Update flows to use event.dataset (#10063)

* Update flows to use event.dataset event.type is a reserved field for ECS and event.dataset is a more appropriate field for this identifying the what produced the event. And we'll keep type until we are done updating Packetbeat for ECS, at which time we can reevaluate if we want to change anything w.r.t. the common fields used in several Packetbeat datasets (like path, query, type, status). * Update Packetbeat Flows dashboard
elastic · Jan 16, 2019 · 42a3dbb · 42a3dbb
1 parent 693f2d5
commit 42a3dbb
Show file tree

Hide file tree

Showing 10 changed files with 865 additions and 475 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -143,6 +143,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 *Packetbeat*
 
 - Add `network.community_id` to Packetbeat flow events. {pull}10061[10061]
+- Add aliases for flow fields that were renamed. {issue}7968[7968] {pull}10063[10063]
 
 *Functionbeat*
 

diff --git a/dev-tools/ecs-migration.yml b/dev-tools/ecs-migration.yml
@@ -835,6 +835,40 @@
   alias: false
   comment: Don't add an alias until all of Packetbeat stops using this field.
 
+## Flows
+- from: flow_id
+  to: flow.id
+  alias: true
+
+- from: final
+  to: flow.final
+  alias: true
+
+- from: start_time
+  to: event.start
+  alias: true
+
+- from: last_time
+  to: event.end
+  alias: true
+
+- from: source.stats.net_bytes_total
+  to: source.bytes
+  alias: true
+
+- from: source.stats.net_packets_total
+  to: source.packets
+  alias: true
+
+- from: dest.stats.net_bytes_total
+  to: destination.bytes
+  alias: true
+
+- from: dest.stats.net_packets_total
+  to: destination.packets
+  alias: true
+
+
 # Heartbeat
 
 - from: monitor.scheme

diff --git a/packetbeat/_meta/fields.common.yml b/packetbeat/_meta/fields.common.yml
@@ -89,6 +89,41 @@
         this field will be an array with the outer tag's VLAN identifier listed
         first.
 
+    - name: flow_id
+      type: alias
+      path: flow.id
+      migration: true
+
+    - name: final
+      type: alias
+      path: flow.final
+      migration: true
+
+    - name: vlan
+      type: alias
+      path: flow.vlan
+      migration: true
+
+    - name: source.stats.net_bytes_total
+      type: alias
+      path: source.bytes
+      migration: true
+
+    - name: source.stats.net_packets_total
+      type: alias
+      path: source.packets
+      migration: true
+
+    - name: dest.stats.net_bytes_total
+      type: alias
+      path: destination.bytes
+      migration: true
+
+    - name: dest.stats.net_packets_total
+      type: alias
+      path: destination.packets
+      migration: true
+
 - key: trans_event
   title: "Transaction Event"
   description: >