Move name_map/ids fields to root of user #7841
Conversation
|
Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually? |
vjsamuel
force-pushed
the
move_user_fields
branch
4 times, most recently
from
8fafc45
to
73e9422
Compare
| type: keyword | ||
| description: file system group ID | ||
| - name: name_map | ||
| - name: id |
There was a problem hiding this comment.
Seems like this would conflict with ECS: https://github.com/elastic/ecs#user
|
Can you share a bit more background on the reasons behind this change? |
|
@ruflin, the idea is to restructure it for better clarity. The feeling was: |
|
Let's see what @andrewkroh thinks. |
|
Like I said on Slack:
Not wanting to conflict with ECS is the reason for the current field naming. I like how you have changed the fields in this PR, but it does conflict. One option would be to switch back to plurals like |
|
Completely different suggestion. It's kind of odd that for example the field The advantage of this would be that id and name would be close together. Disadvantage is that |
|
@vjsamuel I think the part I'm missing here is if the current data model causes some issues when querying / aggregating the data or this is mainly about making the data model nicer? |
|
@ruflin the intent is to simplify the data model. |
vjsamuel
force-pushed
the
move_user_fields
branch
from
73e9422
to
a24b2a3
Compare
|
i was looking for something in similar lines. I can close this one out. Thanks! |
This PR moves
user. name_maptouser.nameand top level ids touser.idfor the auditd module