Skip to content

[Event Log] use @timestamp field for queries #64391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 28, 2020
Merged

[Event Log] use @timestamp field for queries #64391

merged 1 commit into from
Apr 28, 2020

Conversation

@pmuellr
Copy link
Member

@pmuellr pmuellr commented Apr 24, 2020

resolves #64275

Changes the fields used to query the event log by time range to use the
@timestamp field.

Also allow @timestamp as a sort option, and make it the default sort option.

@pmuellr pmuellr added Feature:Alerting v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Platform ResponseOps team (formerly the Cases and Alerting teams) t// v7.8 labels Apr 24, 2020
@elasticmachine
Copy link
Contributor

elasticmachine commented Apr 24, 2020

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@pmuellr
[Event Log] use @timestamp field for queries
00766a4 
resolves elastic#64275

Changes the fields used to query the event log by time range to use the
`@timestamp` field.

Also allow `@timestamp` as a sort option, and make it the default sort option.
@pmuellr pmuellr force-pushed the event-log/use-timestamp branch from 13df684 to 00766a4 Compare April 27, 2020 21:59
@kibanamachine
Copy link
Contributor

kibanamachine commented Apr 27, 2020

💚 Build Succeeded

History

  • 💔 Build #43522 failed 13df684e24f2ed08fb701053bc9c08a20fd1637f
  • 💔 Build #42959 failed bf79d2779988abe33624d6403ee4c395a26c608c

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@pmuellr pmuellr marked this pull request as ready for review April 28, 2020 03:09
@pmuellr pmuellr requested a review from a team as a code owner April 28, 2020 03:09
@pmuellr pmuellr added v7.8.0 and removed v7.8 labels Apr 28, 2020
@mikecote mikecote self-requested a review April 28, 2020 14:03
YulNaumenko
YulNaumenko approved these changes Apr 28, 2020
View reviewed changes
Copy link
Contributor

@YulNaumenko YulNaumenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

mikecote
mikecote approved these changes Apr 28, 2020
View reviewed changes
Copy link
Contributor

@mikecote mikecote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pmuellr pmuellr merged commit 4e0c11e into elastic:master Apr 28, 2020
pmuellr added a commit to pmuellr/kibana that referenced this pull request Apr 28, 2020
@pmuellr
[Event Log] use @timestamp field for queries (elastic#64391)
b365a7d 
resolves elastic#64275

Changes the fields used to query the event log by time range to use the
`@timestamp` field.

Also allow `@timestamp` as a sort option, and make it the default sort option.
@pmuellr pmuellr mentioned this pull request Apr 28, 2020
Merged
pmuellr added a commit that referenced this pull request Apr 28, 2020
@pmuellr
[Event Log] use @timestamp field for queries (#64391) (#64678)
761eb55 
resolves #64275

Changes the fields used to query the event log by time range to use the
`@timestamp` field.

Also allow `@timestamp` as a sort option, and make it the default sort option.
gmmorris added a commit to gmmorris/kibana that referenced this pull request Apr 29, 2020
@gmmorris
Merge branch 'master' into alerting/np-migration
baa97e8 
* master: (60 commits)
  [SIEM] Create template timeline (elastic#63136)
  load react component lazily in so management section (elastic#64285)
  Cleanup .eslingignore and add target (elastic#64617)
  [Ingest] Support yaml variables in datasource (elastic#64459)
  typescript-ify portions of src/optimize (elastic#64688)
  [ngSanitize] add explicit dependencies to all uses of `ngSanitize` angular module (elastic#64546)
  Consolidate downloading plugin bundles to bootstrap script (elastic#64685)
  [Maps] disable edit layer button when flyout is open for add layer or map settings (elastic#64230)
  chore(NA): add async import into infra plugin to reduce apm bundle size (elastic#63292)
  [Maps] fix edit filter (elastic#64586)
  [SIEM][Detections] Adds large list support using REST endpoints
  Replace a number of any-ed styled(eui*) with accurate types (elastic#64555)
  [Endpoint] Recursive resolver children (elastic#61914)
  [ML] Fix new job wizard with multiple indices (elastic#64567)
  Use short URLs for legacy plugin deprecation warning (elastic#64540)
  [Uptime] Update uptime ml job id to limit to 64 char (elastic#64394)
  [Ingest] Fix GET /enrollment-api-keys/null error (elastic#64595)
  Consolidate cross-cutting concerns between region & coordinate maps in new maps_legacy plugin (elastic#64123)
  ES UI new platform cleanup (elastic#64332)
  [Event Log] use @timestamp field for queries (elastic#64391)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mikecote mikecote mikecote approved these changes

@YulNaumenko YulNaumenko YulNaumenko approved these changes

Assignees

No one assigned

Labels

backported Feature:Alerting release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Platform ResponseOps team (formerly the Cases and Alerting teams) t// v7.8.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Event Log] wrong date fields used in event log query

5 participants

@pmuellr @elasticmachine @kibanamachine @mikecote @YulNaumenko