From 3a10b4a9db59e4849ed916f8ded776826b8ad8af Mon Sep 17 00:00:00 2001 From: Nicolas Ruflin Date: Fri, 5 Oct 2018 15:03:59 +0200 Subject: [PATCH] Remove *.timezone.offset.sec fields (#134) --- CHANGELOG.md | 13 +++++++------ README.md | 2 -- fields.yml | 19 ------------------- schema.csv | 2 -- schemas/device.yml | 9 --------- schemas/host.yml | 10 ---------- template.json | 22 ---------------------- use-cases/metricbeat.md | 2 +- 8 files changed, 8 insertions(+), 71 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5eca3870bd..75bbdaedb4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,15 +7,16 @@ All notable changes to this project will be documented in this file based on the ### Breaking changes * Change structure of URL. #7 * Rename `url.href` `multi_field`. #18 -* Rename `geoip.*` to `geo`. +* Rename `geoip.*` to `geo`. #58 * Rename log.message to log.original. #106 -* Rename `event.raw` to `event.original`. -* Rename `user_agent.raw` to `user_agent.original` and make it a keyword. +* Rename `event.raw` to `event.original`. #107 +* Rename `user_agent.raw` to `user_agent.original` and make it a keyword. #107 * Rename `file.path.raw` to `file.path.keyword`, `file.target_path.raw` to `file.target_path.keyword`, `url.href.raw` to `url.href.keyword`, `url.path.raw` to `url.path.keyword`, - `url.query.raw` to `url.query.keyword`, and `network.name.raw` to `network.name.keyword`. -* Remove `log.offset` and `log.line` as too specific for ECS. -* Remove top level objects `kubernetes` and `tls`. + `url.query.raw` to `url.query.keyword`, and `network.name.raw` to `network.name.keyword`. #103 +* Remove `log.offset` and `log.line` as too specific for ECS. #131 +* Remove top level objects `kubernetes` and `tls`. #132 +* Remove `*.timezone.offset.sec` fields as too specific for ECS at the moment. #134 ### Bugfixes diff --git a/README.md b/README.md index bc11502a6e..ae224e7020 100644 --- a/README.md +++ b/README.md @@ -149,7 +149,6 @@ Device fields are used to provide additional information about the device that i | device.vendor | Device vendor information. | text | | | | device.version | Device version. | keyword | | | | device.serial_number | Device serial number. | keyword | | | -| device.timezone.offset.sec | Timezone offset of the host in seconds.
Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. | long | | `-5400` | | device.type | The type of the device the data is coming from.
There is no predefined list of device types. Some examples are `endpoint`, `firewall`, `ids`, `ips`, `proxy`. | keyword | | `firewall` | @@ -236,7 +235,6 @@ Normally the host information is related to the machine on which the event was g | Field | Description | Type | Multi Field | Example | |---|---|---|---|---| -| host.timezone.offset.sec | Timezone offset of the host in seconds.
Number of seconds relative to UTC. If the offset is -01:30 the value will be -5400. | long | | `-5400` | | host.name | host.name is the hostname of the host.
It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | | host.id | Unique host id.
As hostname is not always unique, use values that are meaningful in your environment.
Example: The current usage of `beat.name`. | keyword | | | | host.ip | Host ip address. | ip | | | diff --git a/fields.yml b/fields.yml index 5d325c9b5e..bb1564769c 100644 --- a/fields.yml +++ b/fields.yml @@ -303,15 +303,6 @@ type: keyword description: > Device serial number. - - name: timezone.offset.sec - level: extended - type: long - description: > - Timezone offset of the host in seconds. - - Number of seconds relative to UTC. If the offset is -01:30 the - value will be -5400. - example: -5400 - name: type level: core type: keyword @@ -653,16 +644,6 @@ type: group fields: - - name: timezone.offset.sec - level: extended - type: long - description: > - Timezone offset of the host in seconds. - - Number of seconds relative to UTC. If the offset is -01:30 the - value will be -5400. - example: -5400 - - name: name level: core type: keyword diff --git a/schema.csv b/schema.csv index a671e8b41a..ace2f5ce71 100644 --- a/schema.csv +++ b/schema.csv @@ -30,7 +30,6 @@ device.hostname,keyword,0, device.ip,ip,0, device.mac,keyword,0, device.serial_number,keyword,0, -device.timezone.offset.sec,long,0,-5400 device.type,keyword,0,firewall device.vendor,text,0, device.version,keyword,0, @@ -79,7 +78,6 @@ host.os.family,keyword,0,debian host.os.name,keyword,0,Mac OS X host.os.platform,keyword,0,darwin host.os.version,keyword,0,10.12.6 -host.timezone.offset.sec,long,0,-5400 host.type,keyword,0, http.request.method,keyword,0,"GET, POST, PUT" http.response.body,text,0,Hello world diff --git a/schemas/device.yml b/schemas/device.yml index 6d9338bc07..a48d4c43db 100644 --- a/schemas/device.yml +++ b/schemas/device.yml @@ -37,15 +37,6 @@ type: keyword description: > Device serial number. - - name: timezone.offset.sec - level: extended - type: long - description: > - Timezone offset of the host in seconds. - - Number of seconds relative to UTC. If the offset is -01:30 the - value will be -5400. - example: -5400 - name: type level: core type: keyword diff --git a/schemas/host.yml b/schemas/host.yml index 13a65dd932..3f11e4b99d 100644 --- a/schemas/host.yml +++ b/schemas/host.yml @@ -11,16 +11,6 @@ type: group fields: - - name: timezone.offset.sec - level: extended - type: long - description: > - Timezone offset of the host in seconds. - - Number of seconds relative to UTC. If the offset is -01:30 the - value will be -5400. - example: -5400 - - name: name level: core type: keyword diff --git a/template.json b/template.json index 504cb2290e..b57a28b6d4 100644 --- a/template.json +++ b/template.json @@ -161,17 +161,6 @@ "ignore_above": 1024, "type": "keyword" }, - "timezone": { - "properties": { - "offset": { - "properties": { - "sec": { - "type": "long" - } - } - } - } - }, "type": { "ignore_above": 1024, "type": "keyword" @@ -392,17 +381,6 @@ } } }, - "timezone": { - "properties": { - "offset": { - "properties": { - "sec": { - "type": "long" - } - } - } - } - }, "type": { "ignore_above": 1024, "type": "keyword" diff --git a/use-cases/metricbeat.md b/use-cases/metricbeat.md index 714c3cfc3a..64e0e56e8f 100644 --- a/use-cases/metricbeat.md +++ b/use-cases/metricbeat.md @@ -22,7 +22,7 @@ ECS fields used Metricbeat. | [error.message](https://github.com/elastic/ecs#error.message) | Error message returned by the service during fetching metrics. | text | | | | [error.code](https://github.com/elastic/ecs#error.code) | Error code returned by the service during fetching metrics. | keyword | | | | [host.name](https://github.com/elastic/ecs#host.name) | Hostname of the system metricbeat is running on or user defined name. | keyword | | | -| [host.timezone.offset.sec](https://github.com/elastic/ecs#host.timezone.offset.sec) | Timezone offset of the host in seconds. | long | | `-5400` | +| *host.timezone.offset.sec* | *Timezone offset of the host in seconds.* | long | | | | [host.id](https://github.com/elastic/ecs#host.id) | Unique host id. | keyword | | | | [event.module](https://github.com/elastic/ecs#event.module) | Name of the module this data is coming from. | keyword | | `mysql` | | [event.dataset](https://github.com/elastic/ecs#event.dataset) | Name of the dataset.
This contains the information which is currently stored in metricset.name and metricset.module. | keyword | | `stats` |