Backport #379 to 1.0: Generate full Beats field definitions, includin…

…g nested fields (#379) (#381) Backport of PR #379 to 1.0 branch. Original message: This work has revealed a subtle bug in the generated files schema.csv and both ES templates, which were missing the group fieldset in all places where user is reused. (e.g. `host.user.group.*`) Upon comparing this new file to the fields definition file we had handcrafted for Beats (prior to this), it also revealed we had missed a few things in the Beats field definitions: - We had forgotten to define the reusable `user` fieldset in `client`, `destination`, `server` and `source`. They previously had been missed. - We had forgotten to define the reusable `geo` fieldset at `host.geo.*` and `observer.geo.*`
elastic · Mar 11, 2019 · 39214ed · 39214ed
1 parent 9cdf971
commit 39214ed
Show file tree

Hide file tree

Showing 11 changed files with 3,633 additions and 60 deletions.
diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md
@@ -10,6 +10,7 @@
 * New generator that supports reusable fields, for files based on ECS.
   It generates schema.csv, Elasticsearch 6 and 7 templates, and field documentation
   for the main website. #336
+* Generator for the Beats fields.ecs.yml file. #379
 
 ### Improvements