[Box Events] Update field mapping to account for non-boolean values#17413
Open
[Box Events] Update field mapping to account for non-boolean values#17413
Conversation
💔 Build Failed
Failed CI StepsHistory |
efd6
reviewed
Feb 16, 2026
Contributor
efd6
left a comment
efd6
left a comment
There was a problem hiding this comment.
This needs an elastic-package build (or just the application of the following diff):
diff --git a/packages/box_events/docs/README.md b/packages/box_events/docs/README.md
index 1b09c46a4d..f3437d7c42 100644
--- a/packages/box_events/docs/README.md
+++ b/packages/box_events/docs/README.md
@@ -227,7 +227,7 @@ Preserves a raw copy of the original event, added to the field `event.original`.
| box.source.item_status | Defines if this item has been deleted or not. active when the item has is not in the trash trashed when the item has been moved to the trash but not deleted deleted when the item has been permanently deleted. Value is one of `active`, `trashed`, `deleted` | keyword |
| box.source.job_title | User job title | boolean |
| box.source.language | User preferred language | boolean |
-| box.source.login | User login | boolean |
+| box.source.login | User login | keyword |
| box.source.max_upload_size | Max upload size | boolean |
| box.source.modified_at | The date and time at which this folder was last updated | date |
| box.source.modified_by.id | The unique identifier for this user that last modified the file. | keyword |Can you add a test for this? There is no event in the pipeline tests for this field, which is presumably why it has persisted so long.
andrewkroh
added
Integration:box_events
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed commit message
Box Events sends either
nullor an email tobox.source.loginwhen using theadmin_logs_streamingsetting. Setting this field to abooleancauses data set quality issues and fields to become ignored.Changing this to a
keywordshould resolve issues with data set quality.Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Related issues
Screenshots