aws/vpcflow: surface unsupported flow log formats as pipeline errors

[kcreddy]

Proposed commit message

aws/vpcflow: surface unsupported flow log formats as pipeline errors

Records with a field count that does not match any known VPC Flow Log
layout were silently indexed without parsed fields. Add a fail guard
after the dissect branches so these records trigger the pipeline-level
on_failure handler, setting event.kind to pipeline_error with a
descriptive message. Custom ingest pipelines continue to run and can
override the error for formats they handle.

Closes elastic/integrations#18521

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

• Closes [ingest-pipeline-safety] AWS VPC Flow pipeline silently accepts unsupported custom-format records #18521

[kcreddy]

fail used here instead of terminate because terminate hides the problem, fail surfaces it.

[infra-vault-gh-plugin-prod]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[kcreddy]

The CI is failing on an unrelated aws.config test failure.

[kcreddy]

/test

[elasticmachine]

💔 Build Failed

• Buildkite Build
• Commit: 91ba0f5

Failed CI Steps

• Check integrations aws

History

• 💔 Build #42578 failed 91ba0f5

cc @kcreddy

[kcreddy]

The CI error is due to the expired certificate on aws.config. #18881 should fix the problem. Until that is merged, moving this PR to draft.