Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
) (#33060) * Swap `source.bytes` and `destination.bytes` traffic log mappings This documentation currently mapps `Bytes Received` to `server.bytes` and `source.bytes` as well as `Bytes Sent` to `client.bytes` and `destination.bytes`. This mapping is incorrect as per the [Palot Alto Docs](https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/traffic-log-fields), `bytes_sent` is defined as `Number of bytes in the client-to-server direction of the session.` and matches the ECS definitions for `client.bytes` and `source.bytes` being bytes from `client/source => server/destination`. Likewise, `bytes_received` is defined as `Number of bytes in the server-to-client direction of the session.` and matches the `destination.bytes` and `server.bytes` definitions in ECS being the bytes sent from `server/destination => client/source`. Furthermore, the [panw filebeat module mapping](https://github.com/elastic/beats/blob/v8.4.0/x-pack/filebeat/module/panw/panos/config/input.yml#L95) and [integration pipeline](https://github.com/elastic/integrations/blob/main/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/traffic.yml#L212) both follow the above conventions. This proposed change will map `Bytes Received` to `destination.bytes` and `Bytes Sent` to `client.bytes`. * Swap `source.bytes` and `destination.bytes` traffic log mappings Swapping the values of `source.bytes` and `destination.bytes` in order to align the documentation with the changes implemented in #18525 * Run make update Co-authored-by: dedemorton <dede.morton@elastic.co> (cherry picked from commit 0930b9b) Co-authored-by: Austin Smith <76973609+asmith-elastic@users.noreply.github.com>
- Loading branch information
1 parent
16abaa5
commit b00a6bc