Integration Name

Box Events [box_events]

Dataset Name

logs-box_events

Integration Version

3.1.1

Agent Version

9.1.2

Agent Output Type

logstash

Elasticsearch Version

9.2.1

OS Version and Architecture

K8s

Software/API Version

No response

Error Message

Field is listed as malformed and ignored in Data Set Quality. This happens when an email is passed in the field from the original. Field mapping in the default template sets this field as boolean.

Event Original

{"action_by":null,"additional_details":{"service_id":"8636","service_name":"Box Edit"},"created_at":"2026-02-13T15:26:38-08:00","created_by":{"id":"REDACTED","login":"[email protected]","name":"REDACTED","type":"user"},"event_id":"UUID","event_type":"USER_AUTHENTICATE_OAUTH2_ACCESS_TOKEN_CREATE","ip_address":"ipv6","session_id":null,"source":{"id":"REDACTED","login":"[email protected]","name":"REDACTED","type":"user"},"type":"event"}

What did you do?

Box is configured to use admin_logs_streaming instead of all.

What did you see?

In logs-box_events.events@package the field box.source.login is mapped as a boolean instead of as an email.

What did you expect to see?

box.source.login should be mapped as a keyword.

Anything else?

This field appears to be null most of the time but sometimes has an email in it.