[Cribl] Fix handling of metric event type

[moxarth-rathod]

Proposed commit message

cribl: reroute to metrics datastreams

Updated the documentation to specify separate index templates for logs and metrics
and added a dedicated metrics pipeline, ensuring correct handling of metric events.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

• Closes [cribl] reroute to metrics datastreams #10700
• Relates [Cribl] Release integration as GA #12480

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[kgeller]

A nit and a question, but overall LGTM

[kcreddy]

Looks like CI failure is related to README update. Can you please check?

got | 0s
-- | --
  | @@ -44,3 +44,3 @@
  |  
  | -    2. Set **Index or Data Stream** to `logs-cribl-default` for log-type events and to `metrics-cribl-default` for metric-type events.
  | +    2. Set **Index or Data Stream** to `logs-cribl-default` for log-type events or to `metrics-cribl-default` for metric-type events.

[elastic-sonarqube]

Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: e3bd287

History

• 💔 Build #26164 failed b2107a5
• 💚 Build #26064 succeeded c39b91c

cc @moxarth-rathod

[kcreddy]

Thanks

[elastic-vault-github-plugin-prod]

Package cribl - 0.5.1 containing this change is available at https://epr.elastic.co/package/cribl/0.5.1/