Skip to content

[checkpoint_harmony_endpoint] Fix cursor data not updating #16742

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chrisberkhout merged 2 commits into from
Jan 2, 2026
Merged

[checkpoint_harmony_endpoint] Fix cursor data not updating #16742

chrisberkhout merged 2 commits into from
Jan 2, 2026

Conversation

@chrisberkhout
Copy link
Contributor

@chrisberkhout chrisberkhout commented Dec 31, 2025
edited
Loading

Proposed commit message

[checkpoint_harmony_endpoint] Fix cursor data not updating

When a single event is returned in order to indicate an error that should be
logged and update fleet health status, cursor data updates will be ignored[1].

Without successful cursor updates, this integration was never able to clear an
expired task ID (returning 404) from the cursor data.

The fix is to always return an array of events when cursor data needs to be
updated. The error event will continue to be ingested. It will not be
logged or update the fleet status.

All `cel.yml.hbs` files in this integration are identical.

[1]: https://github.com/elastic/beats/blob/11da96ab9ad2c3ca110ed99d16bbab0b89ddf582/x-pack/filebeat/input/cel/input.go#L492-L493

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

@chrisberkhout chrisberkhout self-assigned this Dec 31, 2025
@chrisberkhout chrisberkhout added the bugfix Pull request that fixes a bug issue label Dec 31, 2025
@chrisberkhout chrisberkhout requested a review from a team as a code owner December 31, 2025 13:38
@chrisberkhout chrisberkhout added Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Integration:checkpoint_harmony_endpoint Check Point Harmony Endpoint labels Dec 31, 2025
@elasticmachine
Copy link

elasticmachine commented Dec 31, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elasticmachine
Copy link

elasticmachine commented Dec 31, 2025

💚 Build Succeeded

cc @chrisberkhout

ShourieG
ShourieG approved these changes Jan 2, 2026
View reviewed changes
Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, only one question, should we ingest or drop the error events if we are just recovering ?

@chrisberkhout
Copy link
Contributor Author

chrisberkhout commented Jan 2, 2026

LGTM, only one question, should we ingest or drop the error events if we are just recovering ?

Recovery isn't guaranteed. If there was logic here for having limited retries and then skipping a time range if there are persistent errors there, then I'd probably only want to keep the final failure event. For now there's no change in what will be ingested, it'll just actually have a chance to recover.

Regarding how to do the failure events, the only thing I see in Fleet Package Code Review Comments is Use a terminate processor with inputs that produce failure events (but this integration allows ES before the terminate processor). Perhaps we could expand on that.

@chrisberkhout chrisberkhout merged commit c6b2233 into elastic:main Jan 2, 2026
8 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Jan 2, 2026

Package checkpoint_harmony_endpoint - 1.0.1 containing this change is available at https://epr.elastic.co/package/checkpoint_harmony_endpoint/1.0.1/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ShourieG ShourieG ShourieG approved these changes

Assignees

@chrisberkhout chrisberkhout

Labels

bugfix Pull request that fixes a bug issue Integration:checkpoint_harmony_endpoint Check Point Harmony Endpoint Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chrisberkhout @elasticmachine @ShourieG