Update flows to use event.dataset#10063
Merged
andrewkroh merged 3 commits intoelastic:masterfrom Jan 16, 2019
Merged
Conversation
event.type is a reserved field for ECS and event.dataset is a more appropriate field for this identifying the what produced the event. And we'll keep type until we are done updating Packetbeat for ECS, at which time we can reevaluate if we want to change anything w.r.t. the common fields used in several Packetbeat datasets (like path, query, type, status).
ruflin
reviewed
Jan 15, 2019
Contributor
ruflin
left a comment
ruflin
left a comment
There was a problem hiding this comment.
Can you add a changelog entry and add it to ecs-migration.yml if if no alias is needed?
Member
Author
|
@ruflin Nothing is being migrated. This is a follow-up to #9121 to address some things that I did wrong (it was the first packetbeat migration PR). There are some missing aliases that need to be added from the initial PR so I've added them to this one. Please have another look. |
Contributor
|
jenkins, test this |
ruflin
approved these changes
Jan 15, 2019
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
event.type is a reserved field for ECS and event.dataset is a more appropriate field for this
identifying the what produced the event. And we'll keep type until we are done updating
Packetbeat for ECS, at which time we can reevaluate if we want to change anything w.r.t.
the common fields used in several Packetbeat datasets (like path, query, type, status).