elastic
diff --git a/‎packages/sophos/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/sophos/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 10 additions & 0 deletions b/‎packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/dhcp.yml‎
Lines changed: 4 additions & 0 deletions b/‎packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/dhcp.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/dns.yml‎
Lines changed: 4 additions & 0 deletions b/‎packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/dns.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/http.yml‎
Lines changed: 4 additions & 0 deletions b/‎packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/http.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/packetfilter.yml‎
Lines changed: 4 additions & 0 deletions b/‎packages/sophos/data_stream/utm/elasticsearch/ingest_pipeline/packetfilter.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/antispam.yml‎
Lines changed: 4 additions & 0 deletions b/‎packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/antispam.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/antivirus.yml‎
Lines changed: 4 additions & 0 deletions b/‎packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/antivirus.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/atp.yml‎
Lines changed: 4 additions & 0 deletions b/‎packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/atp.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/cfilter.yml‎
Lines changed: 4 additions & 0 deletions b/‎packages/sophos/data_stream/xg/elasticsearch/ingest_pipeline/cfilter.yml‎
Lines changed: 4 additions & 0 deletions
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "3.16.0"
+  changes:
+    - description: Preserve event.original on pipeline error.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15806
 - version: "3.15.4"
   changes:
     - description: Generate processor tags and normalize error handler.
 
@@ -226,6 +226,12 @@ processors:
           return false;
         }
         dropEmptyFields(ctx);
+  - append:
+      tag: append_preserve_original_event_on_error
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
+      if: ctx.error?.message != null
 on_failure:
   - append:
       field: error.message
@@ -237,3 +243,7 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
@@ -169,3 +169,7 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
@@ -97,3 +97,7 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
@@ -324,3 +324,7 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
@@ -276,3 +276,7 @@ on_failure:
   - set:
       field: event.kind
       value: pipeline_error
+  - append:
+      field: tags
+      value: preserve_original_event
+      allow_duplicates: false
@@ -163,3 +163,7 @@ on_failure:
       {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
       {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
       failed with message '{{{ _ingest.on_failure_message }}}'
+- append:
+    field: tags
+    value: preserve_original_event
+    allow_duplicates: false
@@ -263,3 +263,7 @@ on_failure:
       {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
       {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
       failed with message '{{{ _ingest.on_failure_message }}}'
+- append:
+    field: tags
+    value: preserve_original_event
+    allow_duplicates: false
@@ -144,3 +144,7 @@ on_failure:
       {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
       {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
       failed with message '{{{ _ingest.on_failure_message }}}'
+- append:
+    field: tags
+    value: preserve_original_event
+    allow_duplicates: false
@@ -200,3 +200,7 @@ on_failure:
       {{#_ingest.on_failure_processor_tag}}with tag '{{{ _ingest.on_failure_processor_tag }}}'
       {{/_ingest.on_failure_processor_tag}}in pipeline '{{{ _ingest.pipeline }}}'
       failed with message '{{{ _ingest.on_failure_message }}}'
+- append:
+    field: tags
+    value: preserve_original_event
+    allow_duplicates: false