Skip to content

Commit

Permalink
Fix fileset field prefixing (elastic#20170)
Browse files Browse the repository at this point in the history
When the fields.yml file is constructed it is done by appending files together and adding some indenting.
In the case of Filebeat, a fileset's fields.yml is appended with an indent of 8 spaces to the module's fields.yml.
This generally allows for all of the filesets fields to become children of the module.

The problem we had was that the new filesets added in elastic#19713 expected that their fields would be root fields
(not children to the module namespace). In cases where the module already existed and had declared
a module namespace field in its fields.yml this resulted in unexpectedly namespaced fieldset fields
(e.g. microsoft.rsa.* instead of rsa.*).

The size of the x-pack/filebeat index-pattern is still large (915885 bytes), but not so large that it goes beyond the Kibana
request payload limit.

Fixes elastic#19965

(cherry picked from commit ea7c05f)
  • Loading branch information
andrewkroh committed Jul 23, 2020
1 parent ab41986 commit 7e65e80
Show file tree
Hide file tree
Showing 12 changed files with 4,214 additions and 4,236 deletions.
4,108 changes: 2,047 additions & 2,061 deletions filebeat/docs/fields.asciidoc

Large diffs are not rendered by default.

6 changes: 1 addition & 5 deletions x-pack/filebeat/module/cisco/_meta/fields.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,4 @@
description: >
Module for handling Cisco network device logs.
fields:
- name: cisco
type: group
description: >
Fields from Cisco logs.
fields:

2 changes: 1 addition & 1 deletion x-pack/filebeat/module/cisco/asa/_meta/fields.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
- name: asa
- name: cisco.asa
type: group
description: >
Fields for Cisco ASA Firewall.
Expand Down
2 changes: 1 addition & 1 deletion x-pack/filebeat/module/cisco/fields.go

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion x-pack/filebeat/module/cisco/ftd/_meta/fields.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
- name: ftd
- name: cisco.ftd
type: group
description: >
Fields for Cisco Firepower Threat Defense Firewall.
Expand Down
2 changes: 1 addition & 1 deletion x-pack/filebeat/module/cisco/ios/_meta/fields.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
- name: ios
- name: cisco.ios
type: group
description: >
Fields for Cisco IOS logs.
Expand Down
9 changes: 0 additions & 9 deletions x-pack/filebeat/module/fortinet/_meta/fields.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,3 @@
description: >
fortinet Module
fields:
- name: fortinet
type: group
description: >
Fields from fortinet FortiOS
fields:
- name: file.hash.crc32
type: keyword
description: >
CRC32 Hash of file
2 changes: 1 addition & 1 deletion x-pack/filebeat/module/fortinet/fields.go

Large diffs are not rendered by default.

Loading

0 comments on commit 7e65e80

Please sign in to comment.