Misleading implementation of mappings of nested object subfields #784
Assignees
Labels
bug
Something isn't working
Comments
23 tasks
This was referenced Aug 29, 2024
jsoriano
added a commit
to elastic/kibana
that referenced
this issue
Aug 30, 2024
…191730) There are definitions of nested objects whose fields are defined as subfields, like this: ``` - name: a type: nested fields: - name: b type: keyword ``` This should generate a template with the subfields as subproperties: ``` "properties": { ... "a": { "type": "nested", "properties": { "b": { "ignore_above": 1024, "type": "keyword", }, }, }, }, ``` This change adds support for this. Without it the nested object is empty, without subfields, what is unexpected. See elastic/package-spec#784 for more context.
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Aug 30, 2024
…lastic#191730) There are definitions of nested objects whose fields are defined as subfields, like this: ``` - name: a type: nested fields: - name: b type: keyword ``` This should generate a template with the subfields as subproperties: ``` "properties": { ... "a": { "type": "nested", "properties": { "b": { "ignore_above": 1024, "type": "keyword", }, }, }, }, ``` This change adds support for this. Without it the nested object is empty, without subfields, what is unexpected. See elastic/package-spec#784 for more context. (cherry picked from commit cdb1eb8)
kibanamachine
added a commit
to elastic/kibana
that referenced
this issue
Aug 30, 2024
…plate (#191730) (#191879) # Backport This will backport the following commits from `main` to `8.15`: - [[Fleet] Expand subfields of nested objects when generating template (#191730)](#191730) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jaime Soriano Pastor","email":"jaime.soriano@elastic.co"},"sourceCommit":{"committedDate":"2024-08-30T19:25:15Z","message":"[Fleet] Expand subfields of nested objects when generating template (#191730)\n\nThere are definitions of nested objects whose fields are defined as\r\nsubfields, like this:\r\n```\r\n - name: a\r\n type: nested\r\n fields:\r\n - name: b\r\n type: keyword\r\n```\r\nThis should generate a template with the subfields as subproperties:\r\n```\r\n \"properties\": {\r\n ...\r\n \"a\": {\r\n \"type\": \"nested\",\r\n \"properties\": {\r\n \"b\": {\r\n \"ignore_above\": 1024,\r\n \"type\": \"keyword\",\r\n },\r\n },\r\n },\r\n },\r\n```\r\nThis change adds support for this. Without it the nested object is\r\nempty, without subfields, what is unexpected.\r\n\r\nSee elastic/package-spec#784 for more context.","sha":"cdb1eb8fe475c3f1dad0805586c06775538d2d40","branchLabelMapping":{"^v8.16.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Fleet","backport:prev-minor","v8.16.0"],"title":"[Fleet] Expand subfields of nested objects when generating template","number":191730,"url":"https://github.com/elastic/kibana/pull/191730","mergeCommit":{"message":"[Fleet] Expand subfields of nested objects when generating template (#191730)\n\nThere are definitions of nested objects whose fields are defined as\r\nsubfields, like this:\r\n```\r\n - name: a\r\n type: nested\r\n fields:\r\n - name: b\r\n type: keyword\r\n```\r\nThis should generate a template with the subfields as subproperties:\r\n```\r\n \"properties\": {\r\n ...\r\n \"a\": {\r\n \"type\": \"nested\",\r\n \"properties\": {\r\n \"b\": {\r\n \"ignore_above\": 1024,\r\n \"type\": \"keyword\",\r\n },\r\n },\r\n },\r\n },\r\n```\r\nThis change adds support for this. Without it the nested object is\r\nempty, without subfields, what is unexpected.\r\n\r\nSee elastic/package-spec#784 for more context.","sha":"cdb1eb8fe475c3f1dad0805586c06775538d2d40"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/191730","number":191730,"mergeCommit":{"message":"[Fleet] Expand subfields of nested objects when generating template (#191730)\n\nThere are definitions of nested objects whose fields are defined as\r\nsubfields, like this:\r\n```\r\n - name: a\r\n type: nested\r\n fields:\r\n - name: b\r\n type: keyword\r\n```\r\nThis should generate a template with the subfields as subproperties:\r\n```\r\n \"properties\": {\r\n ...\r\n \"a\": {\r\n \"type\": \"nested\",\r\n \"properties\": {\r\n \"b\": {\r\n \"ignore_above\": 1024,\r\n \"type\": \"keyword\",\r\n },\r\n },\r\n },\r\n },\r\n```\r\nThis change adds support for this. Without it the nested object is\r\nempty, without subfields, what is unexpected.\r\n\r\nSee elastic/package-spec#784 for more context.","sha":"cdb1eb8fe475c3f1dad0805586c06775538d2d40"}}]}] BACKPORT--> Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>
This was referenced Sep 4, 2024
jsoriano
added a commit
to elastic/kibana
that referenced
this issue
Sep 6, 2024
…emplate (#191730)" (#191897) (#192246) This change was released at the end in 8.15.1, so let's keep it the branch. There are definitions of nested objects whose fields are defined as subfields, like this: ``` - name: a type: nested fields: - name: b type: keyword ``` This should generate a template with the subfields as subproperties: ``` "properties": { ... "a": { "type": "nested", "properties": { "b": { "ignore_above": 1024, "type": "keyword", }, }, }, }, ``` This change adds support for this. Without it the nested object is empty, without subfields, what is unexpected. See elastic/package-spec#784 for more context. This change was originally reverted in 8.15 in #191897 Release notes were manually added in elastic/ingest-docs#1292
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have found that fields with
type: nestedand subfields don't get the mappings for the subfields in the final index template, this can lead to unexpected mappings.That is that for example for a mapping with several subfields, this empty nested mapping is generated:
In combination with dynamic mappings introduced by
ecs@mappingsthis can lead subfields to have completely unexpected mappings.While investigating we have found that the implementation in Fleet has two different codepaths for
type: nestedand fortype: group-nested. Fornestedit ignores any subfieds, forgroup-nestedit generates the expected mappings. We have also found that package spec only allows subfields with thegroupandnestedfields, so any workaround based on the use ofgroup-nestedwould not work at the moment.So we need to align the behavior of Fleet, package-spec, and the current assumptions in existing integrations. Probably doing the following:nestedandgroup-nestedare synonyms, even if they were not originally, we are in a situation now wherenestedis used asgroup-nested, andgroup-nestedis not used.nestedwith the implementation ofgroup-nestedin Fleet, so they effectively behave the same.group-nestedin all cases wherenestedis allowed, this will allow to fix issues in packages for current versions of packages.include_in_parentandinclude_in_root, we have only found uses of them in tests, and not on any actual package. We will need to confirm its expected behaviour and decide if we need to keep them.Consider replacingnestedwithgroup-nestedin affected packages.Update: After further investigation the assumptions on
group-nestedwere not correct.group-nestedis only used internally in Kibana, and it is fine if it continues this way. So we won't change this. Plan changes to:type: nestedin Fleet.Thanks @mrodm for finding that some mappings were not being applied!
The text was updated successfully, but these errors were encountered: