[7.x](backport #26627) [Filebeat] Remove alias fields from Suricata and Traefik module mappings #26896
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![mergify[bot]](https://avatars.githubusercontent.com/in/10562?s=60&v=4){kind=small}
…ngs (#26627) * Remove alias fields from Suricata/Traefik module mappings Alias fields are displayed in Kibana whenever their target exists in a document. This yields confusing results when, for example, you are looking at Zeek module events but see many `suricata.eve.*` fields just because Zeek populates many ECS fields. This is a breaking change for users that depend on the Suricata alias fields. Because these alias cause issues for all users I think it best to remove them. The following alias fields are removed: suricata.eve.fileinfo.filename suricata.eve.fileinfo.size suricata.eve.dest_port suricata.eve.src_port suricata.eve.proto suricata.eve.src_ip suricata.eve.dest_ip suricata.eve.http.status suricata.eve.http.http_user_agent suricata.eve.http.http_refer suricata.eve.http.url suricata.eve.http.hostname suricata.eve.http.http_refer suricata.eve.http.url suricata.eve.http.hostname suricata.eve.http.length suricata.eve.http.http_method suricata.eve.alert.severity suricata.eve.alert.action suricata.eve.flow.bytes_toclient suricata.eve.flow.start suricata.eve.flow.pkts_toclient suricata.eve.flow.bytes_toserver suricata.eve.flow.pkts_toserver suricata.eve.app_proto traefik.access.user_agent.device Relates: #10535 * Fix changelog (cherry picked from commit 877ae2c)
botelastic
bot
added
the
needs_team
|
This pull request doesn't have a |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
|
This pull request is now in conflicts. Could you fix it? 🙏 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an automatic backport of pull request #26627 done by Mergify.
Mergify commands and options
More conditions and actions can be found in the documentation.
You can also trigger Mergify actions by commenting on this pull request:
@Mergifyio refreshwill re-evaluate the rules@Mergifyio rebasewill rebase this PR on its base branch@Mergifyio updatewill merge the base branch into this PR@Mergifyio backport <destination>will backport this PR on<destination>branchAdditionally, on Mergify dashboard you can:
Finally, you can contact us on https://mergify.io/