From 3cfefe6c9be3d87d3181f58f8768989aa1c2766c Mon Sep 17 00:00:00 2001
From: Taylor Swanson <90622908+taylor-swanson@users.noreply.github.com>
Date: Thu, 31 Oct 2024 12:54:29 -0500
Subject: [PATCH] Tolerate existing event.timezone in fortimail and fortiproxy
 (#11606)

- Change rename to set processor when setting event.timezone
- In certain situations, an add_locale processor may have run on the
agent and this will set event.timezone.
---
 packages/fortinet_fortimail/changelog.yml             |  5 +++++
 .../log/elasticsearch/ingest_pipeline/default.yml     |  8 ++++----
 packages/fortinet_fortimail/manifest.yml              |  2 +-
 packages/fortinet_fortiproxy/changelog.yml            |  5 +++++
 .../log/elasticsearch/ingest_pipeline/default.yml     | 11 ++++++-----
 packages/fortinet_fortiproxy/manifest.yml             |  2 +-
 6 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/packages/fortinet_fortimail/changelog.yml b/packages/fortinet_fortimail/changelog.yml
index 66ed2b27725..494643568fe 100644
--- a/packages/fortinet_fortimail/changelog.yml
+++ b/packages/fortinet_fortimail/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.13.1"
+  changes:
+    - description: Tolerate existing event.timezone value.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/11606
 - version: "2.13.0"
   changes:
     - description: Update package spec to 3.0.3.
diff --git a/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/default.yml
index 2995432c310..3a753c179eb 100644
--- a/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/default.yml
+++ b/packages/fortinet_fortimail/data_stream/log/elasticsearch/ingest_pipeline/default.yml
@@ -55,11 +55,11 @@ processors:
         - append:
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
-  - rename:
-      field: _conf.tz_offset
-      target_field: event.timezone
+  - set:
+      field: event.timezone
+      copy_from: _conf.tz_offset
       if: ctx._conf?.tz_offset != null && ctx._conf.tz_offset != 'local'
-      ignore_missing: true
+      ignore_empty_value: true
   - rename:
       field: temp.date
       target_field: fortinet_fortimail.log.date
diff --git a/packages/fortinet_fortimail/manifest.yml b/packages/fortinet_fortimail/manifest.yml
index c2d58416ab3..6709f92b635 100644
--- a/packages/fortinet_fortimail/manifest.yml
+++ b/packages/fortinet_fortimail/manifest.yml
@@ -1,6 +1,6 @@
 name: fortinet_fortimail
 title: Fortinet FortiMail
-version: "2.13.0"
+version: "2.13.1"
 description: Collect logs from Fortinet FortiMail instances with Elastic Agent.
 type: integration
 format_version: "3.0.3"
diff --git a/packages/fortinet_fortiproxy/changelog.yml b/packages/fortinet_fortiproxy/changelog.yml
index b01c21f1cdd..fa62509ee8d 100644
--- a/packages/fortinet_fortiproxy/changelog.yml
+++ b/packages/fortinet_fortiproxy/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.0.1"
+  changes:
+    - description: Tolerate existing event.timezone value.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/11606
 - version: "1.0.0"
   changes:
     - description: Release package as GA.
diff --git a/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/default.yml
index 071c27e652a..158805dfe22 100644
--- a/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/default.yml
+++ b/packages/fortinet_fortiproxy/data_stream/log/elasticsearch/ingest_pipeline/default.yml
@@ -95,11 +95,11 @@ processors:
 # ------------------------------------------------------------------------------
 # Date and Time.
 
-  - rename:
-      tag: rename_timezone
-      target_field: event.timezone
-      field: _fields_.tz
-      ignore_missing: true
+  - set:
+      tag: set_timezone
+      field: event.timezone
+      copy_from: _fields_.tz
+      ignore_empty_value: true
   - set:
       tag: set_temp_timestamp_with_tz
       field: '_temp_.timestamp'
@@ -120,6 +120,7 @@ processors:
       field:
         - _fields_.date
         - _fields_.time
+        - _fields_.tz
         - message
 
 # ------------------------------------------------------------------------------
diff --git a/packages/fortinet_fortiproxy/manifest.yml b/packages/fortinet_fortiproxy/manifest.yml
index 5d5d89d58c6..23c561b0c43 100644
--- a/packages/fortinet_fortiproxy/manifest.yml
+++ b/packages/fortinet_fortiproxy/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 3.1.3
 name: fortinet_fortiproxy
 title: "Fortinet FortiProxy"
-version: 1.0.0
+version: 1.0.1
 description: "Collect logs from Fortinet FortiProxy with Elastic Agent."
 type: integration
 categories: