Skip to content

Add RFC for extended entity fields#2598

Merged
trisch-me merged 16 commits into
elastic:mainfrom
uri-weisman:entity_fields_9_4_rfc_strawperson
May 6, 2026
Merged

Add RFC for extended entity fields#2598
trisch-me merged 16 commits into
elastic:mainfrom
uri-weisman:entity_fields_9_4_rfc_strawperson

Conversation

@uri-weisman
Copy link
Copy Markdown
Contributor

@uri-weisman uri-weisman commented Mar 31, 2026
edited
Loading

Summary

@uri-weisman
Add RFC for extended entity fields
9a3f98d 
Introduce a 9.4 strawperson RFC for new entity attributes, lifecycle, and relationship leaves, and propose enabling entity.risk reuse for normalized entities.

Made-with: Cursor
@uri-weisman uri-weisman requested a review from a team March 31, 2026 18:29
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 31, 2026

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

chemamartinez
chemamartinez reviewed Apr 1, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
andrewkroh
andrewkroh reviewed Apr 1, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
trisch-me
trisch-me reviewed Apr 7, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
trisch-me
trisch-me reviewed Apr 7, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
trisch-me
trisch-me reviewed Apr 7, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
trisch-me
trisch-me reviewed Apr 7, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
trisch-me
trisch-me reviewed Apr 7, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
trisch-me
trisch-me reviewed Apr 7, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
@uri-weisman
RFC 0054: align with ECS RFC conventions and PR elastic#2598 feedback
326ca7b 
- Add stage-0 header comments and link to RFC 0049
- Merge entity-type guidance into Fields table; keyword (list) for arrays
- Document flat relationship object shape and Field Re-use nesting
- Fix entity.last_seen_timestamp reference; restore administered_by row
- Match People, Source data, References, and Concerns style to other RFCs
- Update usage example entity.type to array form

Made-with: Cursor
@uri-weisman
make identifiers dotted
463a00c
trisch-me
trisch-me reviewed Apr 13, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
chemamartinez
chemamartinez approved these changes Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown

@chemamartinez chemamartinez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! My review is mostly focused on conversation's I've been involved and from an integration perspective so please wait for the rest of reviewer's approval.

erikh-elastic
erikh-elastic approved these changes Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown

@erikh-elastic erikh-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

trisch-me
trisch-me reviewed Apr 22, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
trisch-me
trisch-me reviewed Apr 22, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
trisch-me
trisch-me reviewed Apr 22, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
trisch-me
trisch-me reviewed Apr 22, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
trisch-me
trisch-me reviewed Apr 22, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md
trisch-me
trisch-me approved these changes Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@trisch-me trisch-me left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm in general with some minor feedback

uri-weisman and others added 3 commits April 26, 2026 12:48
@uri-weisman @trisch-me
Update rfcs/text/0054-extend-entity-fields.md
dcd9a58 
Co-authored-by: Alexandra Konrad <alexandra.konrad@elastic.co>
@uri-weisman @trisch-me
Update rfcs/text/0054-extend-entity-fields.md
53ee704 
Co-authored-by: Alexandra Konrad <alexandra.konrad@elastic.co>
@uri-weisman @trisch-me
Update rfcs/text/0054-extend-entity-fields.md
5b6cb9b 
Co-authored-by: Alexandra Konrad <alexandra.konrad@elastic.co>
trisch-me
trisch-me reviewed Apr 27, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md Outdated
trisch-me
trisch-me reviewed Apr 27, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md
chemamartinez
chemamartinez reviewed Apr 30, 2026
View reviewed changes
Comment thread rfcs/text/0054-extend-entity-fields.md
@uri-weisman
Copy link
Copy Markdown
Contributor Author

uri-weisman commented May 4, 2026

@andrewkroh can I please ask you to have a second look?

@uri-weisman
Copy link
Copy Markdown
Contributor Author

uri-weisman commented May 5, 2026

We decided to wait with follow up PRs that utilize the fields defined in this RFC until it's merged

Can I get another reviewer with write access to be able to merge this one? @trisch-me asking for your assistance.

@chemamartinez chemamartinez mentioned this pull request May 5, 2026
Open
5 tasks
@trisch-me
Copy link
Copy Markdown
Contributor

trisch-me commented May 5, 2026

@taylor-swanson @andrewkroh could you check this out?

bhapas
bhapas approved these changes May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@bhapas bhapas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@uri-weisman
Copy link
Copy Markdown
Contributor Author

uri-weisman commented May 6, 2026

Thanks everyone, @trisch-me I need your assistance with pushing this one?

@trisch-me trisch-me merged commit 7745837 into elastic:main May 6, 2026
7 checks passed
@trisch-me
Copy link
Copy Markdown
Contributor

trisch-me commented May 6, 2026

@uri-weisman can you create a follow up PR with fields put into yaml files? Or do you need help with it?

@uri-weisman
Copy link
Copy Markdown
Contributor Author

uri-weisman commented May 6, 2026

@uri-weisman can you create a follow up PR with fields put into yaml files? Or do you need help with it?

Will create one, thanks!

@uri-weisman uri-weisman deleted the entity_fields_9_4_rfc_strawperson branch May 6, 2026 16:22
@narph
Copy link
Copy Markdown

narph commented May 11, 2026

@uri-weisman can you create a follow up PR with fields put into yaml files? Or do you need help with it?

Will create one, thanks!

@uri-weisman Is the PR already in? We want to make sure the ECS fields are added in before we make changes to our integrations, so we can reduce future friction or potential breaking changes for users.

@uri-weisman
Copy link
Copy Markdown
Contributor Author

uri-weisman commented May 11, 2026

Hey @narph, IIUC @trisch-me is working on introducing the follow up PR - ticket.

@trisch-me
Copy link
Copy Markdown
Contributor

trisch-me commented May 11, 2026

hey @narph - the PR is there, but actual fields are not yet in ECS, I was going to introduce them, but there is a technical question I need to solve first, I hope it will be ready soon

@taylor-swanson
Copy link
Copy Markdown
Contributor

taylor-swanson commented May 11, 2026

We want to make sure the ECS fields are added in before we make changes to our integrations, so we can reduce future friction or potential breaking changes for users.

@narph, just as a heads up, the dynamic ECS templates in elasticsearch won't be updated until the next stack release, so any new fields that don't already match the dynamic template won't map properly if relying on that method. Looking at the list of fields, entity.lifecycle.last_activity (date) is one of those fields. The field can be mapped statically through external: ecs as long as the ECS reference in the integration is updated to the next ECS release that includes these fields.

@trisch-me trisch-me mentioned this pull request May 11, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@trisch-me trisch-me trisch-me approved these changes

@chemamartinez chemamartinez chemamartinez approved these changes

@taylor-swanson taylor-swanson taylor-swanson approved these changes

@bhapas bhapas bhapas approved these changes

@andrewkroh andrewkroh Awaiting requested review from andrewkroh

+1 more reviewer

@erikh-elastic erikh-elastic erikh-elastic approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@uri-weisman @trisch-me @narph @taylor-swanson @andrewkroh @chemamartinez @bhapas @erikh-elastic