[AWS] Update AWS cloud.region parsing (#32763)

elastic · Jun 1, 2023 · e109b72 · e109b72
1 parent 010b5e0
commit e109b72
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -61,6 +61,7 @@ https://github.com/elastic/beats/compare/v8.2.0\...main[Check the HEAD diff]
 - Fix handling of Checkpoint event for R81. {issue}32380[32380] {pull}32458[32458]
 - Fix a hang on `apt-get update` stage in packaging. {pull}32580[32580]
 - gcp-pubsub input: Restart Pub/Sub client on all errors. {issue}32550[32550] {pull}32712[32712]
+- Update `cloud.region` parsing in cloudtrail fileset. {pull}32763[32763]
 - Fix file.path field in cloudtrail fileset to use json.digestS3Object. {pull}32759[32759]
 
 *Heartbeat*

diff --git a/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml b/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml
@@ -100,10 +100,10 @@ processors:
       field: "json.eventCategory"
       target_field: "aws.cloudtrail.event_category"
       ignore_failure: true
-  - rename:
-      field: "json.awsRegion"
-      target_field: "cloud.region"
-      ignore_failure: true
+  - set:
+      field: "cloud.region"
+      copy_from: "json.awsRegion"
+      ignore_empty_value: true
   - rename:
       field: "json.sourceIPAddress"
       target_field: "source.address"