Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Convert Filebeat system.auth to ECS #9138

Merged
merged 14 commits into from
Nov 27, 2018
Merged

Convert Filebeat system.auth to ECS #9138

merged 14 commits into from
Nov 27, 2018

Commits on Nov 27, 2018

  1. Space. The final frontier.

    Mathieu Martin committed Nov 27, 2018
    Configuration menu
    Copy the full SHA
    be887d2 View commit details
    Browse the repository at this point in the history

  2. Perform all the straightforward renames at once. 

    - system.auth.hostname => host.hostname
- system.auth.pid => process.pid
- system.auth.user => user.name
- system.auth.program => process.name
- system.auth.ssh.ip => source.ip
- system.auth.ssh.port => source.port
- system.auth.ssh.geoip.* => source.geo.*
    Mathieu Martin committed Nov 27, 2018
    Configuration menu
    Copy the full SHA
    4bae9c1 View commit details
    Browse the repository at this point in the history

  3. Rename system.auth.message to message... 

    Note that there's no log in this format being tested by the integration tests,
at this time.
    Mathieu Martin committed Nov 27, 2018
    Configuration menu
    Copy the full SHA
    b7411f0 View commit details
    Browse the repository at this point in the history

  4. Perform a few more renames and type conversion on numeric fields.

    Mathieu Martin committed Nov 27, 2018
    Configuration menu
    Copy the full SHA
    6496361 View commit details
    Browse the repository at this point in the history

  5. Changelog

    Mathieu Martin committed Nov 27, 2018
    Configuration menu
    Copy the full SHA
    8471b23 View commit details
    Browse the repository at this point in the history

  6. Move group.* definitions to a safer haven.

    Mathieu Martin committed Nov 27, 2018
    Configuration menu
    Copy the full SHA
    af04a97 View commit details
    Browse the repository at this point in the history

  7. List the fields that moved in ecs-migration.yml

    Mathieu Martin committed Nov 27, 2018
    Configuration menu
    Copy the full SHA
    5e6bde4 View commit details
    Browse the repository at this point in the history

  8. Replace previous definitions with aliases for all normalized fields

    Mathieu Martin committed Nov 27, 2018
    Configuration menu
    Copy the full SHA
    e82aa64 View commit details
    Browse the repository at this point in the history

  9. Revert the mapping of ssh.signature to event.hash until discussed

    Mathieu Martin committed Nov 27, 2018
    Configuration menu
    Copy the full SHA
    c148869 View commit details
    Browse the repository at this point in the history

  10. Move the fields not aliased to the top, to promote sanity

    Mathieu Martin committed Nov 27, 2018
    Configuration menu
    Copy the full SHA
    816f3e0 View commit details
    Browse the repository at this point in the history

  11. Bring back dropped_ip and copy it to source.ip when it's there. 

    Damn, painless scripting is painful
    Mathieu Martin committed Nov 27, 2018
    Configuration menu
    Copy the full SHA
    7524102 View commit details
    Browse the repository at this point in the history

  12. Fix test failure after introducing aliases. 

    `'Cannot write to a field alias [system.auth.timestamp].'`
    Mathieu Martin committed Nov 27, 2018
    Configuration menu
    Copy the full SHA
    c789b17 View commit details
    Browse the repository at this point in the history

  13. Add back missing log entry, likely lost during rebase

    Mathieu Martin committed Nov 27, 2018
    Configuration menu
    Copy the full SHA
    4cc3167 View commit details
    Browse the repository at this point in the history

  14. Output to group.*, not to the alias

    Mathieu Martin committed Nov 27, 2018
    Configuration menu
    Copy the full SHA
    cd583ae View commit details
    Browse the repository at this point in the history