[DO NOT REVIEW] - Mappings investigation for entity analytic's graph component

[kfirpeled]

Proposed commit message

The PR is for learning purposes and temporary knowledge sharing

With usage of LLM we automate the process of enhancing the ingest pipeline of integrations based on data samples exists today.

[elasticmachine]

💔 Build Failed

• Buildkite Build
• Commit: 56068ea

Failed CI Steps

• Check integrations cloud_security_posture
• Check integrations cursor
• Check integrations fortinet_fortiedr
• Check integrations google_scc
• Check integrations netbox
• Check integrations rapid7_insightvm
• Check integrations tenable_io

History

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[github-actions]

TL;DR

The seven Buildkite package checks failed, but the available logs only contain stack teardown/artifact-upload output, not the actual test failure. I could not identify a defensible code root cause from the supplied data; the PR diff also does not touch any of the failed package directories.

Remediation

• Open the private Buildkite job logs or the uploaded build/test-results/*.xml artifacts for the failed package jobs and inspect the first <failure>/<error> entry.
• If the artifacts show only wrapper/teardown output as well, retry the Buildkite build because the diagnostic data for the failing command was not captured in the accessible logs.

Investigation details

Root Cause

Inconclusive: the failing command is known, but the concrete assertion/error is not present in the available log files.

The PR changed 140 files under dev/domain/** and dev/target-fields-audit/**; none of the failed package paths are modified:

• packages/cloud_security_posture/
• packages/cursor/
• packages/fortinet_fortiedr/
• packages/google_scc/
• packages/netbox/
• packages/rapid7_insightvm/
• packages/tenable_io/

Evidence

• Build: https://buildkite.com/elastic/integrations/builds/44742
• Failed jobs: Check integrations cloud_security_posture, cursor, fortinet_fortiedr, google_scc, netbox, rapid7_insightvm, tenable_io
• Commands all failed via .buildkite/scripts/test_one_package.sh packages/<package> origin/main 56068ea99db009b273b41acc6161143953fd7ed6
• Key accessible log excerpt for each job only shows the wrapper failure after teardown, e.g.:

--- [cursor] failed
^^^ +++
🚨 Error: The command exited with status 1
^^^ +++
user command error: exit status 1
~~~ Uploading artifacts

The Buildkite public step metadata lists the jobs as hard_failed, but the REST log endpoint returns Authentication required, and no local build/test-results artifacts were present to inspect.

Verification

• Checked PR metadata and changed-file list through GitHub MCP.
• Checked the pre-fetched Buildkite event, failure summary, and all seven log files under /tmp/gh-aw/buildkite-logs/.
• Checked for local build/test-results artifacts; none were available.
• Did not run the package checks locally because these integration checks require Docker/Elastic stack execution, and Docker-in-Docker is not available in this environment.

Follow-up

The next actionable step is to inspect the private Buildkite artifacts for the failing test XML. Without those artifacts or full logs, any package-level fix recommendation would be speculative.

---

What is this? | From workflow: PR Buildkite Detective

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.