dbot mirror id only if not empty (#37547)

demisto · Dec 3, 2024 · b25a00e · b25a00e
1 parent c948530
commit b25a00e
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 5 deletions.
diff --git a/Packs/Elasticsearch/Integrations/Elasticsearch_v2/Elasticsearch_v2.py b/Packs/Elasticsearch/Integrations/Elasticsearch_v2/Elasticsearch_v2.py
@@ -684,8 +684,9 @@ def results_to_incidents_timestamp(response, last_fetch):
                         'name': 'Elasticsearch: Index: ' + str(hit.get('_index')) + ", ID: " + str(hit.get('_id')),
                         'rawJSON': json.dumps(hit),
                         'occurred': hit_date.isoformat() + 'Z',
-                        'dbotMirrorId': hit.get('_id')
                     }
+                    if hit.get('_id'):
+                        inc['dbotMirrorId'] = hit.get('_id')
 
                     if MAP_LABELS:
                         inc['labels'] = incident_label_maker(hit.get('_source'))
@@ -733,8 +734,9 @@ def results_to_incidents_datetime(response, last_fetch):
                         # and sometimes as YYYY-MM-DDThh:mm:ss
                         # we want to return format: YYYY-MM-DDThh:mm:ssZ in our incidents
                         'occurred': format_to_iso(hit_date.isoformat()),
-                        'dbotMirrorId': hit.get('_id')
                     }
+                    if hit.get('_id'):
+                        inc['dbotMirrorId'] = hit.get('_id')
 
                     if MAP_LABELS:
                         inc['labels'] = incident_label_maker(hit.get('_source'))

diff --git a/Packs/Elasticsearch/ReleaseNotes/1_3_24.md b/Packs/Elasticsearch/ReleaseNotes/1_3_24.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Elasticsearch v2
+
+- A minor change was introduced to ensure reliable execution of the ***fetch-incidents*** command.
diff --git a/Packs/Elasticsearch/pack_metadata.json b/Packs/Elasticsearch/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Elasticsearch",
     "description": "Search for and analyze data in real time. \n Supports version 6 and later.",
     "support": "xsoar",
-    "currentVersion": "1.3.23",
+    "currentVersion": "1.3.24",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

diff --git a/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.py b/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.py
@@ -661,7 +661,8 @@ def create_incident(notable_data, occurred, mapper: UserMappingObject, comment_t
                     'Comment': comment})
         labels.append({'type': 'SplunkComments', 'value': str(comment_entries)})
         incident['labels'] = labels
-        incident['dbotMirrorId'] = notable_data.get(EVENT_ID)
+        if notable_data.get(EVENT_ID):
+            incident['dbotMirrorId'] = notable_data.get(EVENT_ID)
         notable_data['SplunkComments'] = comment_entries
         incident["rawJSON"] = json.dumps(notable_data)
         incident['SplunkComments'] = comment_entries

diff --git a/Packs/SplunkPy/ReleaseNotes/3_1_48.md b/Packs/SplunkPy/ReleaseNotes/3_1_48.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### SplunkPy
+
+- Fixed an issue where the ***fetch-incidents*** command would fail for non-ES Splunk users.
diff --git a/Packs/SplunkPy/pack_metadata.json b/Packs/SplunkPy/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Splunk",
     "description": "Run queries on Splunk servers.",
     "support": "xsoar",
-    "currentVersion": "3.1.47",
+    "currentVersion": "3.1.48",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",