Skip to content

Update pgSQL protocol to use ECS fields#10147

Merged
andrewkroh merged 4 commits intoelastic:masterfrom
andrewkroh:feature/pb/pgsql-ecs
Jan 24, 2019
Merged

Update pgSQL protocol to use ECS fields#10147
andrewkroh merged 4 commits intoelastic:masterfrom
andrewkroh:feature/pb/pgsql-ecs

Conversation

@andrewkroh
Copy link
Copy Markdown
Member

@andrewkroh andrewkroh commented Jan 17, 2019

That dashboard was updated too.

Here's a summary of what fields changed.

Part of #7968

Changed

  • bytes_in -> source.bytes
  • bytes_out -> destination.bytes
  • notes -> error.message
  • responsetime -> event.duration (unit are now nanoseconds)

Added

  • destination
  • event.dataset = pgsql
  • event.end
  • event.start
  • network.bytes
  • network.community_id
  • network.protocol = pgsql
  • network.transport = tcp
  • network.type
  • source

Removed

  • pgsql.iserror - It was a boolean that reflected the same information as status which uses OK or Error.
  • pgsql.query - It was in fields.yml but not in the code.

Unchanged Packetbeat Fields

  • method
  • query
  • status
  • type = pgsql (we might remove this since we have event.dataset)

@andrewkroh andrewkroh requested review from a team as code owners January 17, 2019 18:07
andrewkroh
andrewkroh commented Jan 17, 2019
View reviewed changes
webmat
webmat reviewed Jan 18, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@webmat webmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a few comments. Looking pretty good

@webmat
Copy link
Copy Markdown
Contributor

webmat commented Jan 18, 2019

If I understand correctly, all changed fields are Pb-wide, so the ecs-migration.yml and field aliases will come at the end. That's good.

Is that also how you're approaching the changelog for the breaking changes?

This PR could have an "Added" changelog, though.

@webmat
Copy link
Copy Markdown
Contributor

webmat commented Jan 18, 2019

Never mind the comment about the changelog above. Not sure how I missed it when reviewing.

@andrewkroh andrewkroh force-pushed the feature/pb/pgsql-ecs branch from 8d4f118 to 1ef4807 Compare January 18, 2019 20:54
@andrewkroh
Update pgSQL protocol to use ECS fields
f48700e 
That dashboard was updated too.

Here's a summary of what fields changed.

Part of elastic#7968

Changed

- bytes_in -> source.bytes
- bytes_out -> destination.bytes
- notes -> error.message
- responsetime -> event.duration (unit are now nanoseconds)

Added

- destination
- event.dataset = pgsql
- event.end
- event.start
- network.bytes
- network.community_id
- network.protocol = pgsql
- network.transport = tcp
- network.type
- source

Removed

- pgsql.iserror - It was a boolean that reflected the same information as `status` which uses OK or Error.
- pgsql.query - It was in fields.yml but not in the code.

Unchanged Packetbeat Fields

- method
- query
- status
- type = pgsql (we might remove this since we have event.dataset)
@andrewkroh
add event.end and event.duration
47131e4
@andrewkroh
Add PR number to changelog
4aaa10b
@andrewkroh
Remove time_zone from Kibana viz
868448a
@andrewkroh andrewkroh force-pushed the feature/pb/pgsql-ecs branch from 3c86a18 to 868448a Compare January 23, 2019 17:01
@andrewkroh andrewkroh merged commit 8baf1f9 into elastic:master Jan 24, 2019
@andrewkroh andrewkroh mentioned this pull request Jan 24, 2019
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@webmat webmat webmat left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Packetbeat review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@andrewkroh @webmat