Skip to content

Remove fields not needed for session view in add_session_view processor#39500

Merged
mjwolf merged 2 commits intoelastic:mainfrom
mjwolf:reduce-session-events
May 9, 2024
Merged

Remove fields not needed for session view in add_session_view processor#39500
mjwolf merged 2 commits intoelastic:mainfrom
mjwolf:reduce-session-events

Conversation

@mjwolf
Copy link
Copy Markdown
Contributor

@mjwolf mjwolf commented May 9, 2024
edited
Loading

Proposed commit message

In order to reduce event data size, remove all fields from the add_session_metadata processor that are not required for the Kibana session viewer to function.

The unnecessary fields that are removed here are thread and tty fields.

Checklist

  • My code follows the style guidelines of this project
  • [ ] I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • [ ] I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

These removed fields might have been used for other reasons than session view, but given this processor is in beta, there can be breaking changes. The add_process_metadata processor can also be used to get these fields.

Author's Checklist

  • Checked that session view is still working without these fields
  • Checked that the fields were removed from the enriched document

@mjwolf
Remove fields not needed for session view
c41db81 
In order to reduce event data size, remove all fields from the
add_session_metadata processor that is not required for the Kibana session
viewer.

The unnecessary fields that are removed are thread and tty fields.
@mjwolf mjwolf requested a review from a team as a code owner May 9, 2024 21:23
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 9, 2024
@mjwolf mjwolf added enhancement Team:Security-Linux Platform Linux Platform Team in Security Solution and removed needs_team Indicates that the issue/PR needs a Team:* label labels May 9, 2024
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented May 9, 2024

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)

@mergify mergify bot assigned mjwolf May 9, 2024
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented May 9, 2024

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @mjwolf? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

pkoutsovasilis
pkoutsovasilis approved these changes May 9, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@pkoutsovasilis pkoutsovasilis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mjwolf mjwolf added the backport-skip Skip notification from the automated backport with mergify label May 9, 2024
@mjwolf mjwolf merged commit 239deef into elastic:main May 9, 2024
@mjwolf mjwolf deleted the reduce-session-events branch May 9, 2024 22:44
v1v added a commit to v1v/beats that referenced this pull request May 15, 2024
@v1v
Merge remote-tracking branch 'upstream/main' into feature/check-on-gh…
4c5e0d6 
…-actions

* upstream/main: (313 commits)
  github-action: delete opentelemetry workflow (elastic#39559)
  updatecli: move to the .github folder and support for signed commits (elastic#39472)
  Osquerybeat: Add action responses data stream (elastic#39143)
  [winlogbeat] performance improvment; avoid rendering event message twice (elastic#39544)
  Fix the AWS SDK dependencies issue causing the "not found, ResolveEndpointV2" error (elastic#39454)
  x-pack/filebeat/input/cel: add http metrics collection (elastic#39503)
  build(deps): bump github.com/elastic/elastic-agent-libs from 0.9.4 to 0.9.7 (elastic#39424)
  Remove unused env vars from pipelines (elastic#39534)
  [BK] - Remove osx steps from branch execution (elastic#39552)
  [BK] - Remove certain steps from running for Branches (elastic#39533)
  Allow dependabot report BK status checks (elastic#39540)
  Remove hardcoded module definitions in CI (elastic#39506)
  Explicitly set DOCKER_PULL, RACE_DETECTOR and TEST_COVERAGE for pipelines (elastic#39510)
  Fixed pipelines formatting (elastic#39513)
  Update filebeat pipeline to match Jenkins steps (elastic#39261)
  Add error check to groupToEvents so we don't blindly add error values (elastic#39404)
  Remove fields not needed for session view in add_session_view processor (elastic#39500)
  `aws-s3` input: Split S3 poller and SQS reader into explicit input objects (elastic#39353)
  ci(jenkins): remove post-build notifications (elastic#39483)
  [DOCS] Add the `read_pipeline` cluster privilege for winlogbeat and the `auto_configure` index privilege to beats documentation (elastic#38534)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@pkoutsovasilis pkoutsovasilis pkoutsovasilis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mjwolf mjwolf

Labels

backport-skip Skip notification from the automated backport with mergify enhancement Team:Security-Linux Platform Linux Platform Team in Security Solution

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mjwolf @elasticmachine @pkoutsovasilis