[Cribl] Fix handling of metric event type

packages/cribl/_dev/build/docs/README.md

@@ -42,6 +42,6 @@ The Cribl integration offers users a way to ingest logs from either of Cribl's E
 
     1. Set **Cloud Id** for the Cloud destination or **Bulk API URLs** for the Elasticsearch destination to point to your Elastic cluster.
 
-    2. Set **Index or Data Stream** to `logs-cribl-default`.
+    2. Set **Index or Data Stream** to `logs-cribl-default` for log-type events or to `metrics-cribl-default` for metric-type events.
 
     3. **API key** should be a Base64 encoded Elastic API key, which you can create in Kibana by following the instructions under **Management** > **Stack Management** > **Security** > **API Keys**. If you are using an API key with “Restrict privileges”, be sure to review the Indices privileges to provide at least "auto_configure" and "write" permissions for the logs-* index, which you will be using for these Fleet integration data streams.

packages/cribl/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.5.1"
+  changes:
+    - description: Fix handling of metric event type.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/13930
 - version: "0.5.0"
   changes:
     - description: Update Kibana constraint to support 9.0.0.

packages/cribl/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml

@@ -0,0 +1,27 @@
+---
+description: Pipeline for rerouting metric streams from Cribl.
+processors:
+  - set:
+      field: ecs.version
+      value: 8.11.0
+  - append:
+      field: tags
+      value: cribl
+      allow_duplicates: false
+  - rename:
+      field: _raw
+      target_field: message
+      ignore_missing: true
+  # removing id for metric type of event
+  - remove:
+      field: _id
+      tag: remove_id
+      ignore_missing: true
+  # The Cribl routing pipeline is managed by Kibana
+  # https://github.com/elastic/kibana/pull/176439
+  - pipeline:
+      name: 'cribl-routing-pipeline'
+on_failure:
+  - set:
+      field: error.message
+      value: "{{{ _ingest.on_failure_message }}}"

packages/cribl/data_stream/metrics/fields/base-fields.yml

@@ -0,0 +1,12 @@
+- name: data_stream.type
+  type: constant_keyword
+  description: Data stream type.
+- name: data_stream.dataset
+  type: constant_keyword
+  description: Data stream dataset.
+- name: data_stream.namespace
+  type: constant_keyword
+  description: Data stream namespace.
+- name: '@timestamp'
+  type: date
+  description: Event timestamp.

packages/cribl/data_stream/metrics/manifest.yml

@@ -0,0 +1,8 @@
+title: "Metrics"
+type: metrics
+dataset: cribl
+# This integration includes predefined rules that automatically route AWS service metrics to the respective integrations.
+# Adding these permissions to ensure the agents have permissions to write data to `metrics-*-*`.
+elasticsearch:
+  dynamic_dataset: true
+  dynamic_namespace: true

packages/cribl/docs/README.md

@@ -42,6 +42,6 @@ The Cribl integration offers users a way to ingest logs from either of Cribl's E
 
     1. Set **Cloud Id** for the Cloud destination or **Bulk API URLs** for the Elasticsearch destination to point to your Elastic cluster.
 
-    2. Set **Index or Data Stream** to `logs-cribl-default`.
+    2. Set **Index or Data Stream** to `logs-cribl-default` for log-type events or to `metrics-cribl-default` for metric-type events.
 
     3. **API key** should be a Base64 encoded Elastic API key, which you can create in Kibana by following the instructions under **Management** > **Stack Management** > **Security** > **API Keys**. If you are using an API key with “Restrict privileges”, be sure to review the Indices privileges to provide at least "auto_configure" and "write" permissions for the logs-* index, which you will be using for these Fleet integration data streams.

packages/cribl/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.0.3
 name: cribl
 title: "Cribl"
-version: "0.5.0"
+version: "0.5.1"
 description: Stream logs from Cribl into Elastic.
 type: integration
 categories: