From 2b6442905e9d56b78379f8a1dcbdd53a1f56b3db Mon Sep 17 00:00:00 2001 From: Eric Beahan Date: Tue, 10 Nov 2020 09:58:56 -0600 Subject: [PATCH] generate artifacts --- code/go/ecs/event.go | 4 +++- docs/field-details.asciidoc | 2 +- experimental/generated/beats/fields.ecs.yml | 3 ++- experimental/generated/ecs/ecs_flat.yml | 3 ++- experimental/generated/ecs/ecs_nested.yml | 3 ++- generated/beats/fields.ecs.yml | 3 ++- generated/ecs/ecs_flat.yml | 3 ++- generated/ecs/ecs_nested.yml | 3 ++- 8 files changed, 16 insertions(+), 8 deletions(-) diff --git a/code/go/ecs/event.go b/code/go/ecs/event.go index affd9c8250..1dfdf696c4 100644 --- a/code/go/ecs/event.go +++ b/code/go/ecs/event.go @@ -132,7 +132,9 @@ type Event struct { // Raw text message of entire event. Used to demonstrate log integrity. // This field is not indexed and doc_values are disabled. It cannot be - // searched, but it can be retrieved from `_source`. + // searched, but it can be retrieved from `_source`. If users wish to + // override this and index this field, consider using the wildcard data + // type. Original string `ecs:"original"` // Hash (perhaps logstash fingerprint) of raw field to be able to diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index f378e1bdca..886cb50740 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -1771,7 +1771,7 @@ example: `apache` | event.original | Raw text message of entire event. Used to demonstrate log integrity. -This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. type: wildcard diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 5b66c7c225..337e2acbfa 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -1334,7 +1334,8 @@ description: 'Raw text message of entire event. Used to demonstrate log integrity. This field is not indexed and doc_values are disabled. It cannot be searched, - but it can be retrieved from `_source`.' + but it can be retrieved from `_source`. If users wish to override this and + index this field, consider using the wildcard data type.' example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 index: false diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 900438f456..e5c528db95 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -2053,7 +2053,8 @@ event.original: description: 'Raw text message of entire event. Used to demonstrate log integrity. This field is not indexed and doc_values are disabled. It cannot be searched, - but it can be retrieved from `_source`.' + but it can be retrieved from `_source`. If users wish to override this and index + this field, consider using the wildcard data type.' doc_values: false example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index c9fcc7058c..03e471d6d8 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -2451,7 +2451,8 @@ event: description: 'Raw text message of entire event. Used to demonstrate log integrity. This field is not indexed and doc_values are disabled. It cannot be searched, - but it can be retrieved from `_source`.' + but it can be retrieved from `_source`. If users wish to override this and + index this field, consider using the wildcard data type.' doc_values: false example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index af6362e233..c1ab9a0251 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -1334,7 +1334,8 @@ description: 'Raw text message of entire event. Used to demonstrate log integrity. This field is not indexed and doc_values are disabled. It cannot be searched, - but it can be retrieved from `_source`.' + but it can be retrieved from `_source`. If users wish to override this and + index this field, consider using the wildcard data type.' example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 index: false diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 289283ed1e..4a09e0b304 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -2053,7 +2053,8 @@ event.original: description: 'Raw text message of entire event. Used to demonstrate log integrity. This field is not indexed and doc_values are disabled. It cannot be searched, - but it can be retrieved from `_source`.' + but it can be retrieved from `_source`. If users wish to override this and index + this field, consider using the wildcard data type.' doc_values: false example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index f228348dbd..0e447b1093 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -2451,7 +2451,8 @@ event: description: 'Raw text message of entire event. Used to demonstrate log integrity. This field is not indexed and doc_values are disabled. It cannot be searched, - but it can be retrieved from `_source`.' + but it can be retrieved from `_source`. If users wish to override this and + index this field, consider using the wildcard data type.' doc_values: false example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232