Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce aliases for 7.x fields in 6.x #9283

Merged
merged 3 commits into from
Dec 12, 2018
Merged

Introduce aliases for 7.x fields in 6.x #9283

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fb28d45
Introduce aliases for 7.x fields in 6.x
ruflin Nov 29, 2018
24cd94d
update fields
ruflin Dec 12, 2018
8652806
rebase again
ruflin Dec 12, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
116 changes: 116 additions & 0 deletions auditbeat/docs/fields.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ This file is generated! See _meta/fields.yml and scripts/generate_field_docs.py
This document describes the fields that are exported by Auditbeat. They are
grouped in the following categories:

* <<exported-fields-alias>>
* <<exported-fields-auditd>>
* <<exported-fields-beat>>
* <<exported-fields-cloud>>
Expand All @@ -22,6 +23,121 @@ grouped in the following categories:
* <<exported-fields-kubernetes-processor>>

--
[[exported-fields-alias]]
== Alias fields

Alias fields for compatibility with 7.x.



*`host.hostname`*::
+
--
type: alias

alias to: beat.hostname

--

*`event.timezone`*::
+
--
type: alias

alias to: beat.timezone

--

*`cloud.provider`*::
+
--
type: alias

alias to: meta.cloud.provider

--

*`cloud.instance.id`*::
+
--
type: alias

alias to: meta.cloud.instance_id

--

*`cloud.instance.name`*::
+
--
type: alias

alias to: meta.cloud.instance_name

--

*`cloud.machine.type`*::
+
--
type: alias

alias to: meta.cloud.machine_type

--

*`cloud.availability_zone`*::
+
--
type: alias

alias to: meta.cloud.availability_zone

--

*`cloud.project.id`*::
+
--
type: alias

alias to: meta.cloud.project_id

--

*`cloud.region`*::
+
--
type: alias

alias to: meta.cloud.region

--

*`container.id`*::
+
--
type: alias

alias to: docker.container.id

--

*`container.name`*::
+
--
type: alias

alias to: docker.container.name

--

*`container.image.name`*::
+
--
type: alias

alias to: docker.container.image

--

[[exported-fields-auditd]]
== Auditd fields

Expand Down
2 changes: 1 addition & 1 deletion auditbeat/include/fields.go
View file
Open in desktop

Large diffs are not rendered by default.

72 changes: 72 additions & 0 deletions dev-tools/ecs-migration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# The ECS migration file contains the information about all the Beats fields which are migrated to ECS in 7.0.
# The goal of the file is to potentially have scripts on top of this information to convert visualisations and templates
# based on this information in an automated way and to keep track of all changes which were applied.
#
# The format of the file is as following:
#
# - from: source-field-in-6.x
# to: target-filed-in-ECS
# # Alias field is useful for fields where many-1 mapping from new to old are needed
# alias: true-if-alias-is-required-in-7
# # Alias6 field is useful for fields where there is a 1-1 mapping from old to new. If absent, defaults to false.
# alias6: true-if-alias-is-required-in-6
# # Copy to is useful for fields where multiple fields map to the same ECS field
# copy_to: true-if-field-should-be-copied-to-target-in-6x

# Beat fields

- from: beat.hostname
to: host.hostname
alias6: true
alias: true

- from: beat.timezone
to: event.timezone
alias6: true
alias: true

# Cloud processor fields
- to: cloud.provider
from: meta.cloud.provider
alias6: true
- to: cloud.instance.id
from: meta.cloud.instance_id
alias6: true
- to: cloud.instance.name
from: meta.cloud.instance_name
alias6: true
- to: cloud.machine.type
from: meta.cloud.machine_type
alias6: true
- to: cloud.availability_zone
from: meta.cloud.availability_zone
alias6: true
- to: cloud.project.id
from: meta.cloud.project_id
alias6: true
- to: cloud.region
from: meta.cloud.region
alias6: true

# Docker processor fields
- to: container.name
from: docker.container.name
alias6: true

- to: container.image.name
from: docker.container.image
alias6: true

- to: container.id
from: docker.container.id
alias6: true

# Filebeat fields
- to: event.module
from: fileset.module
index: filebeat

# Metricbeat fields
- to: event.module
from: metricset.module
index: metricbeat
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't realize we had both fileset.module and metricset.module becoming event.module. But I see you've treated them as two 1:1 mappings, in different indices. Good stuff.

5 changes: 5 additions & 0 deletions filebeat/_meta/fields.common.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -370,3 +370,8 @@
type: long
description: File size in bytes (field is only added when `type` is
`file`).

# Alias compatibility fields
- name: event.module
type: alias
path: fileset.module
125 changes: 125 additions & 0 deletions filebeat/docs/fields.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ This file is generated! See _meta/fields.yml and scripts/generate_field_docs.py
This document describes the fields that are exported by Filebeat. They are
grouped in the following categories:

* <<exported-fields-alias>>
* <<exported-fields-apache2>>
* <<exported-fields-auditd>>
* <<exported-fields-beat>>
Expand All @@ -37,6 +38,121 @@ grouped in the following categories:
* <<exported-fields-traefik>>

--
[[exported-fields-alias]]
== Alias fields

Alias fields for compatibility with 7.x.



*`host.hostname`*::
+
--
type: alias

alias to: beat.hostname

--

*`event.timezone`*::
+
--
type: alias

alias to: beat.timezone

--

*`cloud.provider`*::
+
--
type: alias

alias to: meta.cloud.provider

--

*`cloud.instance.id`*::
+
--
type: alias

alias to: meta.cloud.instance_id

--

*`cloud.instance.name`*::
+
--
type: alias

alias to: meta.cloud.instance_name

--

*`cloud.machine.type`*::
+
--
type: alias

alias to: meta.cloud.machine_type

--

*`cloud.availability_zone`*::
+
--
type: alias

alias to: meta.cloud.availability_zone

--

*`cloud.project.id`*::
+
--
type: alias

alias to: meta.cloud.project_id

--

*`cloud.region`*::
+
--
type: alias

alias to: meta.cloud.region

--

*`container.id`*::
+
--
type: alias

alias to: docker.container.id

--

*`container.name`*::
+
--
type: alias

alias to: docker.container.name

--

*`container.image.name`*::
+
--
type: alias

alias to: docker.container.image

--

[[exported-fields-apache2]]
== Apache2 fields

Expand Down Expand Up @@ -3557,6 +3673,15 @@ File size in bytes (field is only added when `type` is `file`).

--

*`event.module`*::
+
--
type: alias

alias to: fileset.module

--

[[exported-fields-logstash]]
== logstash fields

Expand Down
Loading