-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement ECS-Compatibility Mode #163
Comments
Plugin will need to be aligned with ES output (default template for |
|
asn and as_org map to the autonomous systems fields (https://www.elastic.co/guide/en/ecs/current/ecs-as.html) as.number and as.organization.name respectivly |
Merged
kaisecheng
added a commit
that referenced
this issue
Mar 25, 2021
Add ECS support * skip country_code3 * auto set `target` from `source` Fixed: #163 Co-authored-by: Ry Biesemeyer <ry.biesemeyer@elastic.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As a part of the effort to make plugins able to run in an ECS-Compatible manner
by default in an upcoming release of Logstash, this plugin needs to implement
an ECS-Compatibility mode that does not implicitly use fields that conflict
with ECS.
Absent
target
directive, this plugin uses root-level fieldgeoip
,which is undefined in ECS and therefore has the possiblity of conflicting
with future versions of ECS. The plugin may benefit from an ECS-Compatibility
mode that requires the target to be set explicitly,
by using the ECS-compatible(edit: "the geo fields are not expected to be usedroot-level
geo
objectdirectly at the top level."), or otherwise reduces the risk of future conflict.
Additional analysis will need to be made to ensure the resulting object is also compatible with the geo field type in ECS.
The text was updated successfully, but these errors were encountered: