You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Make sure the package is synced with any changes done to its related module
There might still be changes, hotfixes or enhancements added to modules which is not synced over.
Make sure all packages have pipeline test files.
Currently not all packages have pipeline test files, this should be added to make sure it has more feature parity with how CI tests are done for pipelines in the beats repo.
Remove any edge processing that might still exist.
All edge processing is removed from the security-integrations packges already, but there might be some smaller processors left to convert.
Implementation of "Preserve Raw Event" option for all packages.
All packages should follow the principles discussed in an earlier issue: event.original optionality across all packages #777 (comment)
Each package will have the following changes:
Move the original data from its source field (default is the message field), to event.original.
All ingest pipeline processors handling values stored in the message field, will instead handle the event.original field. This simplifies reindexing of data by a lot,
Preserve raw event defaults to off.
Overwrite any existing setting if some packages might already handle event.original, with on/off by default.
A menu option is added to preserve raw events for each package:
vars:
- name: preserve_original_event
required: true
show_user: true
title: Preserve original event
description: Preserves a raw copy of the original event, added to the field event.original
type: bool
multi: false
default: false
This issue is an overview of planned changes that affect all or most packages to prepare them for GA.
List of tasks:
Update ECS version to 1.10
Each package should have an updated ECS version, even if no changes is needed for the specific package, the new fields added in 1.10 is:
New fields:
Datastream: https://github.com/elastic/ecs/blob/master/rfcs/text/0009-data_stream-fields.md
Beta fields:
Orchestrator: https://github.com/elastic/ecs/blob/master/rfcs/text/0012-orchestrator-field-set.md
Experimental:
Threat fields: https://github.com/elastic/ecs/blob/master/rfcs/text/0018-extend-threat-group-software.md
Make sure the package is synced with any changes done to its related module
There might still be changes, hotfixes or enhancements added to modules which is not synced over.
Make sure all packages have pipeline test files.
Currently not all packages have pipeline test files, this should be added to make sure it has more feature parity with how CI tests are done for pipelines in the beats repo.
Remove any edge processing that might still exist.
All edge processing is removed from the security-integrations packges already, but there might be some smaller processors left to convert.
Implementation of "Preserve Raw Event" option for all packages.
All packages should follow the principles discussed in an earlier issue: event.original optionality across all packages #777 (comment)
Each package will have the following changes:
messagefield), toevent.original.messagefield, will instead handle theevent.originalfield. This simplifies reindexing of data by a lot,off.Which looks like this:
