Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add event.dataset to filebeat #9457

Merged
merged 5 commits into from
Dec 11, 2018
Merged

Add event.dataset to filebeat #9457

merged 5 commits into from
Dec 11, 2018

Conversation

ruflin
Copy link
Member

@ruflin ruflin commented Dec 10, 2018
edited
Loading

This allows 6.6 / 6.7 data to be compatible with 7.x.

@ruflin
Add event.dataset to filebeat
0747cc4 
This allows 6.6 / 6.7 data to be compatible with 7.x.
@ruflin ruflin added in progress Pull request is currently in progress. Filebeat Filebeat ecs labels Dec 10, 2018
@ruflin ruflin self-assigned this Dec 10, 2018
@ruflin ruflin mentioned this pull request Dec 10, 2018
Closed
@ruflin ruflin added the Team:Integrations Label for the Integrations team label Dec 10, 2018
@elasticmachine
Copy link
Collaborator

Pinging @elastic/infrastructure

graphaelli
graphaelli reviewed Dec 11, 2018
View reviewed changes
Copy link
Member

@graphaelli graphaelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any need to enforce that event.dataset is always fileset.module + fileset.name (say with a test)?

x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json
@@ -54,7 +55,7 @@
"tags": [
"suricata"
],
"url.hostname": "example.net",
"url.hostname": "example.net",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bunch of these extra spaces, not sure if you care

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the files are auto generated so more wonder why there were missing before :-)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I may have saved it in a commit, before I was familiar with the Beats integration tests :-)

webmat
webmat reviewed Dec 11, 2018
View reviewed changes
filebeat/_meta/fields.common.yml
- name: event.dataset
description: >
The Filebeat dataset that generated this event.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, so we have per-Beat override 👍

@ruflin
Copy link
Member Author

ruflin commented Dec 11, 2018

@graphaelli Good question about the test. I don't think we should enforce it (event though at the moment it is because it's in the code). More important for me is that it's correct in the generate files. Ok if for now we skip a test?

@graphaelli
Copy link
Member

sounds reasonable to me

webmat
webmat approved these changes Dec 11, 2018
View reviewed changes
Copy link
Contributor

@webmat webmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Straightforward, LGTM.

@ruflin ruflin merged commit 661641c into elastic:6.x Dec 11, 2018
@ruflin ruflin deleted the add-fileset branch December 11, 2018 20:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@graphaelli graphaelli graphaelli approved these changes

@webmat webmat webmat approved these changes

Assignees

@ruflin ruflin

Labels
ecs Filebeat Filebeat in progress Pull request is currently in progress. Team:Integrations Label for the Integrations team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ruflin @elasticmachine @graphaelli @webmat