Remove suricata.eve.timestamp alias (#22095) (#22102)

Remove the suricata.eve.timestamp alias field from the Suricata module. This is a breaking change for anything that we dependent upon the field, but its presence caused issue in Kibana since it was always displayed in Discover. Fixes #10535 (cherry picked from commit daed8f9)
elastic · Oct 27, 2020 · d0e365d · d0e365d
1 parent ebb96f9
commit d0e365d
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 14 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -89,6 +89,7 @@ field. You can revert this change by configuring tags for the module and omittin
 - Removed experimental modules `citrix`, `kaspersky`, `rapid7` and `tenable`. {pull}20706[20706]
 - Add support for GMT timezone offsets in `decode_cef`. {pull}20993[20993]
 - API address and shard ID are required settings in the Cloud Foundry input. {pull}21759[21759]
+- Remove `suricata.eve.timestamp` alias field. {issue}10535[10535] {pull}22095[22095]
 
 *Heartbeat*
 

diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc
@@ -143950,15 +143950,6 @@ type: keyword
 
 --
 
-*`suricata.eve.timestamp`*::
-+
---
-type: alias
-
-alias to: @timestamp
-
---
-
 *`suricata.eve.in_iface`*::
 +
 --

diff --git a/x-pack/filebeat/module/suricata/eve/_meta/fields.yml b/x-pack/filebeat/module/suricata/eve/_meta/fields.yml
@@ -176,10 +176,6 @@
       - name: http_content_type
         type: keyword
 
-    - name: timestamp
-      type: alias
-      path: '@timestamp'
-
     - name: in_iface
       type: keyword
 

diff --git a/x-pack/filebeat/module/suricata/fields.go b/x-pack/filebeat/module/suricata/fields.go