New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
o365: fix mappings for dynamically mapped fields #7988
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -34,6 +34,9 @@ | |
type: keyword | ||
- name: ExchangeMetaData.* | ||
type: object | ||
# This object can also contain date fields, but we cannot express multiple dynamic mapping types here. | ||
object_type: long | ||
object_type_mapping_type: long | ||
- name: Category | ||
type: keyword | ||
- name: ClientAppId | ||
|
@@ -68,8 +71,14 @@ | |
type: keyword | ||
- name: ExceptionInfo.* | ||
type: object | ||
# This should be boolean→boolean falling back to *→keyword, but this is | ||
# not expressible here; object_type_mapping_type cannot be 'boolean'. | ||
object_type: keyword | ||
object_type_mapping_type: '*' | ||
- name: ExtendedProperties.* | ||
type: object | ||
object_type: keyword | ||
object_type_mapping_type: '*' | ||
- name: ExternalAccess | ||
type: boolean | ||
- name: FileSizeBytes | ||
|
@@ -90,8 +99,12 @@ | |
type: keyword | ||
- name: Item.* | ||
type: object | ||
object_type: keyword | ||
object_type_mapping_type: '*' | ||
Comment on lines
100
to
+103
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. From the dynamic templates, it looks like this is not necessary. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why didn't it show up in the dynamic_templates? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yeah, that's why I'm confused. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Maybe in a bug in package-spec? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I would suspect Fleet. Like perhaps the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Logged an issue at elastic/kibana#167553. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We can move forward without this being in the template because it's only purpose was to satisfy the field validation (all fields found in test cases must be defined) within elastic-package and it still does. The default dynamic mappings will work fine. |
||
- name: Item.*.* | ||
type: object | ||
object_type: keyword | ||
object_type_mapping_type: '*' | ||
- name: ItemName | ||
type: keyword | ||
- name: ItemType | ||
|
@@ -118,10 +131,10 @@ | |
type: keyword | ||
- name: Members | ||
type: flattened | ||
- name: Members.* | ||
type: object | ||
- name: ModifiedProperties.*.* | ||
type: object | ||
object_type: keyword | ||
object_type_mapping_type: '*' | ||
- name: Name | ||
type: keyword | ||
- name: NewValue | ||
|
@@ -138,6 +151,8 @@ | |
type: keyword | ||
- name: Parameters.* | ||
type: object | ||
object_type: keyword | ||
object_type_mapping_type: '*' | ||
- name: PolicyDetails | ||
type: flattened | ||
- name: PolicyId | ||
|
@@ -150,6 +165,9 @@ | |
type: boolean | ||
- name: SharePointMetaData.* | ||
type: object | ||
# This object may contain date formatted fields, but we do not ensure validity, so leave as keyword. | ||
object_type: keyword | ||
object_type_mapping_type: '*' | ||
- name: SessionId | ||
type: keyword | ||
- name: Severity | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For these cases I assume the data has always been mapped as keyword because Fleet using
"date_detection": false
in templates. So this isn't a regression.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, this is just a note for why it is.