Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce process.executable. #209

Merged
merged 4 commits into from
Dec 4, 2018
Merged

Introduce process.executable. #209

merged 4 commits into from
Dec 4, 2018

Conversation

webmat
Copy link
Contributor

@webmat webmat commented Nov 30, 2018

Note that in this PR, I also take the opportunity to move the more important
fields to the top. You may want to review one commit at a time.

@webmat webmat self-assigned this Nov 30, 2018
andrewkroh
andrewkroh reviewed Nov 30, 2018
View reviewed changes
@andrewkroh
Copy link
Member

There are a few places in Beats that will need changed because we have process.exe. IIRC they are

  • auditbeat auditd fields
  • add_process_metadata processor
  • packetbeat

ruflin
ruflin requested changes Dec 3, 2018
View reviewed changes
Copy link
Contributor

@ruflin ruflin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@andrewkroh To understand what this means from a migration perspective:

  • Are these 1-1 mappings that change from 6.x to 7.x? Meaning we could add an alias in 6.x to the renamed field?
  • Any other changes?

@andrewkroh andrewkroh mentioned this pull request Dec 3, 2018
Merged
3 tasks
andrewkroh
andrewkroh approved these changes Dec 4, 2018
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@ruflin Yeah these would be one-to-one mappings. I think we have a process.exe in 6.x that can be mapped with an alias. And one of my open Packetbeat PRs has a uses process.exe as a new field so that can be updated now.

ruflin
ruflin approved these changes Dec 4, 2018
View reviewed changes
Copy link
Contributor

@ruflin ruflin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, as it's only 1-1 mappings I'm good in moving forward with this. Will need a rebase.

@webmat
Copy link
Contributor Author

webmat commented Dec 4, 2018

Rebased.

@webmat webmat merged commit 24408a2 into elastic:master Dec 4, 2018
@webmat webmat deleted the process-exe branch December 4, 2018 15:44
MikePaquette pushed a commit to MikePaquette/ecs-1 that referenced this pull request Dec 4, 2018
@webmat @MikePaquette
Introduce process.executable. (elastic#209)
468e8a4 
Also move the more canonical process fields to the top.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruflin ruflin ruflin approved these changes

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

@webmat webmat

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@webmat @andrewkroh @ruflin