Adding preserve original event option to System integration Syslog datastream

[kgeller]

What does this PR do?

This adds the option to the syslog datastream to ensure users can preserve the original message if required.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

• [ ]

How to test this PR locally

Related issues

Closes #6524

Screenshots

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-06-30T12:53:18.338+0000

• Duration: 16 min 32 sec

Test stats 🧪

Test	Results
Failed	0
Passed	146
Skipped	0
Total	146

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (3/3)	💚
Files	100.0% (4/4)	💚 2.198
Classes	100.0% (4/4)	💚 2.198
Methods	60.759% (48/79)	👎 -34.478
Lines	100.0% (2811/2811)	💚 8.06
Conditionals	100.0% (0/0)	💚

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[andrewkroh]

Other changes are needed to implement this. Take a look at other packages for an example config. The ingest pipeline needs updated.

[kgeller]

Other changes are needed to implement this. Take a look at other packages for an example config. The ingest pipeline needs updated.

Oops, I was totally looking at the wrong pipeline and thought it was already there. Should be all there now.

[andrewkroh]

Can you please add a new pipeline test that enables the preserve_original_event.

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 298e10e

cc @kgeller

[kgeller]

@elastic/obs-infraobs-integrations Would someone mind reviewing since the team is the code owner?

[kgeller]

/test

[kgeller]

/test

[ishleenk17]

@elastic/obs-infraobs-integrations Would someone mind reviewing since the team is the code owner?

This is under Review. @kgeller

[ishleenk17]

This looks to be a completely newly generated sample event. Any reason why this was not present before ?

[kgeller]

I do not. Will delete since adding it was not intentional. I was simply attempting to regenerate things to see if I could get the ci green.

[ishleenk17]

Looks good!

[elasticmachine]

Package system - 1.35.0 containing this change is available at https://epr.elastic.co/search?package=system