Skip to content

Changes network to use ECS fields#44392

Merged
FrankHassanabad merged 2 commits intoelastic:masterfrom
FrankHassanabad:change-dns-fields-ecs
Aug 30, 2019
Merged

Changes network to use ECS fields#44392
FrankHassanabad merged 2 commits intoelastic:masterfrom
FrankHassanabad:change-dns-fields-ecs

Conversation

@FrankHassanabad
Copy link
Copy Markdown
Contributor

@FrankHassanabad FrankHassanabad commented Aug 29, 2019
edited
Loading

Summary

Change dns.question.etld_plus_one to dns.question.registered_domain in the query and the draggable.

You should see on the network page/Top DNS domains this change:
drag-and-drop-table

Checklist

Use strikethroughs to remove checklist items you don't feel are applicable to this PR.

For maintainers

@FrankHassanabad FrankHassanabad self-assigned this Aug 29, 2019
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Aug 29, 2019

Pinging @elastic/siem

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Aug 29, 2019

💔 Build Failed

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Aug 29, 2019

💚 Build Succeeded

XavierM
XavierM approved these changes Aug 29, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@XavierM XavierM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Happy ECS

x-pack/test/functional/es_archives/packetbeat/default/mappings.json
"dns.question.type",
"dns.question.class",
"dns.question.etld_plus_one",
"dns.question.registered_domain",
Copy link
Copy Markdown
Contributor

@XavierM XavierM Aug 29, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That worked, I always tried to modify JSON and I failed each time. Do you have a technique?

Copy link
Copy Markdown
Contributor Author

@FrankHassanabad FrankHassanabad Aug 30, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still modified the JSON.

I ran:

node ../scripts/es_archiver edit packetbeat/dns

And then edited it, closed it and then re-pushed.

@FrankHassanabad FrankHassanabad changed the title Change network to use ECS fields Changes network to use ECS fields Aug 30, 2019
@FrankHassanabad FrankHassanabad merged commit 7a0a3f5 into elastic:master Aug 30, 2019
@FrankHassanabad FrankHassanabad deleted the change-dns-fields-ecs branch August 30, 2019 20:33
@FrankHassanabad FrankHassanabad mentioned this pull request Aug 30, 2019
Merged
FrankHassanabad added a commit to FrankHassanabad/kibana that referenced this pull request Aug 30, 2019
@FrankHassanabad
Changes network to use ECS fields (elastic#44392)
efbad72 
* Change network to use ECS fields

* Updated functional tests with new field mapping and data
FrankHassanabad added a commit to FrankHassanabad/kibana that referenced this pull request Aug 30, 2019
@FrankHassanabad
Changes network to use ECS fields (elastic#44392)
6fbf88d 
* Change network to use ECS fields

* Updated functional tests with new field mapping and data
@FrankHassanabad FrankHassanabad mentioned this pull request Aug 30, 2019
Merged
FrankHassanabad added a commit that referenced this pull request Aug 30, 2019
@FrankHassanabad
Changes network to use ECS fields (#44392) (#44548)
b701e88 
* Change network to use ECS fields

* Updated functional tests with new field mapping and data
FrankHassanabad added a commit that referenced this pull request Aug 30, 2019
@FrankHassanabad
Changes network to use ECS fields (#44392) (#44549)
44e0234 
* Change network to use ECS fields

* Updated functional tests with new field mapping and data
jloleysens added a commit to jloleysens/kibana that referenced this pull request Sep 2, 2019
@jloleysens
Merge branch 'master' of github.com:elastic/kibana into chore/console…
a6b8750 
…-to-np-ready

* 'master' of github.com:elastic/kibana: (409 commits)
  [ML] Data frame analytics: Fix source index checks. (elastic#44479)
  [Code] try fix this test (elastic#43692)
  skip flaky suite (elastic#44572) (elastic#42111) (elastic#44286) (elastic#43557) (elastic#42567)
  skip flaky suite (elastic#44560)
  skip flaky suite (elastic#44250)
  disable flaky suite (elastic#41336)
  [code] Update download URLs for go lsp. (elastic#44581)
  disable flaky suite (elastic#44575)
  disable flaky suite (elastic#44576)
  [Code] add functional test to verify lang server full api symbol/reference counts (elastic#44051)
  Improve Storybook scripts and load time (elastic#44511)
  Update Dependencies (elastic#44519)
  Remove use of injecti18n in Embeddables plugin (elastic#44043)
  [SIEM] Adds a configuraton option for the default SIEM date time range (elastic#44540)
  [Uptime]Fix/issue 40584  section headline should be inside panel (elastic#43468)
  disable flaky suite (elastic#22322)
  Changes network to use ECS fields (elastic#44392)
  Fix 'workpad flash' when loading new workpad (elastic#44387)
  [renovate] bump new PR version labels
  Update dependency cmd-shim to ^2.1.0 (elastic#44034)
  ...

# Conflicts:
#	src/legacy/core_plugins/console/public/index.html
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@XavierM XavierM XavierM approved these changes

Assignees

@FrankHassanabad FrankHassanabad

Labels

release_note:enhancement Team:SIEM v7.4.0 v7.5.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@FrankHassanabad @elasticmachine @XavierM