diff --git a/CHANGELOG.md b/CHANGELOG.md index 23f6728c36..57c3f891d8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,7 @@ All notable changes to this project will be documented in this file based on the #### Bugfixes * Addressed issue where foreign reuses weren't using the user-supplied `as` value for their destination. #960 +* Experimental artifacts failed to install due to `event.original` index setting. #1053 #### Added diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index da99874ab5..cb8b834dd1 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -1317,7 +1317,8 @@ example: apache - name: original level: core - type: wildcard + type: keyword + ignore_above: 1024 description: 'Raw text message of entire event. Used to demonstrate log integrity. This field is not indexed and doc_values are disabled. It cannot be searched, diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index b07d2ba201..85fbad3e10 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -2038,12 +2038,13 @@ event.original: example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 flat_name: event.original + ignore_above: 1024 index: false level: core name: original normalize: [] short: Raw text message of entire event. - type: wildcard + type: keyword event.outcome: allowed_values: - description: Indicates that this event describes a failed result. A common example diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index ebd19083ed..1c6533c1a9 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -2436,12 +2436,13 @@ event: example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 flat_name: event.original + ignore_above: 1024 index: false level: core name: original normalize: [] short: Raw text message of entire event. - type: wildcard + type: keyword event.outcome: allowed_values: - description: Indicates that this event describes a failed result. A common diff --git a/experimental/generated/elasticsearch/7/template.json b/experimental/generated/elasticsearch/7/template.json index a75360b36d..46d059dfd8 100644 --- a/experimental/generated/elasticsearch/7/template.json +++ b/experimental/generated/elasticsearch/7/template.json @@ -706,8 +706,9 @@ }, "original": { "doc_values": false, + "ignore_above": 1024, "index": false, - "type": "wildcard" + "type": "keyword" }, "outcome": { "ignore_above": 1024, diff --git a/experimental/schemas/event.yml b/experimental/schemas/event.yml deleted file mode 100644 index 07daa3ac87..0000000000 --- a/experimental/schemas/event.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: event - fields: - - name: original - type: wildcard