New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move name_map/ids fields to root of user #7841
Conversation
Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually? |
8fafc45
to
73e9422
Compare
type: keyword | ||
description: file system group ID | ||
- name: name_map | ||
- name: id |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like this would conflict with ECS: https://github.com/elastic/ecs#user
Can you share a bit more background on the reasons behind this change? |
@ruflin, the idea is to restructure it for better clarity. The feeling was: |
Let's see what @andrewkroh thinks. |
Like I said on Slack:
Not wanting to conflict with ECS is the reason for the current field naming. I like how you have changed the fields in this PR, but it does conflict. One option would be to switch back to plurals like |
Completely different suggestion. It's kind of odd that for example the field
The advantage of this would be that id and name would be close together. Disadvantage is that |
@vjsamuel I think the part I'm missing here is if the current data model causes some issues when querying / aggregating the data or this is mainly about making the data model nicer? |
@ruflin the intent is to simplify the data model. |
73e9422
to
a24b2a3
Compare
i was looking for something in similar lines. I can close this one out. Thanks! |
This PR moves
user. name_map
touser.name
and top level ids touser.id
for the auditd module