Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rename file integrity fields #5995

Merged
merged 3 commits into from
Jan 9, 2018
Merged

Rename file integrity fields #5995

merged 3 commits into from
Jan 9, 2018

Conversation

andrewkroh
Copy link
Member

This creates three groups of fields in the file integrity module event, hash, and file.

It also changes dataset.module to event.module for all modules.

See data.json files for sample events.

ruflin
ruflin approved these changes Jan 5, 2018
View reviewed changes
CHANGELOG.asciidoc Outdated
@@ -26,6 +26,7 @@ https://github.com/elastic/beats/compare/v6.0.0-beta2...master[Check the HEAD di
- Split the audit.kernel and audit.file metricsets into their own modules
named auditd and file_integrity, respectively. This change requires
existing users to update their config. {issue}5422[5422]
- Renamed file_integrity module fields.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you add teh PR number?

auditbeat/docs/fields.asciidoc
@@ -2144,91 +2144,89 @@ Image labels.
These are the fields generated by the file_integrity module.


[float]
=== `event.action`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting field, we should discuss this more.

auditbeat/module/file_integrity/metricset.go
@@ -21,7 +21,7 @@ const (
bucketName = "file.v1"

// Use old namespace for data until we do some field renaming for GA.
namespace = "audit.file"
namespace = "."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume that means it ignores the namespace?

metricbeat/mb/event.go
switch e.Namespace {
case ".":
// Add fields to root.
b.Fields.DeepUpdate(e.MetricSetFields)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here we go :-)

@ruflin
Copy link
Contributor

ruflin commented Jan 5, 2018

@andrewkroh I think this PR needs a make fmt

@andrewkroh
Rename file integrity fields
0fa17bd 
This creates three groups of fields in the file integrity module `event`, `hash`, and `file`.

It also changes `dataset.module` to `event.module` for all modules.

elastic#5423
@andrewkroh andrewkroh force-pushed the feature/auditbeat-fim-ecs-rename branch from 27573bd to 0fa17bd Compare January 5, 2018 07:09
@andrewkroh
Copy link
Member Author

andrewkroh commented Jan 5, 2018
edited
Loading

Updated the CHANGELOG and fmt'ed Metricbeat.

ruflin
ruflin approved these changes Jan 9, 2018
View reviewed changes
auditbeat/module/file_integrity/_meta/fields.yml
- name: path
type: text
description: The path to the file.
multi_fields:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice

@ruflin ruflin merged commit 259d6ac into elastic:master Jan 9, 2018
@ruflin ruflin mentioned this pull request Jan 9, 2018
Closed
@andrewkroh andrewkroh deleted the feature/auditbeat-fim-ecs-rename branch January 17, 2018 16:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruflin ruflin ruflin approved these changes

Assignees
No one assigned
Labels
Auditbeat review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andrewkroh @ruflin