Skip to content

Update AMQP protocol to use ECS fields#10090

Merged
andrewkroh merged 2 commits intoelastic:masterfrom
andrewkroh:feature/pb/amqp-ecs
Jan 16, 2019
Merged

Update AMQP protocol to use ECS fields#10090
andrewkroh merged 2 commits intoelastic:masterfrom
andrewkroh:feature/pb/amqp-ecs

Conversation

@andrewkroh
Copy link
Copy Markdown
Member

@andrewkroh andrewkroh commented Jan 15, 2019

There are no dashboards to update.

Here's a summary of what fields changed.

Part of #7968

Changed

  • bytes_in -> source.bytes
  • bytes_out -> destination.bytes
  • responsetime -> event.duration
  • notes -> error.message

Added

  • client
  • server
  • event.dataset = amqp
  • event.start
  • event.end
  • network.bytes
  • network.community_id
  • network.protocol = dhcpv4
  • network.transport = tcp
  • network.type

Unchanged Packetbeat Fields

  • method
  • status
  • type = amqp (we might remove this since we have event.dataset)
  • request
  • response

@andrewkroh andrewkroh requested a review from a team as a code owner January 15, 2019 19:25
@andrewkroh
Update AMQP protocol to use ECS fields
920478c 
There are no dashboards to update.

Here's a summary of what fields changed.

Part of elastic#7968

Changed

- bytes_in -> source.bytes
- bytes_out -> destination.bytes
- responsetime -> event.duration
- notes -> error.message

Added

- client
- server
- event.dataset = amqp
- event.start
- event.end
- network.bytes
- network.community_id
- network.protocol = dhcpv4
- network.transport = tcp
- network.type

Unchanged Packetbeat Fields

- method
- status
- type = amqp (we might remove this since we have event.dataset)
- request
- response
ruflin
ruflin approved these changes Jan 16, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@ruflin ruflin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

I assume here it's the same that all these fields are already in the migration yml.

@andrewkroh andrewkroh merged commit 1acbfdb into elastic:master Jan 16, 2019
@andrewkroh andrewkroh mentioned this pull request Jan 24, 2019
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ruflin ruflin ruflin approved these changes

Assignees

No one assigned

Labels

Packetbeat review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@andrewkroh @ruflin