Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Stack Monitoring] Missing mapping for "event.created" missing in the integration packages #5869

Closed
crespocarlos opened this issue Apr 12, 2023 · 4 comments · Fixed by #6028
Closed

[Stack Monitoring] Missing mapping for "event.created" missing in the integration packages #5869

crespocarlos opened this issue Apr 12, 2023 · 4 comments · Fixed by #6028
Assignees
@jennypavlova
Labels
bug Something isn't working, use only for issues Integration:elasticsearch Elasticsearch Integration:kibana Kibana Integration:logstash Logstash Team:Infra Monitoring UI - DEPRECATED Label for the Infrastructure Monitoring UI team. - DEPRECATED - Use Team:obs-ux-infra_services

Comments

@crespocarlos
Copy link
Contributor

crespocarlos commented Apr 12, 2023
edited
Loading

Some SM integration packages data-streams are missing the mapping for the event.created field, which causes them to be mapped as keyword and not date.

Here are a few examples of data streams that are missing this mapping:

  • Elasticsearch
    • gc
    • server
    • deprecation
    • slowlog
  • Kibana
    • log
    • audit
  • Logstash
    • log

It might be interesting to make sure the SM packages contain all necessary event fields mapped

- external: ecs
  name: event.ingested
- external: ecs
  name: event.kind
- external: ecs
  name: event.category
- external: ecs
  name: event.type
- external: ecs
  name: event.created
- external: ecs
  name: event.original
- external: ecs

Acceptance criteria

  • event.date is mapped as date
@crespocarlos crespocarlos added bug Something isn't working, use only for issues Integration:elasticsearch Elasticsearch Integration:kibana Kibana Integration:logstash Logstash Team:Infra Monitoring UI - DEPRECATED Label for the Infrastructure Monitoring UI team. - DEPRECATED - Use Team:obs-ux-infra_services labels Apr 12, 2023
@chemamartinez chemamartinez mentioned this issue Apr 21, 2023
Closed
@jennypavlova jennypavlova self-assigned this Apr 28, 2023
@jennypavlova
Copy link
Member

The event.created is already mapped in this PR - Looks duplicate of #5774. I am adding the other missing event fields mentioned in this issue and will open a PR.

@jennypavlova jennypavlova mentioned this issue Apr 28, 2023
Merged
4 tasks
@elasticmachine
Copy link

Package elasticsearch - 1.7.2 containing this change is available at https://epr.elastic.co/search?package=elasticsearch

@elasticmachine
Copy link

Package kibana - 2.3.4 containing this change is available at https://epr.elastic.co/search?package=kibana

@elasticmachine
Copy link

Package logstash - 2.3.2 containing this change is available at https://epr.elastic.co/search?package=logstash

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jennypavlova jennypavlova

Labels
bug Something isn't working, use only for issues Integration:elasticsearch Elasticsearch Integration:kibana Kibana Integration:logstash Logstash Team:Infra Monitoring UI - DEPRECATED Label for the Infrastructure Monitoring UI team. - DEPRECATED - Use Team:obs-ux-infra_services
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add missing event fields jennypavlova/integrations
3 participants
@crespocarlos @jennypavlova @elasticmachine