Update DHCPv4 protocol to use ECS fields #10089
Merged
Commits on Jan 16, 2019
-
Update DHCPv4 protocol to use ECS fields
The DHCPv4 protocol dataset works on uni-flows (it's not transacted, see elastic#7956) so the `source` and `destination` will indicate the original packet header data. Meanwhile the `client` / `server` fields are copies of the `source`/`destination`, but they are copied based on which side is the client and server. Here's a summary of what fields changed. Part of elastic#7968 Changed - bytes_in -> source.bytes - transport -> network.transport = udp Added - source - destination - event.dataset = dhcpv4 - event.start - network.bytes - network.community_id - network.protocol = dhcpv4 - network.type Unchanged Packetbeat Fields - status - type = dhcpv4 (we might remove this since we have event.dataset)
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.