incorporate feedback

- fix indentation in fields files - fix "fail_on_error" option in dns
elastic · Dec 10, 2020 · ffe02cb · ffe02cb
1 parent ffd313c
commit ffe02cb
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 12 deletions.
diff --git a/packages/zeek/data_stream/dns/agent/stream/log.yml.hbs b/packages/zeek/data_stream/dns/agent/stream/log.yml.hbs
@@ -21,7 +21,7 @@ processors:
       target: zeek.dns
   - registered_domain:
       ignore_missing: true
-      ignore_failure: true
+      fail_on_error: false
       field: zeek.dns.query
       target_field: dns.question.registered_domain
   - script:
@@ -157,7 +157,7 @@ processors:
         }
   - convert:
       ignore_missing: true
-      ignore_failure: true
+      fail_on_error: false
       mode: rename
       fields:
         - {from: zeek.dns.id.orig_h, to: source.address}
@@ -168,7 +168,7 @@ processors:
         - {from: zeek.dns.proto, to: network.transport}
   - convert:
       ignore_missing: true
-      ignore_failure: true
+      fail_on_error: false
       mode: copy
       fields:
         - {from: source.address, to: source.ip, type: ip}
@@ -180,7 +180,7 @@ processors:
         - {from: zeek.dns.rcode_name, to: dns.response_code}
   - convert:
       ignore_missing: true
-      ignore_failure: true
+      fail_on_error: false
       fields:
         - {from: zeek.dns.trans_id, type: string}
   - add_fields:

diff --git a/packages/zeek/data_stream/dns/fields/ecs.yml b/packages/zeek/data_stream/dns/fields/ecs.yml
@@ -79,8 +79,7 @@
   ignore_above: 1024
   name: dns.answers.name
   type: keyword
-- description: The time interval in seconds that this resource record may be cached
-    before it should be discarded.
+- description: The time interval in seconds that this resource record may be cached before it should be discarded.
   example: 180
   name: dns.answers.ttl
   type: long

diff --git a/packages/zeek/data_stream/ssl/fields/ecs.yml b/packages/zeek/data_stream/ssl/fields/ecs.yml
@@ -249,8 +249,7 @@
   name: tls.server.x509.issuer.country
   type: keyword
 - description: Distinguished name (DN) of issuing certificate authority.
-  example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance
-    Server CA
+  example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA
   ignore_above: 1024
   name: tls.server.x509.issuer.distinguished_name
   type: keyword

diff --git a/packages/zeek/data_stream/x509/fields/ecs.yml b/packages/zeek/data_stream/x509/fields/ecs.yml
@@ -44,8 +44,7 @@
   name: file.x509.issuer.country
   type: keyword
 - description: Distinguished name (DN) of issuing certificate authority.
-  example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance
-    Server CA
+  example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA
   ignore_above: 1024
   name: file.x509.issuer.distinguished_name
   type: keyword
@@ -82,8 +81,7 @@
   ignore_above: 1024
   name: file.x509.public_key_algorithm
   type: keyword
-- description: The curve used by the elliptic curve public key algorithm. This is
-    algorithm specific.
+- description: The curve used by the elliptic curve public key algorithm. This is algorithm specific.
   example: nistp521
   ignore_above: 1024
   name: file.x509.public_key_curve