[Automatic Import] add timestamp to ECS constants #204931
Merged
+51
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
haetamoudi
added
release_note:skip
|
Pinging @elastic/security-scalability (Team:Security-Scalability) |
For ECS events,
|
We could add a processor at the end of all the ingest pipelines that fills out the |
ilyannn
approved these changes
Dec 19, 2024
++ I don't want to sidetrack getting the improvements in ASAP, so we can continue the discussion beyond this PR (I'll open an issue 😄 ). |
ilyannn
added
release_note:fix
and removed
release_note:skip
|
Starting backport for target branches: 8.x |
💚 Build Succeeded
Metrics [docs]
History
|
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Dec 27, 2024
## Summary Ensure mapping contains `@timestamp` field whenever possible. elastic#196040 Tested cases: | test case | has `@timestamp` | is expected result | |---|---|---| | sample logs with datetime value for `time` and `expires` fields | yes (picked `time` as `@timestamp`) | ✅ | | sample logs with datetime value for `expires` field only | no | ✅ | | sample logs with no datetime values | no | ✅ | | sample logs with `created_at` field that does not contain datetime value | no | ✅ | Tested values for `time` field: | value | match correctly `@timestamp` | |---|---| | `2024-02-24T06:56:50.648137154Z` | ✅ | | `10/01/2023 12:34:56` | ✅ | | `01-10-2023 12:34:56` | ✅ | | `Thu, 25 December 2023 10:15:00GMT` | ✅ --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Ilya Nikokoshev <[email protected]> (cherry picked from commit 4cc6952)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Dec 27, 2024
…05216) # Backport This will backport the following commits from `main` to `8.x`: - [[Automatic Import] add timestamp to ECS constants (#204931)](#204931) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Hanna Tamoudi","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-27T17:24:02Z","message":"[Automatic Import] add timestamp to ECS constants (#204931)\n\n## Summary\r\n\r\nEnsure mapping contains `@timestamp` field whenever possible.\r\nhttps://github.com//issues/196040\r\n\r\nTested cases:\r\n| test case | has `@timestamp` | is expected result |\r\n|---|---|---|\r\n| sample logs with datetime value for `time` and `expires` fields | yes\r\n(picked `time` as `@timestamp`) | ✅ |\r\n| sample logs with datetime value for `expires` field only | no | ✅ |\r\n| sample logs with no datetime values | no | ✅ |\r\n| sample logs with `created_at` field that does not contain datetime\r\nvalue | no | ✅ |\r\n\r\n\r\nTested values for `time` field:\r\n\r\n| value | match correctly `@timestamp` |\r\n|---|---|\r\n| `2024-02-24T06:56:50.648137154Z` | ✅ |\r\n| `10/01/2023 12:34:56` | ✅ |\r\n| `01-10-2023 12:34:56` | ✅ |\r\n| `Thu, 25 December 2023 10:15:00GMT` | ✅ \r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Ilya Nikokoshev <[email protected]>","sha":"4cc6952c83de1bd7eacd95c458bbe6c281b364b0","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","backport:prev-minor","Team:Security-Scalability","Feature:AutomaticImport"],"title":"[Automatic Import] add timestamp to ECS constants","number":204931,"url":"https://github.com/elastic/kibana/pull/204931","mergeCommit":{"message":"[Automatic Import] add timestamp to ECS constants (#204931)\n\n## Summary\r\n\r\nEnsure mapping contains `@timestamp` field whenever possible.\r\nhttps://github.com//issues/196040\r\n\r\nTested cases:\r\n| test case | has `@timestamp` | is expected result |\r\n|---|---|---|\r\n| sample logs with datetime value for `time` and `expires` fields | yes\r\n(picked `time` as `@timestamp`) | ✅ |\r\n| sample logs with datetime value for `expires` field only | no | ✅ |\r\n| sample logs with no datetime values | no | ✅ |\r\n| sample logs with `created_at` field that does not contain datetime\r\nvalue | no | ✅ |\r\n\r\n\r\nTested values for `time` field:\r\n\r\n| value | match correctly `@timestamp` |\r\n|---|---|\r\n| `2024-02-24T06:56:50.648137154Z` | ✅ |\r\n| `10/01/2023 12:34:56` | ✅ |\r\n| `01-10-2023 12:34:56` | ✅ |\r\n| `Thu, 25 December 2023 10:15:00GMT` | ✅ \r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Ilya Nikokoshev <[email protected]>","sha":"4cc6952c83de1bd7eacd95c458bbe6c281b364b0"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/204931","number":204931,"mergeCommit":{"message":"[Automatic Import] add timestamp to ECS constants (#204931)\n\n## Summary\r\n\r\nEnsure mapping contains `@timestamp` field whenever possible.\r\nhttps://github.com//issues/196040\r\n\r\nTested cases:\r\n| test case | has `@timestamp` | is expected result |\r\n|---|---|---|\r\n| sample logs with datetime value for `time` and `expires` fields | yes\r\n(picked `time` as `@timestamp`) | ✅ |\r\n| sample logs with datetime value for `expires` field only | no | ✅ |\r\n| sample logs with no datetime values | no | ✅ |\r\n| sample logs with `created_at` field that does not contain datetime\r\nvalue | no | ✅ |\r\n\r\n\r\nTested values for `time` field:\r\n\r\n| value | match correctly `@timestamp` |\r\n|---|---|\r\n| `2024-02-24T06:56:50.648137154Z` | ✅ |\r\n| `10/01/2023 12:34:56` | ✅ |\r\n| `01-10-2023 12:34:56` | ✅ |\r\n| `Thu, 25 December 2023 10:15:00GMT` | ✅ \r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Ilya Nikokoshev <[email protected]>","sha":"4cc6952c83de1bd7eacd95c458bbe6c281b364b0"}}]}] BACKPORT--> Co-authored-by: Hanna Tamoudi <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Release Note
Automatic Import now ensures that the field mapping contains the
@timestampfield whenever possible.Summary
Ensure mapping contains
@timestampfield whenever possible. #196040Tested cases:
@timestamptimeandexpiresfieldstimeas@timestamp)expiresfield onlycreated_atfield that does not contain datetime valueTested values for
timefield:@timestamp2024-02-24T06:56:50.648137154Z10/01/2023 12:34:5601-10-2023 12:34:56Thu, 25 December 2023 10:15:00GMTChecklist
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelines