[Timelines] Update fields metadata from beats 8.0 (#123014)

* Move beats metadata script to timelines plugin This is the plugin that consumes the artifacts of the script, not security_solution. * Remove unused beats metadata file This file also exists in the timelines plugin, but only that one is used. * Update fields metadata from beats 8.0.0-rc1 This will serve as the data source for our metadata in kibana 8.0. * Update indexFields unit tests following ECS update 8.0 introduced some textual changes to field descriptions. * Revert "Move beats metadata script to timelines plugin" This reverts commit cbc8e9db1a. * Update script to modify the appropriate timelines file This is the one used by IndexFields. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2025-04-23 09:19:04 -04:00 · 2022-01-18 14:46:45 -06:00 · 2022-01-18 14:46:45 -06:00 · 8c11be1154
commit 8c11be1154
parent 4b1e83df1a
5 changed files with 17292 additions and 48165 deletions
--- a/x-pack/plugins/security_solution/package.json
+++ b/x-pack/plugins/security_solution/package.json
@ -6,7 +6,7 @@
  "license": "Elastic-License",
  "scripts": {
    "extract-mitre-attacks": "node scripts/extract_tactics_techniques_mitre.js && node ../../../scripts/eslint ./public/detections/mitre/mitre_tactics_techniques.ts --fix",
-    "build-beat-doc": "node scripts/beat_docs/build.js && node ../../../scripts/eslint ./server/utils/beat_schema/fields.ts --fix",
+    "build-beat-doc": "node scripts/beat_docs/build.js && node ../../../scripts/eslint ../timelines/server/utils/beat_schema/fields.ts --fix",
    "cypress": "../../../node_modules/.bin/cypress",
    "cypress:open": "yarn cypress open --config-file ./cypress/cypress.json",
    "cypress:open:ccs": "yarn cypress:open --config integrationFolder=./cypress/ccs_integration",
--- a/x-pack/plugins/security_solution/scripts/beat_docs/build.js
+++ b/x-pack/plugins/security_solution/scripts/beat_docs/build.js
@ -25,8 +25,8 @@ const tar = require('tar');
 const zlib = require('zlib');

 const OUTPUT_DIRECTORY = resolve('scripts', 'beat_docs');
-const OUTPUT_SERVER_DIRECTORY = resolve('server', 'utils', 'beat_schema');
-const BEATS_VERSION = '7.14.0';
+const OUTPUT_SERVER_DIRECTORY = resolve('../timelines', 'server', 'utils', 'beat_schema');
+const BEATS_VERSION = '8.0.0-rc1';

 const beats = [
  {
--- a/x-pack/plugins/security_solution/server/utils/beat_schema/fields.ts
+++ b/x-pack/plugins/security_solution/server/utils/beat_schema/fields.ts
--- a/x-pack/plugins/timelines/server/search_strategy/index_fields/index.test.ts
+++ b/x-pack/plugins/timelines/server/search_strategy/index_fields/index.test.ts
@ -87,8 +87,7 @@ describe('Index Fields', () => {
            esTypes: [],
          },
          {
-            description:
-              'Deprecated - use agent.name or agent.id to identify an agent. Hostname of the agent. ',
+            description: 'Deprecated - use agent.name or agent.id to identify an agent. ',
            name: 'agent.hostname',
            searchable: true,
            type: 'string',
@ -126,7 +125,7 @@ describe('Index Fields', () => {
          },
          {
            description:
-              'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
+              'Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
            example: 'filebeat',
            name: 'agent.type',
            type: 'string',
@ -252,7 +251,7 @@ describe('Index Fields', () => {
        {
          category: 'agent',
          description:
-            'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
+            'Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
          example: 'filebeat',
          name: 'agent.type',
          type: 'string',
@ -337,8 +336,7 @@ describe('Index Fields', () => {
        },
        {
          category: 'agent',
-          description:
-            'Deprecated - use agent.name or agent.id to identify an agent. Hostname of the agent. ',
+          description: 'Deprecated - use agent.name or agent.id to identify an agent. ',
          name: 'agent.hostname',
          type: 'string',
          searchable: true,
@ -426,7 +424,7 @@ describe('Index Fields', () => {
        {
          category: 'agent',
          description:
-            'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
+            'Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
          example: 'filebeat',
          name: 'agent.type',
          type: 'string',
@ -504,7 +502,7 @@ describe('Index Fields', () => {
        },
        {
          description:
-            'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
+            'Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
          example: 'filebeat',
          name: 'agent.type',
          type: 'string',
@ -641,7 +639,7 @@ describe('Index Fields', () => {
        },
        {
          description:
-            'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
+            'Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
          example: 'filebeat',
          name: 'agent.type',
          type: 'string',
@ -714,7 +712,7 @@ describe('Index Fields', () => {
        },
        {
          description:
-            'Type of the agent. The agent type stays always the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
+            'Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine.',
          example: 'filebeat',
          name: 'agent.type',
          type: 'string',
--- a/x-pack/plugins/timelines/server/utils/beat_schema/fields.ts
+++ b/x-pack/plugins/timelines/server/utils/beat_schema/fields.ts