Skip to content

crowdstrike: Add allow_deprecated_use flag to FDR logfile input #16147

New issue
New issue
Open
Open
crowdstrike: Add allow_deprecated_use flag to FDR logfile input#16147
Assignees
navnit-elastic
Labels
Category: Integration qualityCategory: Quality used for SI planningIntegration:crowdstrikeCrowdStrikeTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]Team:Sit-CrestCrest developers on the Security Integrations team [elastic/sit-crest-contractors]
@kcreddy

Description

@kcreddy
kcreddy
opened on Nov 27, 2025

logfile input is deprecated and disabled in favor of filestream input.
#12503 added allow_deprecated_use: true flag to all logfile input templates to continue allowing the logfile input, but crowdstrike.fdr data stream was missed in this change.

Without this flag, the ingestion still happens because the original deprecation isn't valid for Elastic Agent based integrations. But to make crowdstrike.fdr data stream consistent with other logfile based input templates, we need to add this flag to stream.yml.hbs. This also allows that the ingestion isn't temporarily broken if deprecation is made valid for Elastic Agent integrations.

This issue is only valid until logfile to filestream migration is done: #16141

Metadata

Metadata

Assignees

Labels

Category: Integration qualityCategory: Quality used for SI planningIntegration:crowdstrikeCrowdStrikeTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]Team:Sit-CrestCrest developers on the Security Integrations team [elastic/sit-crest-contractors]

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions