[Auto Import] Ask LLM to map to non-reserved ECS fields #195168
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ilyannn
added
Feature:AutomaticImport
Team:Security-Scalability
|
Pinging @elastic/security-scalability (Team:Security-Scalability) |
ilyannn
changed the title
|
@elasticmachine merge upstream |
bhapas
reviewed
Oct 7, 2024
ilyannn
added
backport:prev-minor
|
@elasticmachine merge upstream |
ilyannn
changed the title
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: cc @ilyannn |
|
Starting backport for target branches: 8.x |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Oct 7, 2024
## Release Note Automatic Import does not ask the LLM to map the fields to the reserved ECS fields anymore. ## Summary Previously we have given the LLM the whole list of ECS fields, but later failed the validation if the LLM's suggested a mapping into one of the reserved fields (like `event.created`). With these changes, we hide the reserved fields from the LLM when creating the prompt, so the likelihood of this happening is reduced. We test with the Teleport integration (see GitHub). --------- Co-authored-by: Elastic Machine <[email protected]> (cherry picked from commit c4599e0)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Oct 7, 2024
… (#195288) # Backport This will backport the following commits from `main` to `8.x`: - [[Auto Import] Ask LLM to map to non-reserved ECS fields (#195168)](#195168) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Ilya Nikokoshev","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-07T15:57:49Z","message":"[Auto Import] Ask LLM to map to non-reserved ECS fields (#195168)\n\n## Release Note\r\n\r\nAutomatic Import does not ask the LLM to map the fields to the reserved \r\nECS fields anymore.\r\n\r\n## Summary\r\n\r\nPreviously we have given the LLM the whole list of ECS fields, but later\r\nfailed the validation if the LLM's suggested a mapping into one of the\r\nreserved fields (like `event.created`). With these changes, we hide the\r\nreserved fields from the LLM when creating the prompt, so the likelihood\r\nof this happening is reduced.\r\n\r\nWe test with the Teleport integration (see GitHub).\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"c4599e0ade1aa259bc8ca62ed9a45af33d71816c","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","backport:prev-minor","Team:Security-Scalability","Feature:AutomaticImport"],"title":"[Auto Import] Ask LLM to map to non-reserved ECS fields","number":195168,"url":"https://github.com/elastic/kibana/pull/195168","mergeCommit":{"message":"[Auto Import] Ask LLM to map to non-reserved ECS fields (#195168)\n\n## Release Note\r\n\r\nAutomatic Import does not ask the LLM to map the fields to the reserved \r\nECS fields anymore.\r\n\r\n## Summary\r\n\r\nPreviously we have given the LLM the whole list of ECS fields, but later\r\nfailed the validation if the LLM's suggested a mapping into one of the\r\nreserved fields (like `event.created`). With these changes, we hide the\r\nreserved fields from the LLM when creating the prompt, so the likelihood\r\nof this happening is reduced.\r\n\r\nWe test with the Teleport integration (see GitHub).\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"c4599e0ade1aa259bc8ca62ed9a45af33d71816c"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195168","number":195168,"mergeCommit":{"message":"[Auto Import] Ask LLM to map to non-reserved ECS fields (#195168)\n\n## Release Note\r\n\r\nAutomatic Import does not ask the LLM to map the fields to the reserved \r\nECS fields anymore.\r\n\r\n## Summary\r\n\r\nPreviously we have given the LLM the whole list of ECS fields, but later\r\nfailed the validation if the LLM's suggested a mapping into one of the\r\nreserved fields (like `event.created`). With these changes, we hide the\r\nreserved fields from the LLM when creating the prompt, so the likelihood\r\nof this happening is reduced.\r\n\r\nWe test with the Teleport integration (see GitHub).\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"c4599e0ade1aa259bc8ca62ed9a45af33d71816c"}}]}] BACKPORT--> Co-authored-by: Ilya Nikokoshev <[email protected]>
ilyannn
added
backport:prev-major
|
Starting backport for target branches: 8.15, 8.x |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Oct 7, 2024
## Release Note Automatic Import does not ask the LLM to map the fields to the reserved ECS fields anymore. ## Summary Previously we have given the LLM the whole list of ECS fields, but later failed the validation if the LLM's suggested a mapping into one of the reserved fields (like `event.created`). With these changes, we hide the reserved fields from the LLM when creating the prompt, so the likelihood of this happening is reduced. We test with the Teleport integration (see GitHub). --------- Co-authored-by: Elastic Machine <[email protected]> (cherry picked from commit c4599e0)
💔 Some backports could not be created
Note: Successful backport PRs will be merged automatically after passing CI. Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Oct 7, 2024
…) (#195304) # Backport This will backport the following commits from `main` to `8.15`: - [[Auto Import] Ask LLM to map to non-reserved ECS fields (#195168)](#195168) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Ilya Nikokoshev","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-07T15:57:49Z","message":"[Auto Import] Ask LLM to map to non-reserved ECS fields (#195168)\n\n## Release Note\r\n\r\nAutomatic Import does not ask the LLM to map the fields to the reserved \r\nECS fields anymore.\r\n\r\n## Summary\r\n\r\nPreviously we have given the LLM the whole list of ECS fields, but later\r\nfailed the validation if the LLM's suggested a mapping into one of the\r\nreserved fields (like `event.created`). With these changes, we hide the\r\nreserved fields from the LLM when creating the prompt, so the likelihood\r\nof this happening is reduced.\r\n\r\nWe test with the Teleport integration (see GitHub).\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"c4599e0ade1aa259bc8ca62ed9a45af33d71816c","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","backport:prev-major","v8.16.0","Team:Security-Scalability","Feature:AutomaticImport"],"title":"[Auto Import] Ask LLM to map to non-reserved ECS fields","number":195168,"url":"https://github.com/elastic/kibana/pull/195168","mergeCommit":{"message":"[Auto Import] Ask LLM to map to non-reserved ECS fields (#195168)\n\n## Release Note\r\n\r\nAutomatic Import does not ask the LLM to map the fields to the reserved \r\nECS fields anymore.\r\n\r\n## Summary\r\n\r\nPreviously we have given the LLM the whole list of ECS fields, but later\r\nfailed the validation if the LLM's suggested a mapping into one of the\r\nreserved fields (like `event.created`). With these changes, we hide the\r\nreserved fields from the LLM when creating the prompt, so the likelihood\r\nof this happening is reduced.\r\n\r\nWe test with the Teleport integration (see GitHub).\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"c4599e0ade1aa259bc8ca62ed9a45af33d71816c"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195168","number":195168,"mergeCommit":{"message":"[Auto Import] Ask LLM to map to non-reserved ECS fields (#195168)\n\n## Release Note\r\n\r\nAutomatic Import does not ask the LLM to map the fields to the reserved \r\nECS fields anymore.\r\n\r\n## Summary\r\n\r\nPreviously we have given the LLM the whole list of ECS fields, but later\r\nfailed the validation if the LLM's suggested a mapping into one of the\r\nreserved fields (like `event.created`). With these changes, we hide the\r\nreserved fields from the LLM when creating the prompt, so the likelihood\r\nof this happening is reduced.\r\n\r\nWe test with the Teleport integration (see GitHub).\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"c4599e0ade1aa259bc8ca62ed9a45af33d71816c"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/195288","number":195288,"state":"MERGED","mergeCommit":{"sha":"04ca4b5dc32872dcfd89b3f645fc1ebbe6762392","message":"[8.x] [Auto Import] Ask LLM to map to non-reserved ECS fields (#195168) (#195288)\n\n# Backport\n\nThis will backport the following commits from `main` to `8.x`:\n- [[Auto Import] Ask LLM to map to non-reserved ECS fields\n(#195168)](https://github.com/elastic/kibana/pull/195168)\n\n<!--- Backport version: 9.4.3 -->\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sqren/backport)\n\n<!--BACKPORT [{\"author\":{\"name\":\"Ilya\nNikokoshev\",\"email\":\"[email protected]\"},\"sourceCommit\":{\"committedDate\":\"2024-10-07T15:57:49Z\",\"message\":\"[Auto\nImport] Ask LLM to map to non-reserved ECS fields (#195168)\\n\\n##\nRelease Note\\r\\n\\r\\nAutomatic Import does not ask the LLM to map the\nfields to the reserved \\r\\nECS fields anymore.\\r\\n\\r\\n##\nSummary\\r\\n\\r\\nPreviously we have given the LLM the whole list of ECS\nfields, but later\\r\\nfailed the validation if the LLM's suggested a\nmapping into one of the\\r\\nreserved fields (like `event.created`). With\nthese changes, we hide the\\r\\nreserved fields from the LLM when creating\nthe prompt, so the likelihood\\r\\nof this happening is reduced.\\r\\n\\r\\nWe\ntest with the Teleport integration (see\nGitHub).\\r\\n---------\\r\\n\\r\\nCo-authored-by: Elastic Machine\n<[email protected]>\",\"sha\":\"c4599e0ade1aa259bc8ca62ed9a45af33d71816c\",\"branchLabelMapping\":{\"^v9.0.0$\":\"main\",\"^v8.16.0$\":\"8.x\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"release_note:fix\",\"v9.0.0\",\"backport:prev-minor\",\"Team:Security-Scalability\",\"Feature:AutomaticImport\"],\"title\":\"[Auto\nImport] Ask LLM to map to non-reserved ECS\nfields\",\"number\":195168,\"url\":\"https://github.com/elastic/kibana/pull/195168\",\"mergeCommit\":{\"message\":\"[Auto\nImport] Ask LLM to map to non-reserved ECS fields (#195168)\\n\\n##\nRelease Note\\r\\n\\r\\nAutomatic Import does not ask the LLM to map the\nfields to the reserved \\r\\nECS fields anymore.\\r\\n\\r\\n##\nSummary\\r\\n\\r\\nPreviously we have given the LLM the whole list of ECS\nfields, but later\\r\\nfailed the validation if the LLM's suggested a\nmapping into one of the\\r\\nreserved fields (like `event.created`). With\nthese changes, we hide the\\r\\nreserved fields from the LLM when creating\nthe prompt, so the likelihood\\r\\nof this happening is reduced.\\r\\n\\r\\nWe\ntest with the Teleport integration (see\nGitHub).\\r\\n---------\\r\\n\\r\\nCo-authored-by: Elastic Machine\n<[email protected]>\",\"sha\":\"c4599e0ade1aa259bc8ca62ed9a45af33d71816c\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[],\"targetPullRequestStates\":[{\"branch\":\"main\",\"label\":\"v9.0.0\",\"branchLabelMappingKey\":\"^v9.0.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/195168\",\"number\":195168,\"mergeCommit\":{\"message\":\"[Auto\nImport] Ask LLM to map to non-reserved ECS fields (#195168)\\n\\n##\nRelease Note\\r\\n\\r\\nAutomatic Import does not ask the LLM to map the\nfields to the reserved \\r\\nECS fields anymore.\\r\\n\\r\\n##\nSummary\\r\\n\\r\\nPreviously we have given the LLM the whole list of ECS\nfields, but later\\r\\nfailed the validation if the LLM's suggested a\nmapping into one of the\\r\\nreserved fields (like `event.created`). With\nthese changes, we hide the\\r\\nreserved fields from the LLM when creating\nthe prompt, so the likelihood\\r\\nof this happening is reduced.\\r\\n\\r\\nWe\ntest with the Teleport integration (see\nGitHub).\\r\\n---------\\r\\n\\r\\nCo-authored-by: Elastic Machine\n<[email protected]>\",\"sha\":\"c4599e0ade1aa259bc8ca62ed9a45af33d71816c\"}}]}]\nBACKPORT-->\n\nCo-authored-by: Ilya Nikokoshev <[email protected]>"}}]}] BACKPORT--> Co-authored-by: Ilya Nikokoshev <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Release Note
Automatic Import does not ask the LLM to map the fields to the reserved ECS fields anymore.
Summary
Previously we have given the LLM the whole list of ECS fields, but later failed the validation if the LLM's suggested a mapping into one of the reserved fields (like
event.created). With these changes, we hide the reserved fields from the LLM when creating the prompt, so the likelihood of this happening is reduced.We test with the Teleport integration: ai_teleport_202410051919-1.0.0.zip