Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.6] Add entity_id mappings to file and network datastreams in endpoint-package #306

Merged
merged 4 commits into from Oct 18, 2022
Merged

[8.6] Add entity_id mappings to file and network datastreams in endpoint-package #306

merged 4 commits into from Oct 18, 2022

Conversation

Omolola-Akinleye
Copy link
Contributor

@Omolola-Akinleye Omolola-Akinleye commented Oct 17, 2022
edited

Change Summary

Add entity_id mappings to file and network datastreams in endpoint-package

Add file and network mappings to enable file/network telemetry for session view feature work.

Sample values

File Sample Value

process.entry_leader.entity_id:"Y2NiN2IxYTEtMzAz"
process.session_leader.entity_id:"Y2NiN2IxYTEtMzAz"
process.group_leader.entity_id:"Y2NiN2IxYTEtMzAz"
process.parent.entity_id:"Y2NiN2IxYTEtMzAz"
process.parent.group_leader.entity_id:"Y2NiN2IxYTEtMzAz"
process.entry_leader.parent.entity_id:"Y2NiN2IxYTEtMzAz"

Network Sample Values

process.entry_leader.entity_id:"YWZkMzQ4Yz=j"
process.session_leader.entity_id:"YWZkMzQ4Yz="
process.group_leader.entity_id:"YWZkMzQ4Yz=j"
process.parent.entity_id:"YWZkMzQ4Yz="
process.parent.group_leader.entity_id:"YWZkMzQ4Yz="
process.entry_leader.parent.entity_id:"YWZkMzQ4Yz="

Sample document:

File Sample Mappings

        "parent":{
           "entity_id": "Y2NiN2IxYTEtMzAz",
           "group_leader": {
                "entity_id": "Y2NiN2IxYTEtMzAz"
            }
        },
        "entry_leader":{
           "entity_id": "Y2NiN2IxYTEtMzAz",
           "group_leader": {
                "entity_id": "Y2NiN2IxYTEtMzAz"
            }
        },
        "session_leader":{
           "entity_id": "Y2NiN2IxYTEtMzAz"
        },
        "group_leader":{
           "entity_id": "Y2NiN2IxYTEtMzAz"
        },

Network Sample Mappings

     "parent": {
            "entity_id": "YWZkMzQ4Yz=",
            "group_leader": {
                "entity_id": "YWZkMzQ4Yz="
            }
        },
        "entry_leader": {
            "entity_id":  "YWZkMzQ4Yz=",
            "parent": {
                "entity_id": "YWZkMzQ4Yz="
            }
        },
        "session_leader": {
            "entity_id":  "YWZkMzQ4Yz="
        },
        "group_leader": {
            "entity_id": "YWZkMzQ4Yz="
        },

Release Target

8.6

Q/A

For mapping changes:

  • I ran make after making the schema changes, and committed all changes
  • If these field(s) are "exception"-able, I made a companion PR to Kibana adding it (see Readme)
  • If this is a metadata change, I also updated both transform destination schemas to match

For Transform changes:

  • The new transform successfully starts in Kibana
  • The corresponding transform destination schema was updated if necessary

@Omolola-Akinleye Omolola-Akinleye requested a review from a team as a code owner October 17, 2022 20:09
@elasticmachine
Copy link
Contributor

elasticmachine commented Oct 17, 2022
edited

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-10-17T22:20:09.433+0000

  • Duration: 7 min 19 sec

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@Omolola-Akinleye
Copy link
Contributor Author

/test

mitodrummer
mitodrummer reviewed Oct 17, 2022
View reviewed changes
custom_subsets/elastic_endpoint/network/network.yaml
parent:
fields:
entity_id: {}
group_leader:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the file.yaml mappings differ from these. Looks like entry_leader.parent.entity_id and parent.group_leader.entity_id need to be added.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch!

mitodrummer
mitodrummer approved these changes Oct 17, 2022
View reviewed changes
Copy link
Contributor

@mitodrummer mitodrummer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@Omolola-Akinleye Omolola-Akinleye merged commit 53a1938 into master Oct 18, 2022
@elasticmachine
Copy link
Contributor

Package endpoint - 8.6.0 containing this change is available at https://epr.elastic.co

@pzl pzl deleted the session-view-file-network-telemetry-mappings branch November 22, 2022 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mitodrummer mitodrummer mitodrummer approved these changes

@parkiino parkiino parkiino approved these changes

@paul-tavares paul-tavares Awaiting requested review from paul-tavares paul-tavares was automatically assigned from elastic/security-onboarding-and-lifecycle-mgt

Assignees
No one assigned
Labels
v8.6.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Omolola-Akinleye @elasticmachine @mitodrummer @parkiino