Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport #12284 to 7.2: Import ECS 1.0.1 #12299

Closed
wants to merge 1 commit into from
Closed

Backport #12284 to 7.2: Import ECS 1.0.1 #12299

wants to merge 1 commit into from

Conversation

webmat
Copy link
Contributor

@webmat webmat commented May 27, 2019

Backport of #12284 to 7.2. Original message:

This is a patch release of ECS, as it only contains minor fixes, mostly field formatting, and examples for a few fields. No new fields in this release.

The killer feature of ECS 1.0.1 is elastic/ecs#454. This change will make pivoting around numeric values such as port numbers & PIDs much more streamlined, as it will prevent Kibana from adding thousands separators.

I'm hoping we can backport this to 7.2, as I think it fits really well with the introduction of the SIEM app.

@webmat webmat requested review from a team as code owners May 27, 2019 02:39
@webmat webmat self-assigned this May 27, 2019
@webmat webmat requested review from cwurm and tsg May 27, 2019 02:41
@webmat webmat mentioned this pull request May 27, 2019
Merged
ruflin
ruflin requested changes May 27, 2019
View reviewed changes
Copy link
Member

@ruflin ruflin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just realised we didn't update the Golang code dependency. This means internally we still report ECS version 1.0 instead of 1.0.1.

@webmat
Copy link
Contributor Author

webmat commented May 27, 2019

@ruflin I'm confused. What does this have to do with this PR? :-)

@webmat
Copy link
Contributor Author

webmat commented May 27, 2019

Ah you mean the Golang generated code. You're right. 🤦‍♂

@webmat
Copy link
Contributor Author

webmat commented May 27, 2019

I won't have time to pick that up. A Beats dev should do that part.

@ruflin
Copy link
Member

ruflin commented May 28, 2019

I think it's important that we ship both at the same time (single PR) as otherwise we have an inconsistency between definition and what we ship as part of each event.

@cwurm Could you pick this up? We also must fix "master" as it slipped through there.

@webmat
Copy link
Contributor Author

webmat commented May 28, 2019

@ruflin Agreed.

@cwurm
Copy link
Contributor

cwurm commented May 28, 2019

PR for fixing it in master: #12317

@webmat
Copy link
Contributor Author

webmat commented Jun 25, 2019

This didn't make it. Closing

@webmat webmat closed this Jun 25, 2019
@webmat webmat removed the v7.2.0 label Jun 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruflin ruflin ruflin requested changes

@cwurm cwurm Awaiting requested review from cwurm

@tsg tsg Awaiting requested review from tsg

Assignees

@webmat webmat

Labels
backport ecs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@webmat @ruflin @cwurm