github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-28 11:05:39 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Response Ops] [Alerting] Excluding ECS fields of type constant_keyword from ECS field map (#155075)

Browse source 
Fields mapped as `constant_keyword` can cause issues when used in the
alerts as data mapping where multiple types of sources are combined into
one index. These fields were previously excluded from the ECS field
mapping used by alerts as data. We included them because we wanted to
use ECS as closely as possible but it is causing downstream issues so
we'll continue excluding them until we decide we need them at some point
in the future.

## To verify:
1. Start ES & Kibana
2. Inspect the `.alerts-ecs-mappings` component template mapping and
verify there are no fields with type `constant_keyword`
This commit is contained in:
Ying Mao 2023-04-17 15:31:18 -04:00 committed by GitHub
parent 153994d810
commit 5a818176ef
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
packages/kbn-alerts-as-data-utils/src/field_maps/ecs_field_map.ts
View file

@ -9,8 +9,16 @@
import { EcsFlat } from '@kbn/ecs'; import { EcsFlat } from '@kbn/ecs';
import { EcsMetadata, FieldMap } from './types'; import { EcsMetadata, FieldMap } from './types';
const EXCLUDED_TYPES = ['constant_keyword'];
export const ecsFieldMap: FieldMap = Object.keys(EcsFlat).reduce((acc, currKey) => { export const ecsFieldMap: FieldMap = Object.keys(EcsFlat).reduce((acc, currKey) => {
const value: EcsMetadata = EcsFlat[currKey as keyof typeof EcsFlat]; const value: EcsMetadata = EcsFlat[currKey as keyof typeof EcsFlat];
// Exclude excluded types
if (EXCLUDED_TYPES.includes(value.type)) {
return acc;
}
return { return {
...acc, ...acc,
[currKey]: { [currKey]: {