Updating ECS version to 1.6.0 #78
Conversation
| @@ -13,6 +13,7 @@ | |||
| top_level: true | |||
| expected: | |||
| - Target | |||
| - { at: Target.process, as: parent } | |||
There was a problem hiding this comment.
The way schema is reused changed in ECS 1.6: elastic/ecs#960
elastic/ecs#959
This is basically placing the combined process schema onto Target.process.parent
| @@ -138,76 +139,15 @@ | |||
| Leave unpopulated if the validity or trust of the certificate was unchecked. | |||
| example: ERROR_UNTRUSTED_ROOT | |||
|
|
|||
| - name: parent | |||
There was a problem hiding this comment.
Since the parent schema is no longer explicitly specified in the ECS core schema (instead it just duplicates the process fields and calls them process.parent), we will move these fields onto process instead so they can also be duplicated. The fields on process won't actually be used, they'll only be used for process.parent.
| @@ -4,7 +4,7 @@ | |||
| ], | |||
| "mappings": { | |||
| "_meta": { | |||
| "version": "1.5.0" | |||
| "version": "1.6.0" | |||
There was a problem hiding this comment.
The actual mapping shouldn't really change. We're just bumping the version number of ECS and a couple type: object fields will be removed (marking it as object is optional because that's the default type).
This PR pulls in ECS version 1.6.0.
Notable changes:
custom_process.ymlchanged a bit since ECS core no longer definesprocess.parentfields, instead it duplicates theprocessfields onto itself asparentmasterbranch!The only things that should have changed from this PR are the descriptions/short fields and some of the metadata from the
processchanges.