botelastic[bot]
commented
7 months ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
The error message for failed query validation is a json object, which renders improperly, making the type hinting useless. We should render it as a string prior to passing it (
json.dumps) to be readable in failed unit testsex: link
E Error in both stack and integrations checks: {'stack': KqlParseError('Error at line:2,column:5\nUnknown field\n(event.dataset:network_traffic.http or (event.category:network_traffic and network.protocol:http)) and\n http.response.status_phrase:ok and destination.port:9200 and network.direction:inbound and\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nTry adding event.module or event.dataset to specify beats module\n\nstack: 8.12.0, beats: 8.10.3, ecs: 8.10.0'), 'integrations': KqlParseError('Error at line:3,column:9\nUnknown field\n(event.dataset:network_traffic.http or (event.category:network_traffic and network.protocol:http)) and\n http.response.status_phrase:ok and destination.port:9200 and network.direction:inbound and\n not http.response.headers.content-type:"image/x-icon" and\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n\tTry adding event.module or event.dataset to specify integration module\n\tWill check against integrations [\'network_traffic\'] combined.\n\tpackage=\'network_traffic\', integration=\'http\', package_version=\'1.25.1\', stack_version=\'8.10.0\', ecs_version=\'8.10.0\'')}