Skip to content

[AWS Cloudtrail]: Drop on aws.cloudtrail.flattened.request_parameters.tags is a concrete value #15628

New issue
New issue
Open
Open
[AWS Cloudtrail]: Drop on aws.cloudtrail.flattened.request_parameters.tags is a concrete value#15628
Labels
Integration:awsAWSTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]needs:triage
@jfa-spendesk

Description

@jfa-spendesk
jfa-spendesk
opened on Oct 10, 2025

Integration Name

AWS [aws]

Dataset Name

aws.cloudtrail

Integration Version

3.11.0

Agent Version

8.15.0

Agent Output Type

elasticsearch

Elasticsearch Version

9.0.3

OS Version and Architecture

Debian x86

Software/API Version

No response

Error Message

Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC), Meta:null, Fields:null, Private:interface {}(nil), TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:mapstr.M(nil)}, EncodedEvent:(*elasticsearch.encodedEvent)(0xc008145180)} (status=400): {"type":"document_parsing_exception","reason":"[1:1826] object mapping for [aws.cloudtrail.flattened.request_parameters.tags] tried to parse field [tags] as object, but found a concrete value"}, dropping event!

Event Original

Not available (it is dropped)

What did you do?

Connected to a very big cloudtrail, hard to trace source event.
About 27 drops for 1.6 millions event

What did you see?

Event drop in the agent logs

What did you expect to see?

No drop

Anything else?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Integration:awsAWSTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]needs:triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions