Add event.kind and event.category #10357
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Part of elastic#7968 Adds event.kind = event and event.category = network_traffic to all Packetbeat events. Packetbeat flow events will additional have event.action = network_flow (same as Filebeat netflow). This also does some cleanup of redundant and unused code that resulted from the ECS migration.
9 tasks
ruflin
approved these changes
Jan 28, 2019
| @@ -35,6 +35,13 @@ import ( | |||
| // event at publish time. | |||
| const FieldsKey = "_packetbeat" | |||
|
|
|||
| // Network direction values. | |||
| const ( | |||
There was a problem hiding this comment.
We should have these in the ECS go code ;-)
| @@ -560,6 +559,7 @@ func (http *httpPlugin) newTransaction(requ, resp *message) beat.Event { | |||
| if http.sendRequest { | |||
| fields["request"] = string(http.makeRawMessage(requ)) | |||
| } | |||
| fields["method"] = httpFields.RequestMethod | |||
There was a problem hiding this comment.
Is this upper / lower case? Should we use strings.ToLower here?
There was a problem hiding this comment.
This value has already been ToLowered.
| @@ -183,110 +185,22 @@ func validateEvent(event *beat.Event) error { | |||
| return nil | |||
| } | |||
|
|
|||
| func (p *transProcessor) normalizeTransAddr(event common.MapStr) bool { | |||
There was a problem hiding this comment.
I'm a bit suprised how much less logic we now need for this but it's great :-)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Part of #7968
Adds
event.kind = eventandevent.category = network_trafficto all Packetbeat events.Packetbeat flow events will additional have
event.action = network_flow(same as Filebeatnetflow).
This also does some cleanup of redundant and unused code that resulted from the ECS
migration.