-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add correct mapping for event.created #3579
Conversation
data_streams that could use httpjson as an input need a field mapping for event.created because httpjson creates that field. - apache: error - atlassian_bitbucket: audit - carbon_black_cloud: alert, asset_vulnerability_summary, audit, endpoint_event, watchlist_hit - github: audit - httpjson: generic - snyk: audit, vulnerabilities - winlog: winlog Closes elastic#3577
a5d1808
to
3921797
Compare
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
🌐 Coverage report
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When looking into the httpjson field mapping the following fields appears in the sample_events and missing in the mapping [event.ingested, event.agent_id_status, message]. We may need to take this as a separate issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Otherwise Looks good!
What does this PR do?
data_streams that could use httpjson as an input need a field mapping for event.created because httpjson creates that field.
endpoint_event, watchlist_hit
Checklist
- [ ] I have verified that all data streams collect metrics or logs.changelog.yml
file.- [ ] I have verified that Kibana version constraints are current according to guidelines.Related issues