Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

message field missing from index template's default_field #29633

Closed
adriansr opened this issue Dec 29, 2021 · 1 comment · Fixed by #29821
Closed

message field missing from index template's default_field #29633

adriansr opened this issue Dec 29, 2021 · 1 comment · Fixed by #29821
Assignees
@adriansr
Labels
bug

Comments

@adriansr
Copy link
Contributor

adriansr commented Dec 29, 2021
edited
Loading

For confirmed bugs, please report:

  • Version: 7.16.0+
  • Operating System: -
  • Discuss Forum URL: -
  • Steps to Reproduce:
$ filebeat export template | grep -q '\s*"message",\?$' && echo Present || echo Not present
Not present

This prevents the message field contents to be queried in Kibana's query bar unless the field is referenced explicitly.

Two recent unrelated features seem to be causing this:

#27770 in 7.16.0+
#28596 in master (8.0)
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Dec 29, 2021
@adriansr adriansr self-assigned this Dec 29, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Dec 29, 2021
@adriansr adriansr mentioned this issue Dec 29, 2021
Merged
4 tasks
@adriansr adriansr mentioned this issue Jan 5, 2022
Merged
adriansr added a commit to adriansr/beats that referenced this issue Jan 12, 2022
@adriansr
Update ECS field definitions to latest 8.0.0-dev
771e30c 
This updates the ECS field definitions file in order to incorporate a
fix for missing fields in the default_fields index template setting.

Closes elastic#29633
@adriansr adriansr mentioned this issue Jan 12, 2022
Merged
adriansr added a commit that referenced this issue Jan 13, 2022
@adriansr
Update ECS field definitions to latest 8.0.0-dev (#29821)
4c72575 
This updates the ECS field definitions file in order to incorporate a
fix for missing fields in the default_fields index template setting.

Closes #29633
mergify bot pushed a commit that referenced this issue Jan 13, 2022
@adriansr
Update ECS field definitions to latest 8.0.0-dev (#29821)
499a53f 
This updates the ECS field definitions file in order to incorporate a
fix for missing fields in the default_fields index template setting.

Closes #29633

(cherry picked from commit 4c72575)
adriansr added a commit that referenced this issue Jan 14, 2022
@mergify @adriansr
Update ECS field definitions to latest 8.0.0-dev (#29821) (#29833)
b3cb6ab 
This updates the ECS field definitions file in order to incorporate a
fix for missing fields in the default_fields index template setting.

Closes #29633

(cherry picked from commit 4c72575)

Co-authored-by: Adrian Serrano <[email protected]>
@andrewkroh andrewkroh mentioned this issue Feb 7, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adriansr adriansr

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update ECS field definitions to latest 8.0.0-dev adriansr/beats
2 participants
@adriansr @elasticmachine