Make 7.0 like 6.7 user agent ecs #38757
Conversation
…8115)" This reverts commit 5b008a3. Related: elastic/beats#10650 Will replace this commit with the 6.7 version
elastic#37984)" This reverts commit cac6b8e. Related: elastic/beats#10650 Will replace this commit with the 6.7 version
This switches the format of the user agent processor to use the schema from [ECS](https://github.com/elastic/ecs). So rather than something like this: ``` { "patch" : "3538", "major" : "70", "minor" : "0", "os" : "Mac OS X 10.14.1", "os_minor" : "14", "os_major" : "10", "name" : "Chrome", "os_name" : "Mac OS X", "device" : "Other" } ``` The structure is now like this: ``` { "name" : "Chrome", "original" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36", "os" : { "name" : "Mac OS X", "version" : "10.14.1", "full" : "Mac OS X 10.14.1" }, "device" : "Other", "version" : "70.0.3538.102" } ``` This new can be configured by setting `"ecs": true` in the processor configuration, and will be the default for 7.0. Leaving `ecs` unset or set as `false` is deprecated. Resolves elastic#37329 This PR is against the 6.x branch and will be forward-ported with the deprecated parts removed (I will open a subsequent PR for that).
…lastic#38121) When the ingest node user_agent parses the device field, it will result in a string value. To match the ecs schema this commit moves the value of the parsed device to an object with an inner field named 'name'. There are not any passivity concerns since this modifies an unreleased change. closes elastic#38094 relates elastic#37329
The User Agent ingest processor is changing to align with ECS. Users need to be made aware that any pipelines using this processor will behave differently in 7.0.
jakelandis
added
blocker
WIP
:Data Management/Ingest Node
|
Pinging @elastic/es-core-features |
|
@jakelandis I tested this branch against my branch here with Filebeat 6.7 and the output seems to be as expected: elastic/beats#10688 |
|
With this change, do we also want to adjust the deprecation warning in 6.7? It will currently warn on pipelines with |
@gwbrown |
|
@jakelandis and I talked synchronously about this and we now agree that with this change to 7.0, the Deprececation Info API in 6.7 will give a misleading deprecation warning for pipelines with Even though, with this PR, |
This change reverts the initial 7.0 commits and replaces them with the 6.7 variant that still allows for the ecs flag. This commit differs from the 6.7 variants in that ecs flag will now default to true. 6.7: `ecs` : default `false` 7.x: `ecs` : default `true` 8.0: no option, but behaves as `true` * Revert "Ingest node - user agent, move device to an object (elastic#38115)" This reverts commit 5b008a3. * Revert "Add ECS schema for user-agent ingest processor (elastic#37727) (elastic#37984)" This reverts commit cac6b8e. * cherry-pick 5dfe193 Add ECS schema for user-agent ingest processor (elastic#37727) * cherry-pick ec8ddc8 Ingest node - user agent, move device to an object (elastic#38115) (elastic#38121) * cherry-pick f63cbdb (with manual merge fixes) Dep. check for ECS changes to User Agent processor (elastic#38362) * make true the default for the ecs option, and update 7.0 references and tests
Forward port of #38757 This change reverts the initial 7.0 commits and replaces them with the 6.7 variant that still allows for the ecs flag. This commit differs from the 6.7 variants in that ecs flag will now default to true. 6.7: `ecs` : default `false` 7.x: `ecs` : default `true` 8.0: no option, but behaves as `true` * Revert "Ingest node - user agent, move device to an object (#38115)" This reverts commit 5b008a3. * Revert "Add ECS schema for user-agent ingest processor (#37727) (#37984)" This reverts commit cac6b8e. * cherry-pick 5dfe193 Add ECS schema for user-agent ingest processor (#37727) * cherry-pick ec8ddc8 Ingest node - user agent, move device to an object (#38115) (#38121) * cherry-pick f63cbdb (with manual merge fixes) Dep. check for ECS changes to User Agent processor (#38362) * make true the default for the ecs option, and update 7.0 references and tests
PR elastic#38757 changed 7.0 user-agent behavior for the ecs flag to more closely resemble 6.7. This commit updates the forward looking comments and deprecation notices to be more accurate now that this flag will not be removed until 8.0 related elastic#38757
This PR moves the user_agent processor to share a code base with 6.7 as discovered in elastic/beats#10650 is required for Beats migration to 7.0. This re-introduces the
ecsoption and the optional legacy behavior.This change is largely a set of revert's and cherry-picks, of which only the the most recent commits (ones without a #number) is net new code. This change is intended to be merged to 7.0.0 and then 7.x to allow the
ecsoption to live during the 7.x timeframe.Additionally, this changes the default from
falsetotruefor theecsoption.6.7:
ecs: defaultfalse7.x:
ecs: defaulttrue8.0: no option, but behaves as
trueThe first 5 commits here:
git revert 5b008a3 (Lee's initial 7.x implementation of user_agent ecs)
git revert cac6b8e (Jake's minor change applied to 7.x)
git cherry-pick 5dfe193 (Lee's initial 6.x implementation of user_agent ecs)
git cherry-pick ec8ddc8 (Jake's minor change applied to the 6.x )
git cherry-pick f63cbdb (Gordon's 6.x deprecation info API, with manual merge fixes)