Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change the type of threatintel.indicator.first_seen to date #26765

Merged
merged 1 commit into from
Jul 9, 2021
Merged

Change the type of threatintel.indicator.first_seen to date #26765

merged 1 commit into from
Jul 9, 2021

Conversation

adriansr
Copy link
Contributor

@adriansr adriansr commented Jul 7, 2021
edited
Loading

What does this PR do?

This fixing the field mapping for threatintel.indicator.first_seen, which was using keyword datatype, instead of date.

Why is it important?

To prevent issues with visualizations and aggregations.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

@adriansr
Change the type of threatintel.indicator.first_seen to date
5df226f 
The `threatintel` module field was incorrectly mapped as keyword instead
of date.
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jul 7, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jul 7, 2021
@adriansr adriansr added backport-v7.13.0 Automated backport with mergify backport-v7.14.0 Automated backport with mergify backport-v7.15.0 Automated backport with mergify and removed backport-v7.13.0 Automated backport with mergify labels Jul 7, 2021
@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-07-07T17:10:55.459+0000

  • Duration: 108 min 36 sec

  • Commit: 5df226f

Test stats 🧪

Test Results
Failed 0
Passed 14802
Skipped 2312
Total 17114

Trends 🧪

Image of Build Times

Image of Tests

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 14802
Skipped 2312
Total 17114

P1llus
P1llus approved these changes Jul 9, 2021
View reviewed changes
Copy link
Member

@P1llus P1llus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@adriansr
Copy link
Contributor Author

adriansr commented Jul 9, 2021

I've tested this ingesting data from all threatintel datasets using the older (wrong) datatype and then with a newer Filebeat using the fixed datatype. Didn't observe any ingestion errors nor query errors in Kibana dashboards.

@adriansr adriansr merged commit b6ee587 into elastic:master Jul 9, 2021
mergify bot pushed a commit that referenced this pull request Jul 9, 2021
@adriansr
Change the type of threatintel.indicator.first_seen to date (#26765)
cbbc5ce 
The `threatintel` module field was incorrectly mapped as keyword instead
of date.

(cherry picked from commit b6ee587)
@mergify mergify bot mentioned this pull request Jul 9, 2021
Merged
mergify bot pushed a commit that referenced this pull request Jul 9, 2021
@adriansr
Change the type of threatintel.indicator.first_seen to date (#26765)
767637d 
The `threatintel` module field was incorrectly mapped as keyword instead
of date.

(cherry picked from commit b6ee587)
@mergify mergify bot mentioned this pull request Jul 9, 2021
Merged
adriansr added a commit that referenced this pull request Jul 9, 2021
@mergify @adriansr
Change the type of threatintel.indicator.first_seen to date (#26765) (#…
414e866 
…26797)

The `threatintel` module field was incorrectly mapped as keyword instead
of date.

(cherry picked from commit b6ee587)

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
adriansr added a commit that referenced this pull request Jul 9, 2021
@mergify @adriansr
Change the type of threatintel.indicator.first_seen to date (#26765) (#…
67c8b09 
…26798)

The `threatintel` module field was incorrectly mapped as keyword instead
of date.

(cherry picked from commit b6ee587)

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@P1llus P1llus P1llus approved these changes

Assignees
No one assigned
Labels
backport-v7.14.0 Automated backport with mergify backport-v7.15.0 Automated backport with mergify breaking change Filebeat Filebeat review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adriansr @elasticmachine @P1llus