Incorporate feedback

packages/apache/data_stream/access/agent/stream/httpjson.yml.hbs

@@ -5,25 +5,16 @@ auth.basic.password: {{password}}
 cursor:
   index_earliest:
     value: '[[.last_event.result.max_indextime]]'
-{{#if ssl.enabled}}
-request.url: https://{{server}}:{{port}}/services/search/jobs/export
-{{#if ssl.verification_mode}}
-ssl.verification_mode: {{ssl.verification_mode}}
-{{/if}}
-{{#if ssl.certificate_authorities}}
-ssl.certificate_authorites:
-{{#each ssl.certificate_authorities}}
-  - {{this}}
-{{/each}}
-{{/if}}
-{{else}}
-request.url: http://{{server}}:{{port}}/services/search/jobs/export
+request.url: {{url}}/services/search/jobs/export
+{{#if ssl}}
+request.ssl: {{ssl}}
 {{/if}}
 request.method: POST
 request.transforms:
   - set:
       target: url.params.search
-      value: {{search}} | streamstats max(_indextime) AS max_indextime
+      value: |-
+        {{search}} | streamstats max(_indextime) AS max_indextime
   - set:
       target: url.params.output_mode
       value: "json"

packages/apache/data_stream/error/agent/stream/httpjson.yml.hbs

@@ -5,25 +5,16 @@ auth.basic.password: {{password}}
 cursor:
   index_earliest:
     value: '[[.last_event.result.max_indextime]]'
-{{#if ssl.enabled}}
-request.url: https://{{server}}:{{port}}/services/search/jobs/export
-{{#if ssl.verification_mode}}
-ssl.verification_mode: {{ssl.verification_mode}}
-{{/if}}
-{{#if ssl.certificate_authorities}}
-ssl.certificate_authorites:
-{{#each ssl.certificate_authorities}}
-  - {{this}}
-{{/each}}
-{{/if}}
-{{else}}
-request.url: http://{{server}}:{{port}}/services/search/jobs/export
+request.url: {{url}}/services/search/jobs/export
+{{#if ssl}}
+request.ssl: {{ssl}}
 {{/if}}
 request.method: POST
 request.transforms:
   - set:
       target: url.params.search
-      value: {{search}} | streamstats max(_indextime) AS max_indextime
+      value: |-
+        {{search}} | streamstats max(_indextime) AS max_indextime
   - set:
       target: url.params.output_mode
       value: "json"

packages/apache/manifest.yml

@@ -33,22 +33,16 @@ policy_templates:
         title: Collect logs from Apache instances
         description: Collecting Apache access and error logs
       - type: httpjson
-        title: Collect Apache logs from third-party REST API
-        description: Collecting Apache logs via third-party REST API
+        title: Collect logs from third-party REST API (experimental)
+        description: Collect logs from third-party REST API (experimental)
         vars:
-          - name: server
+          - name: url
             type: text
-            title: Address of Splunk Enterprise Server
-            description: hostname or IP
+            title: URL of Splunk Enterprise Server
+            description: i.e. scheme://host:port,  path is automatic
             show_user: true
             required: true
-            default: server.example.com
-          - name: port
-            type: text
-            title: Port number of Splunk Enterprise REST API
-            show_user: true
-            required: true
-            default: 8089
+            default: https://server.example.com:8089
           - name: username
             type: text
             title: Splunk REST API Username
@@ -59,28 +53,13 @@ policy_templates:
             title: Splunk REST API Password
             required: true
             show_user: true
-          - name: ssl.enabled
-            type: bool
-            title: SSL enabled
+          - name: ssl
+            type: yaml
+            title: SSL Configuration
+            description: i.e. certificate_authorities, supported_protocols, verification_mode etc.
             multi: false
             required: false
             show_user: false
-            default: true
-          - name: ssl.verification_mode
-            type: text
-            title: Mode of server verification
-            description: "valid values: none, strict, certificate or full"
-            multi: false
-            required: false
-            show_user: false
-            default: full
-          - name: ssl.certificate_authorities
-            type: text
-            title: List of root certificates for TLS server verification
-            description: PEM encoded
-            multi: true
-            required: false
-            show_user: false
       - type: apache/metrics
         title: Collect metrics from Apache instances
         description: Collecting Apache status metrics

packages/aws/data_stream/cloudtrail/agent/stream/httpjson.yml.hbs

@@ -5,19 +5,9 @@ auth.basic.password: {{password}}
 cursor:
   index_earliest:
     value: '[[.last_event.result.max_indextime]]'
-{{#if ssl.enabled}}
-request.url: https://{{server}}:{{port}}/services/search/jobs/export
-{{#if ssl.verification_mode}}
-ssl.verification_mode: {{ssl.verification_mode}}
-{{/if}}
-{{#if ssl.certificate_authorities}}
-ssl.certificate_authorites:
-{{#each ssl.certificate_authorities}}
-  - {{this}}
-{{/each}}
-{{/if}}
-{{else}}
-request.url: http://{{server}}:{{port}}/services/search/jobs/export
+request.url: {{url}}/services/search/jobs/export
+{{#if ssl}}
+request.ssl: {{ssl}}
 {{/if}}
 request.method: POST
 request.transforms:

packages/aws/manifest.yml

@@ -240,22 +240,16 @@ policy_templates:
             default: "amazonaws.com"
             description: URL of the entry point for an AWS web service.
       - type: httpjson
-        title: Collect AWS logs from third-party REST API
-        description: "Collects AWS logs from third-party REST API"
+        title: Collect logs from third-party REST API (experimental)
+        description: Collect logs from third-party REST API (experimental)
         vars:
-          - name: server
+          - name: url
             type: text
-            title: Address of Splunk Enterprise Server
-            description: hostname or IP
+            title: URL of Splunk Enterprise Server
+            description: i.e. scheme://host:port, path is automatic
             show_user: true
             required: true
-            default: server.example.com
-          - name: port
-            type: text
-            title: Port number of Splunk Enterprise REST API
-            show_user: true
-            required: true
-            default: 8089
+            default: https://server.example.com:8089
           - name: username
             type: text
             title: Splunk REST API Username
@@ -266,27 +260,12 @@ policy_templates:
             title: Splunk REST API Password
             required: true
             show_user: true
-          - name: ssl.enabled
-            type: bool
-            title: SSL enabled
-            multi: false
-            required: false
-            show_user: false
-            default: true
-          - name: ssl.verification_mode
-            type: text
-            title: Mode of server verification
-            description: "valid values: none, strict, certificate or full"
+          - name: ssl
+            type: yaml
+            title: SSL Configuration
             multi: false
             required: false
             show_user: false
-            default: full
-          - name: ssl.certificate_authorities
-            type: text
-            title: List of root certificates for TLS server verification
-            description: PEM encoded
-            multi: true
-            required: false
-            show_user: false
+            description: i.e. certificate_authorities, supported_protocols, verification_mode etc.
 owner:
   github: elastic/integrations

packages/nginx/data_stream/access/agent/stream/httpjson.yml.hbs

@@ -5,19 +5,9 @@ auth.basic.password: {{password}}
 cursor:
   index_earliest:
     value: '[[.last_event.result.max_indextime]]'
-{{#if ssl.enabled}}
-request.url: https://{{server}}:{{port}}/services/search/jobs/export
-{{#if ssl.verification_mode}}
-ssl.verification_mode: {{ssl.verification_mode}}
-{{/if}}
-{{#if ssl.certificate_authorities}}
-ssl.certificate_authorites:
-{{#each ssl.certificate_authorities}}
-  - {{this}}
-{{/each}}
-{{/if}}
-{{else}}
-request.url: http://{{server}}:{{port}}/services/search/jobs/export
+request.url: {{url}}/services/search/jobs/export
+{{#if ssl}}
+request.ssl: {{ssl}}
 {{/if}}
 request.method: POST
 request.transforms:

packages/nginx/data_stream/error/agent/stream/httpjson.yml.hbs

@@ -5,19 +5,9 @@ auth.basic.password: {{password}}
 cursor:
   index_earliest:
     value: '[[.last_event.result.max_indextime]]'
-{{#if ssl.enabled}}
-request.url: https://{{server}}:{{port}}/services/search/jobs/export
-{{#if ssl.verification_mode}}
-ssl.verification_mode: {{ssl.verification_mode}}
-{{/if}}
-{{#if ssl.certificate_authorities}}
-ssl.certificate_authorites:
-{{#each ssl.certificate_authorities}}
-  - {{this}}
-{{/each}}
-{{/if}}
-{{else}}
-request.url: http://{{server}}:{{port}}/services/search/jobs/export
+request.url: {{url}}/services/search/jobs/export
+{{#if ssl}}
+request.ssl: {{ssl}}
 {{/if}}
 request.method: POST
 request.transforms:

packages/nginx/manifest.yml

@@ -38,22 +38,16 @@ policy_templates:
         title: Collect logs from Nginx instances
         description: Collecting Nginx access and error logs
       - type: httpjson
-        title: Collect Nginx logs from third-party REST API
-        description: Collecting Nginx logs via third-party REST API
+        title: Collect logs from third-party REST API (experimental)
+        description: Collect logs from third-party REST API (experimental)
         vars:
-          - name: server
+          - name: url
             type: text
-            title: Address of Splunk Enterprise Server
-            description: hostname or IP
+            title: URL of Splunk Enterprise Server
+            description: i.e. scheme://host:port, path is automatic
             show_user: true
             required: true
-            default: server.example.com
-          - name: port
-            type: text
-            title: Port number of Splunk Enterprise REST API
-            show_user: true
-            required: true
-            default: 8089
+            default: https://server.example.com:8089
           - name: username
             type: text
             title: Splunk REST API Username
@@ -64,28 +58,13 @@ policy_templates:
             title: Splunk REST API Password
             required: true
             show_user: true
-          - name: ssl.enabled
-            type: bool
-            title: SSL enabled
+          - name: ssl
+            type: yaml
+            title: SSL Configuration
+            description: i.e. certificate_authorities, supported_protocols, verification_mode etc.
             multi: false
             required: false
             show_user: false
-            default: true
-          - name: ssl.verification_mode
-            type: text
-            title: Mode of server verification
-            description: "valid values: none, strict, certificate or full"
-            multi: false
-            required: false
-            show_user: false
-            default: full
-          - name: ssl.certificate_authorities
-            type: text
-            title: List of root certificates for TLS server verification
-            description: PEM encoded
-            multi: true
-            required: false
-            show_user: false
       - type: nginx/metrics
         vars:
           - name: hosts

packages/zeek/data_stream/capture_loss/agent/stream/httpjson.yml.hbs

@@ -5,19 +5,9 @@ auth.basic.password: {{password}}
 cursor:
   index_earliest:
     value: '[[.last_event.result.max_indextime]]'
-{{#if ssl.enabled}}
-request.url: https://{{server}}:{{port}}/services/search/jobs/export
-{{#if ssl.verification_mode}}
-ssl.verification_mode: {{ssl.verification_mode}}
-{{/if}}
-{{#if ssl.certificate_authorities}}
-ssl.certificate_authorites:
-{{#each ssl.certificate_authorities}}
-  - {{this}}
-{{/each}}
-{{/if}}
-{{else}}
-request.url: http://{{server}}:{{port}}/services/search/jobs/export
+request.url: {{url}}/services/search/jobs/export
+{{#if ssl}}
+request.ssl: {{ssl}}
 {{/if}}
 request.method: POST
 request.transforms:

packages/zeek/data_stream/connection/agent/stream/httpjson.yml.hbs

@@ -5,19 +5,9 @@ auth.basic.password: {{password}}
 cursor:
   index_earliest:
     value: '[[.last_event.result.max_indextime]]'
-{{#if ssl.enabled}}
-request.url: https://{{server}}:{{port}}/services/search/jobs/export
-{{#if ssl.verification_mode}}
-ssl.verification_mode: {{ssl.verification_mode}}
-{{/if}}
-{{#if ssl.certificate_authorities}}
-ssl.certificate_authorites:
-{{#each ssl.certificate_authorities}}
-  - {{this}}
-{{/each}}
-{{/if}}
-{{else}}
-request.url: http://{{server}}:{{port}}/services/search/jobs/export
+request.url: {{url}}/services/search/jobs/export
+{{#if ssl}}
+request.ssl: {{ssl}}
 {{/if}}
 request.method: POST
 request.transforms:

packages/zeek/data_stream/dce_rpc/agent/stream/httpjson.yml.hbs

@@ -5,19 +5,9 @@ auth.basic.password: {{password}}
 cursor:
   index_earliest:
     value: '[[.last_event.result.max_indextime]]'
-{{#if ssl.enabled}}
-request.url: https://{{server}}:{{port}}/services/search/jobs/export
-{{#if ssl.verification_mode}}
-ssl.verification_mode: {{ssl.verification_mode}}
-{{/if}}
-{{#if ssl.certificate_authorities}}
-ssl.certificate_authorites:
-{{#each ssl.certificate_authorities}}
-  - {{this}}
-{{/each}}
-{{/if}}
-{{else}}
-request.url: http://{{server}}:{{port}}/services/search/jobs/export
+request.url: {{url}}/services/search/jobs/export
+{{#if ssl}}
+request.ssl: {{ssl}}
 {{/if}}
 request.method: POST
 request.transforms: