elastic · taylor-swanson · Oct 3, 2025 · Oct 3, 2025
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.2.2"
+  changes:
+    - description: Generate processor tags and normalize error handler.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15543
 - version: "1.2.1"
   changes:
     - description: Changed owners.

@@ -4,28 +4,34 @@ processors:
   - set:
       field: ecs.version
       value: '8.17.0'
+      tag: set_f5923549
   - set:
       field: event.original
       copy_from: message
+      tag: set_b9758751
   - set:
       field: event.kind
       value: event
+      tag: set_de80643c
   - set:
       field: event.category
-      value: [ network ]
+      value: [network]
+      tag: set_dbab8a4e
   - set:
       field: observer.vendor
       value: Fortinet
+      tag: set_7e57c221
   - set:
       field: observer.product
       value: FortiProxy
+      tag: set_2ad4a04f
   - set:
       field: observer.type
       value: proxy
+      tag: set_5da7be42
 
-# ------------------------------------------------------------------------------
-# Message processing
-
+  # ------------------------------------------------------------------------------
+  # Message processing
   - grok:
       tag: grok_syslog_priority
       field: message
@@ -92,9 +98,8 @@ processors:
           }
         }
 
-# ------------------------------------------------------------------------------
-# Date and Time.
-
+  # ------------------------------------------------------------------------------
+  # Date and Time.
   - set:
       tag: set_timezone
       field: event.timezone
@@ -122,9 +127,10 @@ processors:
         - _fields_.time
         - _fields_.tz
         - message
+      tag: remove_8c6d6590
 
-# ------------------------------------------------------------------------------
-# Convert fields.
+  # ------------------------------------------------------------------------------
+  # Convert fields.
   - convert:
       tag: convert_count
       field: _fields_.count
@@ -211,9 +217,8 @@ processors:
       type: long
       ignore_missing: true
 
-# ------------------------------------------------------------------------------
-# Enrich fields.
-
+  # ------------------------------------------------------------------------------
+  # Enrich fields.
   - gsub:
       tag: gsub_eventtime_truncate_ns
       field: _fields_.eventtime
@@ -260,10 +265,10 @@ processors:
           return;
         }        
         ctx._fields_.duration = ctx._fields_.duration * 1000000000
-
   - lowercase:
       field: _fields_.service
       ignore_missing: true
+      tag: lowercase_e7f53819
   - script:
       tag: script_network_proto
       description: Sets network.transport based on the IANA number.
@@ -332,8 +337,8 @@ processors:
       replacement: "-"
       ignore_missing: true
 
-# ------------------------------------------------------------------------------
-# Move fields to ECS.
+  # ------------------------------------------------------------------------------
+  # Move fields to ECS.
   - rename:
       tag: rename_action
       field: _fields_.action
@@ -490,22 +495,23 @@ processors:
       target_field: source.port
       ignore_missing: true
 
-# ------------------------------------------------------------------------------
-# Dispatch to sub-pipelines.
-
+  # ------------------------------------------------------------------------------
+  # Dispatch to sub-pipelines.
   - pipeline:
       name: '{{ IngestPipeline "event" }}'
       if: ctx._fields_?.type == 'event'
+      tag: pipeline_0aaa991e
   - pipeline:
       name: '{{ IngestPipeline "traffic" }}'
       if: ctx._fields_?.type == 'traffic'
+      tag: pipeline_2c865ea2
   - pipeline:
       name: '{{ IngestPipeline "utm" }}'
       if: ctx._fields_?.type == 'utm'
+      tag: pipeline_aa5d421e
 
-# ------------------------------------------------------------------------------
-# Enrich remaining fields.
-
+  # ------------------------------------------------------------------------------
+  # Enrich remaining fields.
   - script:
       tag: script_network_compute_stats
       lang: painless
@@ -526,7 +532,6 @@ processors:
         if (ctx.destination?.packets instanceof Number && ctx.source?.packets instanceof Number) {
           ctx.network.packets = ctx.destination.packets + ctx.source.packets;
         }
-
   - geoip:
       tag: geoio_source
       field: source.ip
@@ -570,27 +575,32 @@ processors:
       keep_original: true
       ignore_missing: true
 
-# ------------------------------------------------------------------------------
-# Cleanup.
-
+  # ------------------------------------------------------------------------------
+  # Cleanup.
   - remove:
       field:
         - _fields_.agent
         - _fields_.clientip
         - _fields_.duration
       ignore_missing: true
+      tag: remove_f546465e
   - rename:
       field: _fields_
       target_field: fortinet.proxy
+      tag: rename_e471e0a7
   - remove:
       field:
         - _temp_
       ignore_missing: true
+      tag: remove_4c2e6762
 
 on_failure:
   - append:
       field: error.message
-      value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+      value: >-
+        Processor '{{{ _ingest.on_failure_processor_type }}}'
+        {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
+        {{/_ingest.on_failure_processor_tag}}failed with message '{{{ _ingest.on_failure_message }}}'
   - set:
       field: event.kind
       value: pipeline_error
@@ -1,8 +1,8 @@
 ---
 description: Pipeline for processing event logs from Fortinet Fortiproxy.
 processors:
-# ------------------------------------------------------------------------------
-# Convert fields.
+  # ------------------------------------------------------------------------------
+  # Convert fields.
   - convert:
       tag: convert_advpnsc
       field: _fields_.advpnsc
@@ -319,8 +319,8 @@ processors:
       type: long
       ignore_missing: true
 
-# ------------------------------------------------------------------------------
-# Move fields to ECS.
+  # ------------------------------------------------------------------------------
+  # Move fields to ECS.
   - rename:
       tag: rename_dst_int
       field: _fields_.dst_int
@@ -345,7 +345,10 @@ processors:
 on_failure:
   - append:
       field: error.message
-      value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+      value: >-
+        Processor '{{{ _ingest.on_failure_processor_type }}}'
+        {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
+        {{/_ingest.on_failure_processor_tag}}failed with message '{{{ _ingest.on_failure_message }}}'
   - set:
       field: event.kind
       value: pipeline_error
@@ -1,8 +1,8 @@
 ---
 description: Pipeline for processing traffic logs from Fortinet Fortiproxy.
 processors:
-# ------------------------------------------------------------------------------
-# Convert fields.
+  # ------------------------------------------------------------------------------
+  # Convert fields.
   - convert:
       tag: convert_clientip
       field: _fields_.clientip
@@ -184,9 +184,9 @@ processors:
       type: long
       ignore_missing: true
 
-# ------------------------------------------------------------------------------
-# Format fields.
 
+  # ------------------------------------------------------------------------------
+  # Format fields.
   - gsub:
       tag: convert_dstmac
       field: _fields_.dstmac
@@ -208,8 +208,8 @@ processors:
       field: _fields_.srcmac
       ignore_missing: true
 
-# ------------------------------------------------------------------------------
-# Move fields to ECS.
+  # ------------------------------------------------------------------------------
+  # Move fields to ECS.
   - rename:
       tag: rename_dstmac
       field: _fields_.dstmac
@@ -279,7 +279,10 @@ processors:
 on_failure:
   - append:
       field: error.message
-      value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+      value: >-
+        Processor '{{{ _ingest.on_failure_processor_type }}}'
+        {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
+        {{/_ingest.on_failure_processor_tag}}failed with message '{{{ _ingest.on_failure_message }}}'
   - set:
       field: event.kind
       value: pipeline_error
@@ -1,8 +1,8 @@
 ---
 description: Pipeline for processing utm logs from Fortinet Fortiproxy.
 processors:
-# ------------------------------------------------------------------------------
-# Convert fields.
+  # ------------------------------------------------------------------------------
+  # Convert fields.
   - convert:
       tag: convert_botnetip
       field: _fields_.botnetip
@@ -302,7 +302,10 @@ processors:
 on_failure:
   - append:
       field: error.message
-      value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+      value: >-
+        Processor '{{{ _ingest.on_failure_processor_type }}}'
+        {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
+        {{/_ingest.on_failure_processor_tag}}failed with message '{{{ _ingest.on_failure_message }}}'
   - set:
       field: event.kind
       value: pipeline_error
@@ -1,7 +1,7 @@
 format_version: 3.1.3
 name: fortinet_fortiproxy
 title: "Fortinet FortiProxy"
-version: "1.2.1"
+version: "1.2.2"
 description: "Collect logs from Fortinet FortiProxy with Elastic Agent."
 type: integration
 categories: