Skip to content

Commit

Permalink
fix event.type have incorrect value in system/syslog (elastic#20390)
Browse files Browse the repository at this point in the history
event.type was being set to event.  event is not one of the allowed
values for event.type in ECS.  Changing field to event.kind, where
event is an allowed value.

Closes elastic#20365
  • Loading branch information
leehinman authored and melchiormoulin committed Oct 14, 2020
1 parent b264c70 commit d255d05
Show file tree
Hide file tree
Showing 6 changed files with 110 additions and 109 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fix mapping exception in the `googlecloud/audit` dataset pipeline. {issue}18465[18465] {pull}20465[20465]
- Fix `cisco` asa and ftd parsing of messages 106102 and 106103. {pull}20469[20469]
- Improve validation checks for Azure configuration {issue}20369[20369] {pull}20389[20389]
- Fix event.kind for system/syslog pipeline {issue}20365[20365] {pull}20390[20390]

*Heartbeat*

Expand Down
2 changes: 1 addition & 1 deletion filebeat/module/system/syslog/ingest/pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ processors:
- remove:
field: system.syslog.timestamp
- set:
field: event.type
field: event.kind
value: event
on_failure:
- set:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
[
{
"event.dataset": "system.syslog",
"event.kind": "event",
"event.module": "system",
"event.timezone": "-02:00",
"event.type": "event",
"fileset.name": "syslog",
"host.hostname": "a-mac-with-esc-key",
"input.type": "log",
Expand All @@ -18,9 +18,9 @@
},
{
"event.dataset": "system.syslog",
"event.kind": "event",
"event.module": "system",
"event.timezone": "-02:00",
"event.type": "event",
"fileset.name": "syslog",
"host.hostname": "a-mac-with-esc-key",
"input.type": "log",
Expand All @@ -32,9 +32,9 @@
},
{
"event.dataset": "system.syslog",
"event.kind": "event",
"event.module": "system",
"event.timezone": "-02:00",
"event.type": "event",
"fileset.name": "syslog",
"input.type": "log",
"log.offset": 1176,
Expand Down
Loading

0 comments on commit d255d05

Please sign in to comment.