syk
September 12, 2024, 10:24am
1
The Integration Disclaimer reads, that the Alerts-API (v6) for this integration would be deactivated on July 31, 2024. We should transition to CEL input and the alert_v7 data stream. So we did & the Agent holding the Integration becomes "unhealthy" with this error message:
We still receive alerts as well, so API keys, secrets etc are working:
We didn't change any of the default interval settings:
Is there a way to get this working without these errors?
Hi @syk , thanks for reporting this issue.
@exdghost could you assist please?
syk
September 20, 2024, 5:36am
3
I take that for an answer (screenshot below) - thanks!
syk
September 20, 2024, 5:50am
4
after updating the integration it's even more broken and doesn't produce a valid API-request anymore but this:
failed eval: ERROR: <input>:25:51: no such overload
| ).do_request().as(resp, (resp.StatusCode == 200) ?
| ..................................................^
...but the search time range errors are gone - at least something, I guess...
efd6
September 23, 2024, 10:37pm
5
I think I have a cause for this. Sending a fix now.
elastic:main ← efd6:11149-carbon_black_cloud
opened 10:46PM - 23 Sep 24 UTC
<!-- Type of change
Please label this PR with one of the following labels, depe… nding on the scope of your change:
- Bug
- Enhancement
- Breaking change
- Deprecation
-->
## Proposed commit message
<!-- Mandatory
Explain here the changes you made on the PR.
Please explain:
- WHAT: patterns used, algorithms implemented, design architecture, message processing, etc.
- WHY: the rationale/motivation for the changes
This text will be pasted into the squash dialog when the change is committed and will be
a long term historical record of the change to help future contributors understand the
change, please help them by making it clear and comprehensive, they may be you.
If the commit title is adequate to describe both of these things, The text here may be omitted
or replaced with "See title". The title of the PR will be used as the commit message title when
the merge is made and the "See title" marker will be removed if present.
The text here and the PR title will be subject to the PR review process.
-->
When using the cursor value, the start expression in the range macro is a string since state.cursor.last_backend_update_timestamp is a string. This results in a comparison of range.start (string) with range.end (timestamp) which is not a valid type match for the \< operator. So we end up with a "no such overload". If the value is optional.none, we use delayed (timestamp) which is the correct type. Ensure that the expression is always a timestamp by doing a conversion on the resulting value, noting that a timestamp(timestamp(x)) is valid if timestamp(x) is.
## Checklist
- [ ] I have reviewed [tips for building integrations](https://github.com/elastic/integrations/blob/main/docs/tips_for_building_integrations.md) and this pull request is aligned with them.
- [ ] I have verified that all data streams collect metrics or logs.
- [ ] I have added an entry to my package's `changelog.yml` file.
- [ ] I have verified that Kibana version constraints are current according to [guidelines](https://github.com/elastic/elastic-package/blob/master/docs/howto/stack_version_support.md#when-to-update-the-condition).
## Author's Checklist
<!-- Recommended
Add a checklist of things that are required to be reviewed in order to have the PR approved
-->
- [ ]
## How to test this PR locally
<!-- Recommended
Explain here how this PR will be tested by the reviewer: commands, dependencies, steps, etc.
-->
## Related issues
<!-- Recommended
Link related issues below. Insert the issue link or reference after the word "Closes" if merging this should automatically close it.
- Closes #123
- Relates #123
- Requires #123
- Supersedes #123
-->
-
## Screenshots
<!-- Optional
Add here screenshots presenting:
- Kibana UI forms presenting configuration options exposed by the integration
- dashboards with collected metrics or logs
-->
syk
September 27, 2024, 7:50am
6
With Version 2.5.3 of the Integration (Screenshot below) it now works as expected - Thanks a lot @efd6 for your effort!
system
October 25, 2024, 7:51am
7
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
