Add missing host.* fields to fields.yml #11016
Conversation
There was a problem hiding this comment.
I don't object to adding these fields to Beats, however neither of these fields is defined in ECS. So please add them to fields.common.yml.
Alternately, the source of the event could populate host.os.version instead, with the full version string.
I must say containerized doesn't have a clear mapping in ECS, though. I'm making a note to look into this.
cwurm
force-pushed
the
missing_host_fields
branch
from
1caec73 to
ab0a4f9
Compare
|
@webmat To be clear, these fields are currently produced by all Beats by default since the I might have dodged a bullet here. I was afraid I'd have to invent a new top-level Eventually, we might need a top-level section for non-ECS fields common to all Beats. The existing "Common" sections are Beat-specific, unfortunately. |
The `add_host_metadata` processor (default since 6.5) fills the fields `host.os.build` and `host.containerized`, but there is no entry for them in `fields.yml` so they are missing from the generated index patterns. This adds them to `add_host_metadata/_meta/fields.yml`. elastic#10992 already addressed this for 6.7. (cherry picked from commit 091a673)
The `add_host_metadata` processor (default since 6.5) fills the fields `host.os.build` and `host.containerized`, but there is no entry for them in `fields.yml` so they are missing from the generated index patterns. This adds them to `add_host_metadata/_meta/fields.yml`. #10992 already addressed this for 6.7. (cherry picked from commit 091a673)
The `add_host_metadata` processor (default since 6.5) fills the fields `host.os.build` and `host.containerized`, but there is no entry for them in `fields.yml` so they are missing from the generated index patterns. This adds them to `add_host_metadata/_meta/fields.yml`. elastic#10992 already addressed this for 6.7. (cherry picked from commit 091a673)
…11061) Cherry-pick of PR #11016 to 7.x branch. Original message: The `add_host_metadata` processor (default since 6.5) fills the fields `host.os.build` and `host.containerized`, but there is no entry for them in `fields.yml` so they are missing from the generated index patterns. This adds them to `add_host_metadata/_meta/fields.yml`. #10992 already addressed this for 6.7.
The `add_host_metadata` processor (default since 6.5) fills the fields `host.os.build` and `host.containerized`, but there is no entry for them in `fields.yml` so they are missing from the generated index patterns. This adds them to `add_host_metadata/_meta/fields.yml`. elastic#10992 already addressed this for 6.7.
The
add_host_metadataprocessor (default since 6.5) fills the fieldshost.os.buildandhost.containerized, but there is no entry for them infields.ymlso they are missing from the generated index patterns.This adds them to
add_host_metadata/_meta/fields.yml.#10992 already addressed this for 6.7.