From c242cdb4a0e2c3924a2042a81d55dfa4711444cc Mon Sep 17 00:00:00 2001 From: Monica Sarbu Date: Wed, 23 Mar 2016 10:04:24 +0100 Subject: [PATCH] Remove count field from the Packetbeat event --- CHANGELOG.asciidoc | 1 + packetbeat/docs/fields.asciidoc | 9 --------- packetbeat/etc/fields.yml | 9 --------- packetbeat/flows/worker.go | 1 - packetbeat/protos/icmp/icmp.go | 1 - packetbeat/publish/publish.go | 7 ------- packetbeat/tests/system/packetbeat.py | 7 ++----- packetbeat/tests/system/test_0001_mysql_spaces.py | 4 ---- packetbeat/tests/system/test_0027_mysql_affected_rows.py | 1 - packetbeat/tests/system/test_0028_mysql_error.py | 1 - packetbeat/tests/system/test_0050_icmp.py | 1 - packetbeat/tests/system/test_0051_amqp_publish.py | 2 -- packetbeat/tests/system/test_0052_amqp_emit_receive.py | 7 ------- packetbeat/tests/system/test_0053_amqp_channel_error.py | 3 --- 14 files changed, 3 insertions(+), 51 deletions(-) diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 6201f17e4c7..b72e641f4de 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -22,6 +22,7 @@ https://github.com/elastic/beats/compare/v1.1.2...master[Check the HEAD diff] - Rename output fields in the dns package. Former flag `recursion_allowed` becomes `recursion_available`. {pull}803[803] Former SOA field `ttl` becomes `minimum`. {pull}803[803] - The fully qualified domain names which are part of output fields values of the dns package now terminate with a dot. {pull}803[803] +- Remove the count field from the exported event {pull}1210[1210] *Topbeat* - Rename proc.cpu.user_p with proc.cpu.total_p as includes CPU time spent in kernel space {pull}631[631] diff --git a/packetbeat/docs/fields.asciidoc b/packetbeat/docs/fields.asciidoc index 572a7db7a0a..be1136bc238 100644 --- a/packetbeat/docs/fields.asciidoc +++ b/packetbeat/docs/fields.asciidoc @@ -304,15 +304,6 @@ required: True The type of the transaction (for example, HTTP, MySQL, Redis, or RUM). -==== count - -type: int - -required: True - -A count of the number of transactions that this event represents. This is generally the inverse of the sampling rate. For example, for a sample rate of 1/10, the count is 10. The count is used by the UIs to return estimated values. - - ==== direction required: True diff --git a/packetbeat/etc/fields.yml b/packetbeat/etc/fields.yml index a9e52eef187..cf1ab8e6bd0 100644 --- a/packetbeat/etc/fields.yml +++ b/packetbeat/etc/fields.yml @@ -347,15 +347,6 @@ trans_event: The type of the transaction (for example, HTTP, MySQL, Redis, or RUM). required: true - - name: count - type: int - description: > - A count of the number of transactions that this event represents. This - is generally the inverse of the sampling rate. For example, for - a sample rate of 1/10, the count is 10. The count is used by the - UIs to return estimated values. - required: true - - name: direction required: true description: > diff --git a/packetbeat/flows/worker.go b/packetbeat/flows/worker.go index d772c69c178..79b929fa152 100644 --- a/packetbeat/flows/worker.go +++ b/packetbeat/flows/worker.go @@ -193,7 +193,6 @@ func createEvent( "last_time": common.Time(f.ts), "type": "flow", "flow_id": common.NetString(f.id.Serialize()), - "count": 1, "final": isOver, } diff --git a/packetbeat/protos/icmp/icmp.go b/packetbeat/protos/icmp/icmp.go index fce7c68454f..dee4e5d58fa 100644 --- a/packetbeat/protos/icmp/icmp.go +++ b/packetbeat/protos/icmp/icmp.go @@ -266,7 +266,6 @@ func (icmp *Icmp) publishTransaction(trans *icmpTransaction) { // common fields - group "event" event["@timestamp"] = common.Time(trans.Ts) // timestamp of the first packet event["type"] = "icmp" // protocol name - event["count"] = 1 // reserved for future sampling support event["path"] = trans.Tuple.DstIp // what is requested (dst ip) if trans.HasError() { event["status"] = common.ERROR_STATUS diff --git a/packetbeat/publish/publish.go b/packetbeat/publish/publish.go index 14d1249c8cd..f7241ff0726 100644 --- a/packetbeat/publish/publish.go +++ b/packetbeat/publish/publish.go @@ -147,11 +147,6 @@ func validateEvent(event common.MapStr) error { return errors.New("invalid '@timestamp' field from event") } - err := event.EnsureCountField() - if err != nil { - return err - } - t, ok := event["type"] if !ok { return errors.New("missing 'type' field from event") @@ -211,8 +206,6 @@ func normalizeTransAddr(pub *publisher.PublisherType, event common.MapStr) bool } - event.EnsureCountField() - if pub.GeoLite != nil { realIP, exists := event["real_ip"] if exists && len(realIP.(common.NetString)) > 0 { diff --git a/packetbeat/tests/system/packetbeat.py b/packetbeat/tests/system/packetbeat.py index fd37d7d73d6..a1bea154ab8 100644 --- a/packetbeat/tests/system/packetbeat.py +++ b/packetbeat/tests/system/packetbeat.py @@ -11,13 +11,10 @@ from beat.beat import Proc TRANS_REQUIRED_FIELDS = ["@timestamp", "type", "status", - "beat.name", "beat.hostname", - "count"] + "beat.name", "beat.hostname"] FLOWS_REQUIRED_FIELDS = ["@timestamp", "type", - "beat.name", "beat.hostname", - "count"] - + "beat.name", "beat.hostname"] class BaseTest(TestCase): diff --git a/packetbeat/tests/system/test_0001_mysql_spaces.py b/packetbeat/tests/system/test_0001_mysql_spaces.py index 107f99d1ed8..c9ad004d210 100644 --- a/packetbeat/tests/system/test_0001_mysql_spaces.py +++ b/packetbeat/tests/system/test_0001_mysql_spaces.py @@ -17,23 +17,19 @@ def test_mysql_with_spaces(self): assert objs[0]["method"] == "SET" assert objs[0]["path"] == "" assert objs[0]["status"] == "OK" - assert objs[0]["count"] == 1 assert objs[2]["method"] == "DROP" assert objs[2]["mysql.iserror"] is False assert objs[2]["status"] == "OK" - assert objs[0]["count"] == 1 assert objs[3]["method"] == "CREATE" assert objs[3]["mysql.iserror"] is False assert objs[3]["status"] == "OK" - assert objs[0]["count"] == 1 assert objs[5]["method"] == "SELECT" assert objs[5]["path"] == "test.test" assert objs[5]["status"] == "OK" assert objs[5]["bytes_out"] == 118 - assert objs[0]["count"] == 1 assert all(["bytes_in" in o.keys() for o in objs]) assert all(["bytes_out" in o.keys() for o in objs]) diff --git a/packetbeat/tests/system/test_0027_mysql_affected_rows.py b/packetbeat/tests/system/test_0027_mysql_affected_rows.py index 9e60b0b3ab8..87d4c3d7dc3 100644 --- a/packetbeat/tests/system/test_0027_mysql_affected_rows.py +++ b/packetbeat/tests/system/test_0027_mysql_affected_rows.py @@ -18,4 +18,3 @@ def test_mysql_affected_rows(self): assert objs[0]["method"] == "UPDATE" assert objs[0]["mysql.affected_rows"] == 316 assert objs[0]["status"] == "OK" - assert objs[0]["count"] == 1 diff --git a/packetbeat/tests/system/test_0028_mysql_error.py b/packetbeat/tests/system/test_0028_mysql_error.py index d619000be10..03b014eea49 100644 --- a/packetbeat/tests/system/test_0028_mysql_error.py +++ b/packetbeat/tests/system/test_0028_mysql_error.py @@ -19,4 +19,3 @@ def test_mysql_error(self): assert objs[0]["status"] == "Error" assert objs[0]["mysql.error_code"] == 1046 assert objs[0]["mysql.error_message"] == "3D000: No database selected" - assert objs[0]["count"] == 1 diff --git a/packetbeat/tests/system/test_0050_icmp.py b/packetbeat/tests/system/test_0050_icmp.py index 460e4891649..73a1912cfb6 100644 --- a/packetbeat/tests/system/test_0050_icmp.py +++ b/packetbeat/tests/system/test_0050_icmp.py @@ -68,7 +68,6 @@ def test_icmp6_ping_over_vlan(self): def assert_common_fields(self, objs): assert all([o["type"] == "icmp" for o in objs]) - assert all([o["count"] == 1 for o in objs]) assert all([o["bytes_in"] == 4 for o in objs]) assert all([o["bytes_out"] == 4 for o in objs]) assert all([("port" in o) == False for o in objs]) diff --git a/packetbeat/tests/system/test_0051_amqp_publish.py b/packetbeat/tests/system/test_0051_amqp_publish.py index b9b97df6b22..414dd6a6eb3 100644 --- a/packetbeat/tests/system/test_0051_amqp_publish.py +++ b/packetbeat/tests/system/test_0051_amqp_publish.py @@ -23,7 +23,6 @@ def test_amqp_publish(self): assert objs[0]["amqp.auto-delete"] == False assert objs[0]["amqp.exclusive"] == False assert objs[0]["amqp.no-wait"] == False - assert objs[0]["count"] == 1 assert objs[1]["method"] == "basic.publish" assert objs[1]["status"] == "OK" @@ -32,4 +31,3 @@ def test_amqp_publish(self): assert objs[1]["amqp.mandatory"] == False assert objs[1]["amqp.immediate"] == False assert objs[1]["amqp.content-type"] == "text/plain" - assert objs[1]["count"] == 1 diff --git a/packetbeat/tests/system/test_0052_amqp_emit_receive.py b/packetbeat/tests/system/test_0052_amqp_emit_receive.py index 8f23e8ca4e4..dfa6c4f4785 100644 --- a/packetbeat/tests/system/test_0052_amqp_emit_receive.py +++ b/packetbeat/tests/system/test_0052_amqp_emit_receive.py @@ -22,7 +22,6 @@ def test_amqp_emit_receive(self): assert objs[0]["amqp.exchange-type"] == "fanout" assert objs[0]["amqp.passive"] == False assert objs[0]["amqp.no-wait"] == False - assert objs[0]["count"] == 1 assert objs[1]["method"] == "queue.declare" assert objs[1]["status"] == "OK" @@ -32,14 +31,12 @@ def test_amqp_emit_receive(self): assert objs[1]["amqp.durable"] == False assert objs[1]["amqp.auto-delete"] == False assert objs[1]["amqp.passive"] == False - assert objs[1]["count"] == 1 assert objs[2]["method"] == "queue.bind" assert objs[2]["status"] == "OK" assert objs[2]["amqp.queue"] != "" assert objs[2]["amqp.exchange"] == "logs" assert objs[2]["amqp.no-wait"] == False - assert objs[2]["count"] == 1 assert objs[3]["method"] == "basic.consume" assert objs[3]["status"] == "OK" @@ -48,7 +45,6 @@ def test_amqp_emit_receive(self): assert objs[3]["amqp.no-wait"] == False assert objs[3]["amqp.no-local"] == False assert objs[3]["amqp.exclusive"] == False - assert objs[3]["count"] == 1 assert objs[4]["method"] == "exchange.declare" assert objs[4]["status"] == "OK" @@ -57,7 +53,6 @@ def test_amqp_emit_receive(self): assert objs[4]["amqp.exchange-type"] == "fanout" assert objs[4]["amqp.passive"] == False assert objs[4]["amqp.no-wait"] == False - assert objs[4]["count"] == 1 assert objs[5]["method"] == "basic.publish" assert objs[5]["status"] == "OK" @@ -65,7 +60,6 @@ def test_amqp_emit_receive(self): assert objs[5]["amqp.exchange"] == "logs" assert objs[5]["amqp.immediate"] == False assert objs[5]["amqp.mandatory"] == False - assert objs[5]["count"] == 1 assert objs[6]["method"] == "basic.deliver" assert objs[6]["status"] == "OK" @@ -73,4 +67,3 @@ def test_amqp_emit_receive(self): assert objs[6]["amqp.delivery-tag"] == 1 assert objs[6]["amqp.exchange"] == "logs" assert objs[6]["amqp.redelivered"] == False - assert objs[6]["count"] == 1 diff --git a/packetbeat/tests/system/test_0053_amqp_channel_error.py b/packetbeat/tests/system/test_0053_amqp_channel_error.py index b9c7cb6a871..6b9ab78ea9d 100644 --- a/packetbeat/tests/system/test_0053_amqp_channel_error.py +++ b/packetbeat/tests/system/test_0053_amqp_channel_error.py @@ -21,7 +21,6 @@ def test_amqp_channel_error(self): assert objs[0]["amqp.exchange-type"] == "fanout" assert objs[0]["amqp.passive"] == False assert objs[0]["amqp.no-wait"] == True - assert objs[0]["count"] == 1 assert objs[1]["method"] == "queue.declare" assert objs[1]["status"] == "OK" @@ -31,7 +30,6 @@ def test_amqp_channel_error(self): assert objs[1]["amqp.durable"] == False assert objs[1]["amqp.auto-delete"] == False assert objs[1]["amqp.passive"] == False - assert objs[1]["count"] == 1 assert objs[2]["method"] == "channel.close" assert objs[2]["status"] == "Error" @@ -39,4 +37,3 @@ def test_amqp_channel_error(self): assert objs[2]["amqp.reply-text"] == "NOT_FOUND - no exchange 'plop' in vhost '/'" assert objs[2]["amqp.class-id"] == 50 assert objs[2]["amqp.method-id"] == 20 - assert objs[2]["count"] == 1