Set file.origin type to keyword (#10544)

The `file.origin` field is set by auditbeat's file_integrity module under macOs. This field was set to `text` type instead of `keyword`.
elastic · Feb 4, 2019 · 6ecef95 · 6ecef95
1 parent d5551c7
commit 6ecef95
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 3 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -37,6 +37,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
   of the auditd module. {pull}10195[10195]
 - Change data type of `file.uid` and `file.gid` to string in JSON output of the
   FIM module. {pull}10195[10195]
+- Field `file.origin` changed type from `text` to `keyword`. {pull}10544[10544]
 
 *Filebeat*
 

diff --git a/auditbeat/_meta/fields.common.yml b/auditbeat/_meta/fields.common.yml
@@ -19,7 +19,7 @@
       description: Set if the file has the `setgid` bit set. Omitted otherwise.
 
     - name: origin
-      type: text
+      type: keyword
       description: >
           An array of strings describing a possible external origin for
           this file. For example, the URL it was downloaded from. Only

diff --git a/auditbeat/docs/fields.asciidoc b/auditbeat/docs/fields.asciidoc
@@ -2610,7 +2610,7 @@ Set if the file has the `setgid` bit set. Omitted otherwise.
 *`file.origin`*::
 +
 --
-type: text
+type: keyword
 
 An array of strings describing a possible external origin for this file. For example, the URL it was downloaded from. Only supported in macOS, via the kMDItemWhereFroms attribute. Omitted if origin information is not available.
 

diff --git a/auditbeat/include/fields.go b/auditbeat/include/fields.go