From d5da4a02397c89e7a28735c86b4368d3d63d5e10 Mon Sep 17 00:00:00 2001
From: Carlos Crespo <carloshenrique.leonelcrespo@elastic.co>
Date: Thu, 18 Aug 2022 20:17:49 +0200
Subject: [PATCH] remove system.type

---
 .../ingest_pipeline/pipeline-json.yml         |  3 ---
 .../ingest_pipeline/pipeline-json.yml         |  3 ---
 .../ingest_pipeline/pipeline-json.yml         | 23 ++++++++-----------
 3 files changed, 10 insertions(+), 19 deletions(-)

diff --git a/packages/elasticsearch/data_stream/audit/elasticsearch/ingest_pipeline/pipeline-json.yml b/packages/elasticsearch/data_stream/audit/elasticsearch/ingest_pipeline/pipeline-json.yml
index f717fd62ab26..9a0466da176a 100644
--- a/packages/elasticsearch/data_stream/audit/elasticsearch/ingest_pipeline/pipeline-json.yml
+++ b/packages/elasticsearch/data_stream/audit/elasticsearch/ingest_pipeline/pipeline-json.yml
@@ -206,9 +206,6 @@ processors:
       formats:
         - ISO8601
       ignore_failure: true
-  - set:
-      field: service.type
-      value: 'elasticsearch'
 on_failure:
   - set:
       field: error.message
diff --git a/packages/elasticsearch/data_stream/deprecation/elasticsearch/ingest_pipeline/pipeline-json.yml b/packages/elasticsearch/data_stream/deprecation/elasticsearch/ingest_pipeline/pipeline-json.yml
index 84ae73695594..98452b41c9ac 100644
--- a/packages/elasticsearch/data_stream/deprecation/elasticsearch/ingest_pipeline/pipeline-json.yml
+++ b/packages/elasticsearch/data_stream/deprecation/elasticsearch/ingest_pipeline/pipeline-json.yml
@@ -18,6 +18,3 @@ processors:
   - set:
       field: event.dataset
       value: elasticsearch.deprecation
-  - set:
-      field: service.type
-      value: 'elasticsearch'
diff --git a/packages/elasticsearch/data_stream/server/elasticsearch/ingest_pipeline/pipeline-json.yml b/packages/elasticsearch/data_stream/server/elasticsearch/ingest_pipeline/pipeline-json.yml
index 5d9b063ef219..9b19494a6099 100644
--- a/packages/elasticsearch/data_stream/server/elasticsearch/ingest_pipeline/pipeline-json.yml
+++ b/packages/elasticsearch/data_stream/server/elasticsearch/ingest_pipeline/pipeline-json.yml
@@ -3,7 +3,7 @@ description: Pipeline for parsing the Elasticsearch 8.0 server log file in JSON
 on_failure:
   - set:
       field: error.message
-      value: '{{ _ingest.on_failure_message }}'
+      value: "{{ _ingest.on_failure_message }}"
 processors:
   - json:
       field: message
@@ -14,7 +14,7 @@ processors:
   - drop:
       if: ctx.elasticsearch.server.event.dataset != 'elasticsearch.server'
   - set:
-      value: '{{ elasticsearch.server.event.dataset }}'
+      value: "{{ elasticsearch.server.event.dataset }}"
       field: event.dataset
       ignore_empty_value: true
   - remove:
@@ -23,7 +23,7 @@ processors:
       field: ecs.version
       path: elasticsearch.server
   - set:
-      value: '{{ elasticsearch.server.ecs.version }}'
+      value: "{{ elasticsearch.server.ecs.version }}"
       field: ecs.version
       ignore_empty_value: true
   - remove:
@@ -35,9 +35,6 @@ processors:
       field: elasticsearch.server.service.name
       target_field: service.name
       ignore_missing: true
-  - set:
-      field: service.type
-      value: 'elasticsearch'
   - dot_expander:
       field: elasticsearch.cluster.name
       path: elasticsearch.server
@@ -91,27 +88,27 @@ processors:
         GREEDYMULTILINE: |-
           (.|
           )*
-        INDEXNAME: '[a-zA-Z0-9_.-]*'
+        INDEXNAME: "[a-zA-Z0-9_.-]*"
         GC_ALL:
           \[gc\]\[%{NUMBER:elasticsearch.server.gc.overhead_seq}\] overhead, spent
           \[%{NUMBER:elasticsearch.server.gc.collection_duration.time:float}%{DATA:elasticsearch.server.gc.collection_duration.unit}\]
           collecting in the last \[%{NUMBER:elasticsearch.server.gc.observation_duration.time:float}%{DATA:elasticsearch.server.gc.observation_duration.unit}\]
         GC_YOUNG: \[gc\]\[young\]\[%{NUMBER:elasticsearch.server.gc.young.one}\]\[%{NUMBER:elasticsearch.server.gc.young.two}\]%{SPACE}%{GREEDYMULTILINE:message}
       patterns:
-        - '%{GC_ALL}'
-        - '%{GC_YOUNG}'
+        - "%{GC_ALL}"
+        - "%{GC_YOUNG}"
         - ((\[%{INDEXNAME:elasticsearch.index.name}\]|\[%{INDEXNAME:elasticsearch.index.name}\/%{DATA:elasticsearch.index.id}\]))?%{SPACE}%{GREEDYMULTILINE:message}
   - remove:
       field: elasticsearch.server.message
   - set:
-      field: '@timestamp'
-      value: '{{ elasticsearch.server.@timestamp }}'
+      field: "@timestamp"
+      value: "{{ elasticsearch.server.@timestamp }}"
       ignore_empty_value: true
   - remove:
       field: elasticsearch.server.@timestamp
   - date:
-      field: '@timestamp'
-      target_field: '@timestamp'
+      field: "@timestamp"
+      target_field: "@timestamp"
       formats:
         - ISO8601
       ignore_failure: true