Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Update ecs package to latest ecs definitions #168553

Merged
merged 2 commits into from
Oct 13, 2023
Merged

[Security Solution] Update ecs package to latest ecs definitions #168553

merged 2 commits into from
Oct 13, 2023

Conversation

lgestc
Copy link
Contributor

@lgestc lgestc commented Oct 11, 2023
edited by kibanamachine
Loading

Summary

Updates for autogenerated ECS definitions

@lgestc lgestc added release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting:Investigations Security Solution Investigations Team v8.11.1 labels Oct 11, 2023
@lgestc lgestc requested review from a team as code owners October 11, 2023 06:55
@lgestc lgestc mentioned this pull request Oct 11, 2023
Open
pgayvallet
pgayvallet approved these changes Oct 11, 2023
View reviewed changes
Copy link
Contributor

@pgayvallet pgayvallet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM for type changes on green CI

@lgestc lgestc force-pushed the update_kibana_ecs_to_8_10 branch from 249f35b to 1758714 Compare October 12, 2023 16:10
@lgestc lgestc requested a review from a team as a code owner October 12, 2023 16:10
ymao1
ymao1 approved these changes Oct 12, 2023
View reviewed changes
Copy link
Contributor

@ymao1 ymao1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Response Ops changes LGTM

@lgestc lgestc force-pushed the update_kibana_ecs_to_8_10 branch from 1758714 to 2cf0dd3 Compare October 12, 2023 19:11
@lgestc lgestc requested a review from a team as a code owner October 12, 2023 19:11
@lgestc
Copy link
Contributor Author

lgestc commented Oct 12, 2023

@andrew-goldstein hey Andrew, I would appreciate your review here, especially after what I did to data quality tests:)

@kc13greiner kc13greiner self-requested a review October 12, 2023 19:52
@lgestc lgestc force-pushed the update_kibana_ecs_to_8_10 branch from 9124fc2 to 91be45d Compare October 13, 2023 08:56
kc13greiner
kc13greiner approved these changes Oct 13, 2023
View reviewed changes
Copy link
Contributor

@kc13greiner kc13greiner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Audit Service changes LGTM!

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/ecs 34718 39558 +4840

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
apm 3.7MB 3.8MB +89.8KB
infra 1.9MB 2.0MB +89.8KB
observability 1.0MB 1.1MB +89.8KB
securitySolution 13.0MB 13.1MB +89.8KB
triggersActionsUi 1.4MB 1.5MB +89.8KB
total +449.1KB
Unknown metric groups

API count

id before after diff
@kbn/ecs 35125 39995 +4870

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@lgestc lgestc merged commit 71c889e into elastic:main Oct 13, 2023
@kibanamachine kibanamachine mentioned this pull request Oct 13, 2023
Closed
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 13, 2023
@lgestc
[Security Solution] Update ecs package to latest ecs definitions (ela…
b65ebdc 
…stic#168553)

## Summary

Updates for autogenerated ECS definitions

(cherry picked from commit 71c889e)
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.11

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

@ymao1
Copy link
Contributor

ymao1 commented Oct 13, 2023

@lgestc I am so sorry, can we revert this PR? I'm seeing errors when applying the updated mapping to existing alerts-as-data indices:

[2023-10-13T11:06:44.254-04:00][ERROR][plugins.alerting] ResponseError: illegal_argument_exception
	Root causes:
		illegal_argument_exception: can't merge a non-nested mapping [faas.trigger] with a nested mapping
    at KibanaTransport.request (/Users/ying/Code/kibana_prs/node_modules/@elastic/transport/src/Transport.ts:535:17)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)

Can we revert and investigate further? It is my understanding the ECS mappings should be backwards compatible.

ymao1 added a commit to ymao1/kibana that referenced this pull request Oct 13, 2023
@ymao1
Revert "[Security Solution] Update ecs package to latest ecs definiti…
e12a7c6 
…ons (elastic#168553)"

This reverts commit 71c889e.
@ymao1 ymao1 mentioned this pull request Oct 13, 2023
Merged
ymao1 added a commit that referenced this pull request Oct 13, 2023
@ymao1
Revert "[Security Solution] Update ecs package to latest ecs definiti… (
11c0bac 
#168864)

Reverts #168553

Seeing these errors when updating existing alerts as data mappings

```
[2023-10-13T11:06:44.254-04:00][ERROR][plugins.alerting] ResponseError: illegal_argument_exception
	Root causes:
		illegal_argument_exception: can't merge a non-nested mapping [faas.trigger] with a nested mapping
    at KibanaTransport.request (/Users/ying/Code/kibana_prs/node_modules/@elastic/transport/src/Transport.ts:535:17)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
```

Needs further investigation as ECS mappings should be backwards
compatible
@pmuellr
Copy link
Member

pmuellr commented Oct 13, 2023

Sounds like we should add a test for an upgrade path - I can't remember if we can actually test an upgrade via FTR or we just do some manual testing for these ...

@ymao1 ymao1 mentioned this pull request Oct 16, 2023
Closed
dej611 pushed a commit to dej611/kibana that referenced this pull request Oct 17, 2023
@lgestc @dej611
[Security Solution] Update ecs package to latest ecs definitions (ela…
7102bfd 
…stic#168553)

## Summary

Updates for autogenerated ECS definitions
dej611 pushed a commit to dej611/kibana that referenced this pull request Oct 17, 2023
@ymao1 @dej611
Revert "[Security Solution] Update ecs package to latest ecs definiti… (
847bb77 
elastic#168864)

Reverts elastic#168553

Seeing these errors when updating existing alerts as data mappings

```
[2023-10-13T11:06:44.254-04:00][ERROR][plugins.alerting] ResponseError: illegal_argument_exception
	Root causes:
		illegal_argument_exception: can't merge a non-nested mapping [faas.trigger] with a nested mapping
    at KibanaTransport.request (/Users/ying/Code/kibana_prs/node_modules/@elastic/transport/src/Transport.ts:535:17)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
```

Needs further investigation as ECS mappings should be backwards
compatible
@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Jun 9, 2024
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add the label auto-backport or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 168553 locally

9 similar comments
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add the label auto-backport or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 168553 locally

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add the label auto-backport or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 168553 locally

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add the label auto-backport or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 168553 locally

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add the label auto-backport or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 168553 locally

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add the label auto-backport or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 168553 locally

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add the label auto-backport or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 168553 locally

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add the label auto-backport or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 168553 locally

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add the label auto-backport or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 168553 locally

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add the label auto-backport or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 168553 locally

@jbudz jbudz added the backport:skip This commit does not require backporting label Sep 30, 2024
@kibanamachine kibanamachine removed the backport missing Added to PRs automatically when the are determined to be missing a backport. label Sep 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pgayvallet pgayvallet pgayvallet approved these changes

@andrew-goldstein andrew-goldstein andrew-goldstein approved these changes

@ymao1 ymao1 ymao1 approved these changes

@kc13greiner kc13greiner kc13greiner approved these changes

Assignees
No one assigned
Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting:Investigations Security Solution Investigations Team v8.11.1 v8.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@lgestc @kibana-ci @kibanamachine @ymao1 @pmuellr @pgayvallet @andrew-goldstein @kc13greiner @jbudz