Skip to content

crowdstrike: add ignore_above for flattened fields #16398

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
navnit-elastic wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

crowdstrike: add ignore_above for flattened fields #16398

navnit-elastic wants to merge 1 commit into from

Conversation

@navnit-elastic
Copy link
Contributor

@navnit-elastic navnit-elastic commented Dec 8, 2025
edited
Loading

Proposed commit message

crowdstrike: add ignore_above for flattened fields

continuation of https://github.com/elastic/integrations/pull/14127

Add ignore_above to the "Attributes" and "ResourceAttributes" flattened fields
in the falcon data stream to prevent events from being dropped
in case of large values in these fields.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@navnit-elastic navnit-elastic self-assigned this Dec 8, 2025
@navnit-elastic navnit-elastic added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:crowdstrike CrowdStrike bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Dec 8, 2025
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Dec 8, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

elasticmachine commented Dec 8, 2025

💚 Build Succeeded

History

cc @navnit-elastic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@navnit-elastic navnit-elastic

Labels

bugfix Pull request that fixes a bug issue documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:crowdstrike CrowdStrike Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[CrowdStrike Falcon] Flattened field needs to have ignore_above setting to avoid dropping events.

2 participants

@navnit-elastic @elasticmachine