Workaround for Beats issue with default_field growing too big (#687) (#…

…709) This is so that Beats' default_fields don't go above 1024 field limit. See also elastic/beats#14262
elastic · Dec 23, 2019 · d0fb13f · d0fb13f
1 parent cc4b36e
commit d0fb13f
Show file tree

Hide file tree

Showing 12 changed files with 540 additions and 29 deletions.
diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md
@@ -18,6 +18,8 @@ Thanks, you're awesome :-) -->
 
 #### Improvements
 
+* Temporary workaround for Beats templates' `default_field` growing too big. #687
+
 #### Deprecated
 
 

diff --git a/code/go/ecs/host.go b/code/go/ecs/host.go
diff --git a/code/go/ecs/rule.go b/code/go/ecs/rule.go
diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc
@@ -2001,9 +2001,9 @@ example: `x86_64`
 // ===============================================================
 
 | host.domain
-| Name of the domain of which the host is a member. 
+| Name of the domain of which the host is a member.
 
-For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name.  For Linux this could be the domain of the host's LDAP provider.
+For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider.
 
 type: keyword
 
@@ -3671,7 +3671,7 @@ type: keyword
 
 Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events.
 
-Examples of data sources that would populate the rule fields include: network admission control platforms, network or  host IDS/IPS, network firewalls, web application firewalls, url filters, endpoint detection and response (EDR) systems, etc.
+Examples of data sources that would populate the rule fields include: network admission control platforms, network or host IDS/IPS, network firewalls, web application firewalls, url filters, endpoint detection and response (EDR) systems, etc.
 
 ==== Rule Field Details