servicenow/data_stream/event/_dev/test/pipeline/test-event-aws.log-expected.json +++ b/packages/servicenow/data_stream/event/_dev/test/pipeline/test-event-aws.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2024-09-10 08:15:50", + "@timestamp": "2024-09-10T08:15:50.000-07:00", "ecs": { "version": "8.17.0" }, diff --git a/packages/servicenow/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/servicenow/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 82739d1a69e..6f99c087442 100644 --- a/packages/servicenow/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/servicenow/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -3339,6 +3339,41 @@ processors: name: '{{ IngestPipeline "pipeline_task_ci" }}' tag: pipeline_task_ci if: ctx.servicenow?.event?.table_name == 'task_ci' + - date: + field: '@timestamp' + tag: date_timestamp + timezone: '{{{event.timezone}}}' + formats: + - yyyy-MM-dd H:mm:ss + - yyyy-MM-dd HH:mm:ss + - yyyy-MM-dd + - MM-dd-yyyy H:mm:ss + - MM-dd-yyyy HH:mm:ss + - MM-dd-yyyy + - dd-MM-yyyy H:mm:ss + - dd-MM-yyyy HH:mm:ss + - dd-MM-yyyy + - MM/dd/yyyy H:mm:ss + - MM/dd/yyyy HH:mm:ss + - MM/dd/yyyy + - dd/MM/yyyy H:mm:ss + - dd/MM/yyyy HH:mm:ss + - dd/MM/yyyy + - MM/dd/yy H:mm:ss + - MM/dd/yy HH:mm:ss + - MM/dd/yy + - dd.MM.yyyy H:mm:ss + - dd.MM.yyyy HH:mm:ss + - dd.MM.yyyy + - yyyy-MM-dd hh:mm:ss a + - ISO8601 + if: ctx.containsKey('@timestamp') && ctx['@timestamp'] != null + on_failure: + - remove: + field: '@timestamp' + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - remove: field: - servicenow.event.asset.display_value diff --git a/packages/servicenow/manifest.yml b/packages/servicenow/manifest.yml index 25a2bfedd70..2c19a65d1e3 100644 --- a/packages/servicenow/manifest.yml +++ b/packages/servicenow/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.3.2 name: servicenow title: "ServiceNow" -version: "1.3.1" +version: "1.3.2" description: "Collect logs from ServiceNow with Elastic Agent." type: integration categories: