Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add Kibana version to eventLog ECS log entries #56771

Closed
pmuellr opened this issue Feb 4, 2020 · 11 comments · Fixed by #108476
Closed

add Kibana version to eventLog ECS log entries #56771

pmuellr opened this issue Feb 4, 2020 · 11 comments · Fixed by #108476
Assignees
@YulNaumenko
Labels
estimate:small Small Estimated Level of Effort Feature:EventLog insight Issues related to user insight into platform operations and resilience Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@pmuellr
Copy link
Member

pmuellr commented Feb 4, 2020

I realized we probably want the Kibana version added to the eventLog ECS log entries. Will probably need to go in the top-level custom kibana object property.

There may be a few other bits we want in there as well. Should poke around what other Kibana-specific properties are available, to see if we want it added.
@pmuellr pmuellr added Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Feb 4, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@pmuellr
Copy link
Member Author

pmuellr commented Jun 4, 2021

I think this can be a constant keyword field.

@YulNaumenko
Copy link
Contributor

Related PR

@gmmorris gmmorris added the loe:medium Medium Level of Effort label Jul 14, 2021
@pmuellr
Copy link
Member Author

pmuellr commented Aug 4, 2021

going to remove and re-add this issue to the alerting project, so it will be re-triaged; we recently chatted about this, and realized we'll want this in by 8.0, and maybe earlier, to help with versions-specific queries when the saved object id's change for share-ability

@mikecote
Copy link
Contributor

mikecote commented Aug 4, 2021

we may want to keep major, minor, and patch separate fields to support querying ex: "< 8.0"

@pmuellr
Copy link
Member Author

pmuellr commented Aug 4, 2021

Yes, if we end up going with constant keyword fields, it would be useful to make the pieces separately available, though I was thinking this:

  • version: 7.15.0
  • versionMajorMinor: 7.15
  • versionMajor: 7

Seems highly likely that we'd be making use of versionMajorMinor, since we usually don't change shapes in patch releases, and having them as separate fields will be a bit slower. Maybe? Maybe not, if they're constant keyword ... good question to ask elasticsearch folk ...

@mikecote
Copy link
Contributor

mikecote commented Aug 4, 2021
edited
Loading

@pmuellr my main concern with versionMajorMinor is you cannot do a range query on it to determine if 7.15 is < than 7.16. Compared to major <= 7 and minor <= 15.

@pmuellr
Copy link
Member Author

pmuellr commented Aug 4, 2021

good point! you win :-)

@pmuellr
Copy link
Member Author

pmuellr commented Aug 5, 2021

Wanted to note that RAC is probably going to be adding a Kibana version field as well - but they might not right now, since it technically wouldn't be needed for the "first release" (you can check that version by lack of the field). So we probably want to wait till that's settled, so we use the same field name.

@mikecote
Copy link
Contributor

mikecote commented Aug 9, 2021

Marking as blocked to give time to align with the approach for alert data indices.

@YulNaumenko YulNaumenko self-assigned this Aug 9, 2021
@mikecote
Copy link
Contributor

I came across this as well as an option: https://www.elastic.co/guide/en/elasticsearch/reference/master/version.html

@chrisronline chrisronline mentioned this issue Aug 10, 2021
Closed
@YulNaumenko YulNaumenko mentioned this issue Aug 13, 2021
Merged
2 tasks
@gmmorris gmmorris added the insight Issues related to user insight into platform operations and resilience label Aug 13, 2021
@mikecote mikecote mentioned this issue Aug 23, 2021
Merged
2 tasks
@gmmorris gmmorris added estimate:small Small Estimated Level of Effort and removed loe:medium Medium Level of Effort labels Sep 2, 2021
@kobelb kobelb added the needs-team Issues missing a team label label Jan 31, 2022
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@YulNaumenko YulNaumenko

Labels
estimate:small Small Estimated Level of Effort Feature:EventLog insight Issues related to user insight into platform operations and resilience Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Event Log] Added Kibana version to eventLog ECS log entries. YulNaumenko/kibana
6 participants
@pmuellr @gmmorris @kobelb @mikecote @elasticmachine @YulNaumenko