Skip to content

[6.6] Remove ECS aliases #1795

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jan 16, 2019
Merged

[6.6] Remove ECS aliases #1795

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0e8bc25
remove APM ECS comptability aliases
graphaelli Jan 16, 2019
e3a9668
Revert "don't migrate beat.hostname"
graphaelli Jan 16, 2019
84d7be2
Revert "automate conflicting libbeat field removals (#1665)"
graphaelli Jan 16, 2019
b6cd95c
revert fmt update
graphaelli Jan 16, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions _beats/dev-tools/ecs-migration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,11 @@

# Beat fields

- from: beat.hostname
to: host.hostname
alias6: true
alias: true
Copy link
Contributor

@simitt simitt Jan 16, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we aliasing this field and not including it in the reindexing script? And shouldn't beat.hostname go to observer.hostname?

Copy link
Member Author

@graphaelli graphaelli Jan 16, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, this is confusing. This doesn't create an alias, it's just beats' log of their aliases. The only aliases that are actually created are listed in the description.


- from: beat.timezone
to: event.timezone
alias6: true
Expand Down
140 changes: 0 additions & 140 deletions _meta/ecs-migration.yml
View file
Open in desktop

This file was deleted.

213 changes: 0 additions & 213 deletions _meta/fields.common.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -423,216 +423,3 @@
type: keyword
description: >
The ID of the parent event.

# ECS
- name: agent
type: group
dynamic: false
fields:
- name: name
type: alias
path: context.service.agent.name

- name: version
type: alias
path: context.service.agent.version

- name: client
type: group
dynamic: false
fields:
- name: ip
type: alias
path: context.user.ip

- name: observer
type: group
dynamic: false
fields:
- name: hostname
type: alias
path: beat.hostname

- name: listening
type: alias
path: listening

- name: type
type: alias
path: beat.name

- name: version
type: alias
path: beat.version

- name: host
type: group
dynamic: false
fields:
- name: architecture
type: alias
path: context.system.architecture

- name: ip
type: alias
path: context.system.ip

- name: hostname
type: alias
path: context.system.hostname

- name: os
type: group
fields:
- name: platform
type: alias
path: context.system.platform

- name: http
type: group
dynamic: false
fields:
- name: request.method
type: alias
path: context.request.method

- name: response.finished
type: alias
path: context.response.finished

- name: response.status_code
type: alias
path: context.response.status_code

- name: version
type: alias
path: context.request.http_version

- name: process
type: group
dynamic: false
fields:
- name: pid
type: alias
path: context.process.pid

- name: ppid
type: alias
path: context.process.ppid

- name: title
type: alias
path: context.process.title

- name: service
type: group
dynamic: false
fields:
# not in ECS
- name: environment
type: alias
path: context.service.environment

# not in ECS
- name: framework
type: group
fields:
- name: name
type: alias
path: context.service.framework.name

- name: version
type: alias
path: context.service.framework.version

# not in ECS
- name: language
type: group
fields:
- name: name
type: alias
path: context.service.language.name

- name: version
type: alias
path: context.service.language.version

- name: name
type: alias
path: context.service.name

# not in ECS
- name: runtime
type: group
fields:
- name: name
type: alias
path: context.service.runtime.name

- name: version
type: alias
path: context.service.runtime.version

- name: version
type: alias
path: context.service.version

- name: url
type: group
dynamic: false
fields:
- name: domain
type: alias
path: context.request.url.hostname

- name: fragment
type: alias
path: context.request.url.hash

- name: full
type: alias
path: context.request.url.full

- name: original
type: alias
path: context.request.url.raw

- name: path
type: alias
path: context.request.url.pathname

# context.request.url.port keyword -> long
- name: port
type: long
description: >
The port of the request, e.g. 443.

- name: query
type: alias
path: context.request.url.search

# context.request.url.protocol minus the ":"
- name: scheme
type: keyword
description: >
The scheme of the request, e.g. "https".

- name: user
type: group
dynamic: false
fields:
- name: email
type: alias
path: context.user.email

- name: id
type: alias
path: context.user.id

- name: name
type: alias
path: context.user.username

- name: user_agent.original.text
type: alias
path: context.user.user-agent
4 changes: 0 additions & 4 deletions docs/data/elasticsearch/error.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -249,9 +249,5 @@
},
"transaction": {
"id": "945254c5-67a5-417e-8a4e-aa29efcbfb79"
},
"url": {
"port": 8080,
"scheme": "https"
}
}
4 changes: 0 additions & 4 deletions docs/data/elasticsearch/generated/errors.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -268,10 +268,6 @@
},
"timestamp": {
"us": 1494342245999999
},
"url": {
"port": 8080,
"scheme": "https"
}
},
{
Expand Down
Loading