Remove suricata.eve.timestamp alias (elastic#22095)

Remove the suricata.eve.timestamp alias field from the Suricata module. This is a breaking change for anything that we dependent upon the field, but its presence caused issue in Kibana since it was always displayed in Discover. Fixes elastic#10535
andrewkroh · Oct 22, 2020 · daed8f9 · daed8f9
1 parent 9aefcfe
commit daed8f9
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 14 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -80,6 +80,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Add support for GMT timezone offsets in `decode_cef`. {pull}20993[20993]
 - Fix parsing of Elasticsearch node name by `elasticsearch/slowlog` fileset. {pull}14547[14547]
 - API address and shard ID are required settings in the Cloud Foundry input. {pull}21759[21759]
+- Remove `suricata.eve.timestamp` alias field. {issue}10535[10535] {pull}22095[22095]
 
 *Heartbeat*
 

diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc
@@ -143952,15 +143952,6 @@ type: keyword
 
 --
 
-*`suricata.eve.timestamp`*::
-+
---
-type: alias
-
-alias to: @timestamp
-
---
-
 *`suricata.eve.in_iface`*::
 +
 --

diff --git a/x-pack/filebeat/module/suricata/eve/_meta/fields.yml b/x-pack/filebeat/module/suricata/eve/_meta/fields.yml
@@ -176,10 +176,6 @@
  - name: http_content_type
  type: keyword
 
- - name: timestamp
- type: alias
- path: '@timestamp'
-
  - name: in_iface
  type: keyword
 

diff --git a/x-pack/filebeat/module/suricata/fields.go b/x-pack/filebeat/module/suricata/fields.go