Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #11035 to 7.0: Add ip fields to default_field in Elasticsearch template #11129

Merged
merged 1 commit into from
Mar 11, 2019
Merged

Cherry-pick #11035 to 7.0: Add ip fields to default_field in Elasticsearch template #11129

merged 1 commit into from
Mar 11, 2019
+18 −18

Conversation

cwurm
Copy link
Contributor

@cwurm cwurm commented Mar 7, 2019

Cherry-pick of PR #11035 to 7.0 branch. Original message:

I recently noticed that pasting an IP into Kibana's KQL bar yielded no results - even though there were plenty of documents with that IP. The reason is that IP fields are currently not included in the default_field configuration of the generated template.

I think they should definitely be included, and this adds them.

For Auditbeat, this adds 9 fields. For the others, it looks like 16 for Metricbeat, 15 for Filebeat, 17 for Packetbeat.

/cc @elastic/secops - important for us.

Add ip fields to default_field in Elasticsearch template (elastic#11035)
3ea9cd2 
Pasting an IP into Kibana's KQL bar currently yields no results - even when there are plenty of documents with that IP. The reason is that IP fields are currently not included in the default_field configuration of the generated template.

This adds them.

For Auditbeat, this adds 9 fields. For the others, it looks like 16 for Metricbeat, 15 for Filebeat, 17 for Packetbeat.

(cherry picked from commit eee127c)
@cwurm cwurm requested a review from a team as a code owner March 7, 2019 10:39
ruflin
ruflin approved these changes Mar 7, 2019
View reviewed changes
Copy link
Collaborator

@ruflin ruflin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cwurm cwurm merged commit c4a5799 into elastic:7.0 Mar 11, 2019
@cwurm cwurm deleted the backport_11035_7.0 branch March 11, 2019 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruflin ruflin

Assignees
No one assigned
Labels
backport review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@cwurm @ruflin