filebeat module juniper having bug in painless script

[111andre111]

At the moment there is a bug in the painless lines of juniper module in filebeat junos fileset:
https://www.elastic.co/guide/en/beats/filebeat/7.10/filebeat-module-juniper.html
in lines
https://github.com/elastic/beats/blob/v7.10.0/x-pack/filebeat/module/juniper/junos/ingest/pipeline.yml#L60
https://github.com/elastic/beats/blob/v7.10.0/x-pack/filebeat/module/juniper/junos/ingest/pipeline.yml#L65

These produce an error in Elasticsearch painless error:
Result of null safe operator must be nullable
and go back to this fact:
https://www.elastic.co/guide/en/elasticsearch/painless/7.10/painless-operators-reference.html#null-safe-operator

So a workaround for now is changing these file lines in the filebeat filesystem:
file module/juniper/junos/ingest/pipeline.yml
line 60 change
if: ctx?.host?.hostname && ctx.host?.hostname != ''
to
if: ctx?.host?.hostname != null && ctx.host.hostname != ''
line 65 change
if: ctx?.server?.domain && ctx.server?.domain != ''
to
if: ctx?.server?.domain != null && ctx.server.domain != ''

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[botelastic]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[111andre111]

Let me just reopen that because I think there is still reason in fixing this.

[efd6]

@111andre111 Is there a specific failure that you are seeing? The code corresponding to the original report looks correct in the current tip.

[111andre111]

Ok, yes @efd6 you are right. It seems this came in with this PR: #23035

However I don't understand, why the server.domain part is completely gone since this PR.
Do you possibly know any reason for that?

  - append:
        field: related.hosts
        value: '{{server.domain}}'
        allow_duplicates: false
        if: ctx?.server?.domain && ctx.server?.domain != ''

https://github.com/elastic/beats/blob/v7.10.0/x-pack/filebeat/module/juniper/junos/ingest/pipeline.yml#L61-L65

[efd6]

Yeah, I saw that. I'm afraid I don't know the answer to that, it was before my time. It is worth noting though that the code that is there now is autogenerated using the rsa2elk tool, so that could be part of it.

[efd6]

OK, I have an answer; it is done in the js, here.

[111andre111]

Ah, yes. You are right @efd6 . Thank you.
So in this case it seems everything is covered from this issue now and I go ahead and close this.