Skip to content

[Logs+] Adding ECS dynamic templates #96171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 23 commits into from
Jun 7, 2023
Merged

[Logs+] Adding ECS dynamic templates #96171

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
a601440
Adding ecs dynamic templates
eyalkoren May 16, 2023
cb4db1e
Merge remote-tracking branch 'upstream/main' into ecs-mappings-for-logs
eyalkoren May 23, 2023
7dd458d
Merge remote-tracking branch 'upstream/main' into ecs-mappings-for-logs
eyalkoren May 24, 2023
503df3a
Merging ECS dynamic templates and adding a test
eyalkoren May 28, 2023
36ef5b4
Merge remote-tracking branch 'upstream/main' into ecs-mappings-for-logs
eyalkoren May 29, 2023
cb8f181
Adding full test coverage
eyalkoren May 29, 2023
2887904
Adding nested message to test
eyalkoren May 30, 2023
d7a446e
Update docs/changelog/96171.yaml
eyalkoren May 30, 2023
c6ea453
Test overriding of ECS mappings through custom template
eyalkoren May 30, 2023
13a962a
Merge remote-tracking branch 'eyalkoren/ecs-mappings-for-logs' into e…
eyalkoren May 30, 2023
c5ab780
Changing changelog summary
eyalkoren May 30, 2023
887e5f3
Fixing CoreWithSecurityClientYamlTestSuiteIT
eyalkoren May 31, 2023
97e7583
Separate generic string-to-keyword mapping from ECS mappings
eyalkoren May 31, 2023
0bd84cb
Adding mapping for usage to scaled_float
eyalkoren May 31, 2023
0cce132
Merge remote-tracking branch 'upstream/main' into ecs-mappings-for-logs
eyalkoren May 31, 2023
8956c7f
Add missing mapping
eyalkoren Jun 1, 2023
c198c27
Merge remote-tracking branch 'upstream/main' into ecs-mappings-for-logs
eyalkoren Jun 1, 2023
4211c3a
Extracting data_stream ECS fields into a separate component template
eyalkoren Jun 1, 2023
51b4ed6
Merge remote-tracking branch 'upstream/main' into ecs-mappings-for-logs
eyalkoren Jun 4, 2023
38cbb38
Encorporating feedback
eyalkoren Jun 4, 2023
150b0ab
Disabling date_detection in ECS
eyalkoren Jun 4, 2023
19bbc87
Implement feedback
eyalkoren Jun 5, 2023
cffff64
Renaming to ecs@dynamic_templates
eyalkoren Jun 6, 2023
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions docs/changelog/96171.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
pr: 96171
summary: "Adding ECS dynamic mappings component and applying it to logs data streams by default"
area: Data streams
type: enhancement
issues:
- 95538
34 changes: 34 additions & 0 deletions ...ms/src/yamlRestTest/resources/rest-api-spec/test/data_stream/210_logs_custom_mappings.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@
properties:
numeric_field:
type: integer
socket:
properties:
ip:
type: keyword

- do:
indices.create_data_stream:
Expand All @@ -35,3 +39,33 @@
index: $idx0name
# verify that the new field from the custom component template is applied
- match: { .$idx0name.mappings.properties.numeric_field.type: "integer" }

- do:
index:
index: logs-generic-default
refresh: true
body:
test: 'doc-with-ip'
socket:
ip: 127.0.0.1
- match: {result: "created"}

- do:
search:
index: logs-generic-default
body:
query:
term:
test:
value: 'doc-with-ip'
fields:
- field: 'socket.ip'
- length: { hits.hits: 1 }
- match: { hits.hits.0._source.socket.ip: '127.0.0.1' }

- do:
indices.get_mapping:
index: $idx0name
# test overriding of ECS dynamic template
- match: { .$idx0name.mappings.properties.socket.properties.ip.type: "keyword" }

Loading