Convert apache2.access to ECS - Take 2 (elastic#9245)

- Convert many fields under `apache2.access.*` to ECS. Previous field names are field aliases towards the new corresponding ECS field: - apache2.access.user_name => user.name - apache2.access.method => http.request.method - apache2.access.url => url.original - apache2.access.http_version => http.version - apache2.access.response_code => http.response.status_code - apache2.access.referrer => http.request.referrer - apache2.access.agent => user_agent.original - read_timestamp => event.created - apache2.access.geoip.* => source.geo.* - apache2.access.user_agent.* => user_agent.* - Rename common field `url.href` to `url.original`, bringing it in line with ECS - Remove field defs which are no longer in ECS: - url.href.raw - source.hostname - Add a log entry with a hostname as the remote host, instead of an IP - Add leniency to geoip filter, if remote host is a hostname instead of an IP (no ip field) - Coerce int fields to ints: status_code, sent bytes - Fix unrelated test failure caused by generated code (under x-pack/metricbeat) that seems to be outdated in master
DStape · Nov 29, 2018 · d65e8e1 · d65e8e1
1 parent 181db6b
commit d65e8e1
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 13 deletions.
diff --git a/docs/fields.asciidoc b/docs/fields.asciidoc
@@ -2272,10 +2272,10 @@ URL fields provide a complete URL, with scheme, host, and path. The URL object c
 
 
 
-*`url.href`*::
+*`url.original`*::
 +
 --
-type: text
+type: keyword
 
 example: https://elastic.co:443/search?q=elasticsearch#top
 
@@ -2284,16 +2284,6 @@ Full url. The field is stored as keyword.
 `href` is an analyzed field so the parsed information can be accessed through `href.analyzed` in queries.
 
 
-*`url.href.raw`*::
-+
---
-type: keyword
-
-The full URL. This is a non-analyzed field that is useful for aggregations.
-
-
---
-
 --
 
 *`url.scheme`*::