[RAC][Rule Registry] Generate ECS fieldmap from ECS 8.0 #123012
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is the result of running the generate_ecs_fieldmap script against ECS' 8.0 branch.
|
Scanning CI it looks like this is the offending error, currently:
I'm not sure which field that pertains to, but will continue to investigate. |
Comment on lines
1498
to
1502
| 'host.cpu.usage': { | ||
| type: 'scaled_float', | ||
| array: false, | ||
| required: false, | ||
| }, |
There was a problem hiding this comment.
Looks like this is the source of the mapping error, the script that generates this file doesn't pick up the scaling_factor from the ECS file (https://github.com/elastic/ecs/blob/main/generated/ecs/ecs_flat.yml#L4646) and scaling_factor is a required property for scaled_float fields.
This is a required field for e.g. scaled_float fields, so we need to reflect its value in our field map.
It does not appear that this value was ever being set, nor does this value appear in ECS' flat output, so I'm removing it for now to keep our types as accurate as possible.
This is a required field for type: alias fields.
This now exceeds the default of 1000.
Apparently 1300 wasn't enough, either.
|
For posterity: the errors related to these changes look to be due to #108941 and the resulting PR. |
Makes this field optional, since the technical component template doesn't currently use it.
Including the newest ECS fields, this index now exceeds 1600 fields. This value should probably be derived from the composed template's limits, but for now this allows the template to be created.
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: cc @rylnd |
|
threat fields w/ both |
rylnd
added
the
Team:ResponseOps
|
Pinging @elastic/response-ops (Team:ResponseOps) |
kobelb
approved these changes
Jan 18, 2022
rylnd
added
the
auto-backport
|
The following labels were identified as gaps in your version labels and will be added automatically:
If any of these should not be on your pull request, please manually remove them. |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 19, 2022
* Generate ECS fieldmap from ECS 8.0 This is the result of running the generate_ecs_fieldmap script against ECS' 8.0 branch. * Account for scaling_factor property from ECS This is a required field for e.g. scaled_float fields, so we need to reflect its value in our field map. * Remove unused, unset property from FieldMap It does not appear that this value was ever being set, nor does this value appear in ECS' flat output, so I'm removing it for now to keep our types as accurate as possible. * Add path back to FieldMap definition This is a required field for type: alias fields. * Try upping the fields limit on our ECS component template This now exceeds the default of 1000. * Bump our field limit a bit more Apparently 1300 wasn't enough, either. * Fix type error Makes this field optional, since the technical component template doesn't currently use it. * Bump the field limit of our composed template Including the newest ECS fields, this index now exceeds 1600 fields. This value should probably be derived from the composed template's limits, but for now this allows the template to be created. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit 8737691)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Jan 19, 2022
…23334) * Generate ECS fieldmap from ECS 8.0 This is the result of running the generate_ecs_fieldmap script against ECS' 8.0 branch. * Account for scaling_factor property from ECS This is a required field for e.g. scaled_float fields, so we need to reflect its value in our field map. * Remove unused, unset property from FieldMap It does not appear that this value was ever being set, nor does this value appear in ECS' flat output, so I'm removing it for now to keep our types as accurate as possible. * Add path back to FieldMap definition This is a required field for type: alias fields. * Try upping the fields limit on our ECS component template This now exceeds the default of 1000. * Bump our field limit a bit more Apparently 1300 wasn't enough, either. * Fix type error Makes this field optional, since the technical component template doesn't currently use it. * Bump the field limit of our composed template Including the newest ECS fields, this index now exceeds 1600 fields. This value should probably be derived from the composed template's limits, but for now this allows the template to be created. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit 8737691) Co-authored-by: Ryland Herrick <ryalnd@gmail.com>
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
1 task
FrankHassanabad
pushed a commit
that referenced
this pull request
Jan 20, 2022
## Summary New ECS FieldMap was generated in #123012, however since it only contained changes to `Rule Registry` code the `Security Solution` Cypress tests were not run, and thus did not catch this field change. See #122661 (comment) for details. Confirmed w/ @madirey that expected value is indeed `5` now that `host.geo.continent_code` has been [added](https://github.com/elastic/kibana/pull/123012/files#diff-a1647ccb73ef26c8c8b6aefd87084504b146af72fcb088ccacad93fcaad15b69R1524-R1528). Some failing PR's from `main`: #123357 #121644 #123352 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 20, 2022
…123429) ## Summary New ECS FieldMap was generated in elastic#123012, however since it only contained changes to `Rule Registry` code the `Security Solution` Cypress tests were not run, and thus did not catch this field change. See elastic#122661 (comment) for details. Confirmed w/ @madirey that expected value is indeed `5` now that `host.geo.continent_code` has been [added](https://github.com/elastic/kibana/pull/123012/files#diff-a1647ccb73ef26c8c8b6aefd87084504b146af72fcb088ccacad93fcaad15b69R1524-R1528). Some failing PR's from `main`: elastic#123357 elastic#121644 elastic#123352 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit d6917fc)
kibanamachine
added a commit
that referenced
this pull request
Jan 20, 2022
…#123433) ## Summary New ECS FieldMap was generated in #123012, however since it only contained changes to `Rule Registry` code the `Security Solution` Cypress tests were not run, and thus did not catch this field change. See #122661 (comment) for details. Confirmed w/ @madirey that expected value is indeed `5` now that `host.geo.continent_code` has been [added](https://github.com/elastic/kibana/pull/123012/files#diff-a1647ccb73ef26c8c8b6aefd87084504b146af72fcb088ccacad93fcaad15b69R1524-R1528). Some failing PR's from `main`: #123357 #121644 #123352 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit d6917fc) Co-authored-by: Garrett Spong <spong@users.noreply.github.com>
ogupte
pushed a commit
to ogupte/kibana
that referenced
this pull request
Jan 28, 2022
* Generate ECS fieldmap from ECS 8.0 This is the result of running the generate_ecs_fieldmap script against ECS' 8.0 branch. * Account for scaling_factor property from ECS This is a required field for e.g. scaled_float fields, so we need to reflect its value in our field map. * Remove unused, unset property from FieldMap It does not appear that this value was ever being set, nor does this value appear in ECS' flat output, so I'm removing it for now to keep our types as accurate as possible. * Add path back to FieldMap definition This is a required field for type: alias fields. * Try upping the fields limit on our ECS component template This now exceeds the default of 1000. * Bump our field limit a bit more Apparently 1300 wasn't enough, either. * Fix type error Makes this field optional, since the technical component template doesn't currently use it. * Bump the field limit of our composed template Including the newest ECS fields, this index now exceeds 1600 fields. This value should probably be derived from the composed template's limits, but for now this allows the template to be created. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
ogupte
pushed a commit
to ogupte/kibana
that referenced
this pull request
Jan 28, 2022
…123429) ## Summary New ECS FieldMap was generated in elastic#123012, however since it only contained changes to `Rule Registry` code the `Security Solution` Cypress tests were not run, and thus did not catch this field change. See elastic#122661 (comment) for details. Confirmed w/ @madirey that expected value is indeed `5` now that `host.geo.continent_code` has been [added](https://github.com/elastic/kibana/pull/123012/files#diff-a1647ccb73ef26c8c8b6aefd87084504b146af72fcb088ccacad93fcaad15b69R1524-R1528). Some failing PR's from `main`: elastic#123357 elastic#121644 elastic#123352 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This is the result of running the
generate_ecs_fieldmapscript against ECS' 8.0 branch.Checklist