Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #19159 to 7.x: Specify an ECS version in Auditbeat/Packetbeat/Winlogbeat #19862

Merged
merged 1 commit into from
Jul 14, 2020
Merged

Cherry-pick #19159 to 7.x: Specify an ECS version in Auditbeat/Packetbeat/Winlogbeat #19862

merged 1 commit into from
Jul 14, 2020

Conversation

andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Jul 13, 2020
edited by zube bot
Loading

Cherry-pick of PR #19159 to 7.x branch. Original message:

What does this PR do?

When we update the Beat (include all of its modules) we will then bump the ECS
version that it includes in events.

I went for a less granular approach than what is being used in Filebeat because
I think it's desirable to move a whole beat to a new ECS version "at once" and
more realistic to do so with these Beats that have fewer updates. By "at once" I
mean we won't release a version that is partially updated. This implies that if
we will be making multiple commits that we should use a feature branch to
ensure the update is atomic.

Why is it important?

We want the ecs.version to accurately represent the schema that is implemented.

Related issues

@andrewkroh
Specify an ECS version in Auditbeat/Packetbeat/Winlogbeat (elastic#19159
f171021 
)

When we update the Beat (include all of its modules) we will then bump the ECS
version that it includes in events.

I went for a less granular approach than what is being used in Filebeat because
I think it's desirable to move a whole beat to a new ECS version "at once" and
more realistic to do so with these Beats that have fewer updates. By "at once" I
mean we won't release a version that is partially updated. This implies that if
we will be making multiple commits that we should use a feature branch to
ensure the update is atomic.

Closes elastic#17688

(cherry picked from commit 256b50d)
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jul 13, 2020
@andrewkroh andrewkroh merged commit 09daf92 into elastic:7.x Jul 14, 2020
@zube zube bot removed the [zube]: Done label Oct 13, 2020
@andrewkroh andrewkroh deleted the backport_19159_7.x branch January 14, 2022 14:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewstucki andrewstucki andrewstucki approved these changes

Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrewkroh @elasticmachine @andrewstucki