From 4beacd576f10b8ba4d3c6b2c6ec186b5d4961400 Mon Sep 17 00:00:00 2001 From: Eric Beahan Date: Thu, 26 Aug 2021 12:45:40 -0500 Subject: [PATCH 1/3] remove process.ppid from schema --- schemas/process.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/schemas/process.yml b/schemas/process.yml index eeced441c0..a568806d66 100644 --- a/schemas/process.yml +++ b/schemas/process.yml @@ -56,14 +56,6 @@ - type: match_only_text name: text - - name: ppid - format: string - level: extended - type: long - description: > - Parent process' pid. - example: 4241 - - name: pgid format: string level: extended From aa4f23d705f292cd5403c37aca9ae806bd704c21 Mon Sep 17 00:00:00 2001 From: Eric Beahan Date: Thu, 26 Aug 2021 12:47:29 -0500 Subject: [PATCH 2/3] remove process.ppid from artifacts --- docs/field-details.asciidoc | 16 ------- experimental/generated/beats/fields.ecs.yml | 27 ----------- experimental/generated/csv/fields.csv | 4 -- experimental/generated/ecs/ecs_flat.yml | 47 ------------------- experimental/generated/ecs/ecs_nested.yml | 47 ------------------- .../generated/elasticsearch/7/template.json | 12 ----- .../elasticsearch/component/process.json | 12 ----- generated/beats/fields.ecs.yml | 13 ----- generated/csv/fields.csv | 2 - generated/ecs/ecs_flat.yml | 23 --------- generated/ecs/ecs_nested.yml | 23 --------- generated/elasticsearch/6/template.json | 6 --- generated/elasticsearch/7/template.json | 6 --- .../elasticsearch/component/process.json | 6 --- 14 files changed, 244 deletions(-) diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index 93b659d573..9a6da78e75 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -6404,22 +6404,6 @@ example: `4242` // =============================================================== -| -[[field-process-ppid]] -<> - -| Parent process' pid. - -type: long - - - -example: `4241` - -| extended - -// =============================================================== - | [[field-process-start]] <> diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index b37b9207d3..cea2fe7397 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -5919,13 +5919,6 @@ description: Process id. example: 4242 default_field: false - - name: parent.ppid - level: extended - type: long - format: string - description: Parent process' pid. - example: 4241 - default_field: false - name: parent.start level: extended type: date @@ -6248,12 +6241,6 @@ format: string description: Process id. example: 4242 - - name: ppid - level: extended - type: long - format: string - description: Parent process' pid. - example: 4241 - name: start level: extended type: date @@ -7277,13 +7264,6 @@ description: Process id. example: 4242 default_field: false - - name: target.parent.ppid - level: extended - type: long - format: string - description: Parent process' pid. - example: 4241 - default_field: false - name: target.parent.start level: extended type: date @@ -7608,13 +7588,6 @@ description: Process id. example: 4242 default_field: false - - name: target.ppid - level: extended - type: long - format: string - description: Parent process' pid. - example: 4241 - default_field: false - name: target.start level: extended type: date diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index b72963a423..b516d2fa4d 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -665,7 +665,6 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.0.0-dev+exp,true,process,process.parent.pe.sections.virtual_address,long,extended,,8192,Virtual address available to the file. 8.0.0-dev+exp,true,process,process.parent.pgid,long,extended,,,Identifier of the group of processes the process belongs to. 8.0.0-dev+exp,true,process,process.parent.pid,long,core,,4242,Process id. -8.0.0-dev+exp,true,process,process.parent.ppid,long,extended,,4241,Parent process' pid. 8.0.0-dev+exp,true,process,process.parent.start,date,extended,,2016-05-23T08:05:34.853Z,The time the process started. 8.0.0-dev+exp,true,process,process.parent.thread.id,long,extended,,4242,Thread ID. 8.0.0-dev+exp,true,process,process.parent.thread.name,keyword,extended,,thread-0,Thread name. @@ -714,7 +713,6 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.0.0-dev+exp,true,process,process.pe.sections.virtual_address,long,extended,,8192,Virtual address available to the file. 8.0.0-dev+exp,true,process,process.pgid,long,extended,,,Identifier of the group of processes the process belongs to. 8.0.0-dev+exp,true,process,process.pid,long,core,,4242,Process id. -8.0.0-dev+exp,true,process,process.ppid,long,extended,,4241,Parent process' pid. 8.0.0-dev+exp,true,process,process.start,date,extended,,2016-05-23T08:05:34.853Z,The time the process started. 8.0.0-dev+exp,true,process,process.target.args,keyword,extended,array,"[""/usr/bin/ssh"", ""-l"", ""user"", ""10.0.0.16""]",Array of process arguments. 8.0.0-dev+exp,true,process,process.target.args_count,long,extended,,4,Length of the process.args array. @@ -864,7 +862,6 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.0.0-dev+exp,true,process,process.target.parent.pe.sections.virtual_address,long,extended,,8192,Virtual address available to the file. 8.0.0-dev+exp,true,process,process.target.parent.pgid,long,extended,,,Identifier of the group of processes the process belongs to. 8.0.0-dev+exp,true,process,process.target.parent.pid,long,core,,4242,Process id. -8.0.0-dev+exp,true,process,process.target.parent.ppid,long,extended,,4241,Parent process' pid. 8.0.0-dev+exp,true,process,process.target.parent.start,date,extended,,2016-05-23T08:05:34.853Z,The time the process started. 8.0.0-dev+exp,true,process,process.target.parent.thread.id,long,extended,,4242,Thread ID. 8.0.0-dev+exp,true,process,process.target.parent.thread.name,keyword,extended,,thread-0,Thread name. @@ -913,7 +910,6 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.0.0-dev+exp,true,process,process.target.pe.sections.virtual_address,long,extended,,8192,Virtual address available to the file. 8.0.0-dev+exp,true,process,process.target.pgid,long,extended,,,Identifier of the group of processes the process belongs to. 8.0.0-dev+exp,true,process,process.target.pid,long,core,,4242,Process id. -8.0.0-dev+exp,true,process,process.target.ppid,long,extended,,4241,Parent process' pid. 8.0.0-dev+exp,true,process,process.target.start,date,extended,,2016-05-23T08:05:34.853Z,The time the process started. 8.0.0-dev+exp,true,process,process.target.thread.id,long,extended,,4242,Thread ID. 8.0.0-dev+exp,true,process,process.target.thread.name,keyword,extended,,thread-0,Thread name. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 32d30fd1bd..072a695586 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -8463,18 +8463,6 @@ process.parent.pid: original_fieldset: process short: Process id. type: long -process.parent.ppid: - dashed_name: process-parent-ppid - description: Parent process' pid. - example: 4241 - flat_name: process.parent.ppid - format: string - level: extended - name: ppid - normalize: [] - original_fieldset: process - short: Parent process' pid. - type: long process.parent.start: dashed_name: process-parent-start description: The time the process started. @@ -9035,17 +9023,6 @@ process.pid: normalize: [] short: Process id. type: long -process.ppid: - dashed_name: process-ppid - description: Parent process' pid. - example: 4241 - flat_name: process.ppid - format: string - level: extended - name: ppid - normalize: [] - short: Parent process' pid. - type: long process.start: dashed_name: process-start description: The time the process started. @@ -10810,18 +10787,6 @@ process.target.parent.pid: original_fieldset: process short: Process id. type: long -process.target.parent.ppid: - dashed_name: process-target-parent-ppid - description: Parent process' pid. - example: 4241 - flat_name: process.target.parent.ppid - format: string - level: extended - name: ppid - normalize: [] - original_fieldset: process - short: Parent process' pid. - type: long process.target.parent.start: dashed_name: process-target-parent-start description: The time the process started. @@ -11384,18 +11349,6 @@ process.target.pid: original_fieldset: process short: Process id. type: long -process.target.ppid: - dashed_name: process-target-ppid - description: Parent process' pid. - example: 4241 - flat_name: process.target.ppid - format: string - level: extended - name: ppid - normalize: [] - original_fieldset: process - short: Parent process' pid. - type: long process.target.start: dashed_name: process-target-start description: The time the process started. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index f0eee791fe..053e8d5b27 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -10389,18 +10389,6 @@ process: original_fieldset: process short: Process id. type: long - process.parent.ppid: - dashed_name: process-parent-ppid - description: Parent process' pid. - example: 4241 - flat_name: process.parent.ppid - format: string - level: extended - name: ppid - normalize: [] - original_fieldset: process - short: Parent process' pid. - type: long process.parent.start: dashed_name: process-parent-start description: The time the process started. @@ -10962,17 +10950,6 @@ process: normalize: [] short: Process id. type: long - process.ppid: - dashed_name: process-ppid - description: Parent process' pid. - example: 4241 - flat_name: process.ppid - format: string - level: extended - name: ppid - normalize: [] - short: Parent process' pid. - type: long process.start: dashed_name: process-start description: The time the process started. @@ -12738,18 +12715,6 @@ process: original_fieldset: process short: Process id. type: long - process.target.parent.ppid: - dashed_name: process-target-parent-ppid - description: Parent process' pid. - example: 4241 - flat_name: process.target.parent.ppid - format: string - level: extended - name: ppid - normalize: [] - original_fieldset: process - short: Parent process' pid. - type: long process.target.parent.start: dashed_name: process-target-parent-start description: The time the process started. @@ -13313,18 +13278,6 @@ process: original_fieldset: process short: Process id. type: long - process.target.ppid: - dashed_name: process-target-ppid - description: Parent process' pid. - example: 4241 - flat_name: process.target.ppid - format: string - level: extended - name: ppid - normalize: [] - original_fieldset: process - short: Parent process' pid. - type: long process.target.start: dashed_name: process-target-start description: The time the process started. diff --git a/experimental/generated/elasticsearch/7/template.json b/experimental/generated/elasticsearch/7/template.json index c605a479aa..35e250ac30 100644 --- a/experimental/generated/elasticsearch/7/template.json +++ b/experimental/generated/elasticsearch/7/template.json @@ -3025,9 +3025,6 @@ "pid": { "type": "long" }, - "ppid": { - "type": "long" - }, "start": { "type": "date" }, @@ -3239,9 +3236,6 @@ "pid": { "type": "long" }, - "ppid": { - "type": "long" - }, "start": { "type": "date" }, @@ -3863,9 +3857,6 @@ "pid": { "type": "long" }, - "ppid": { - "type": "long" - }, "start": { "type": "date" }, @@ -4077,9 +4068,6 @@ "pid": { "type": "long" }, - "ppid": { - "type": "long" - }, "start": { "type": "date" }, diff --git a/experimental/generated/elasticsearch/component/process.json b/experimental/generated/elasticsearch/component/process.json index 9b727391e5..ba7c0d733c 100644 --- a/experimental/generated/elasticsearch/component/process.json +++ b/experimental/generated/elasticsearch/component/process.json @@ -624,9 +624,6 @@ "pid": { "type": "long" }, - "ppid": { - "type": "long" - }, "start": { "type": "date" }, @@ -838,9 +835,6 @@ "pid": { "type": "long" }, - "ppid": { - "type": "long" - }, "start": { "type": "date" }, @@ -1462,9 +1456,6 @@ "pid": { "type": "long" }, - "ppid": { - "type": "long" - }, "start": { "type": "date" }, @@ -1676,9 +1667,6 @@ "pid": { "type": "long" }, - "ppid": { - "type": "long" - }, "start": { "type": "date" }, diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index ec80bc8ea3..01002e73f4 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -4871,13 +4871,6 @@ description: Process id. example: 4242 default_field: false - - name: parent.ppid - level: extended - type: long - format: string - description: Parent process' pid. - example: 4241 - default_field: false - name: parent.start level: extended type: date @@ -4990,12 +4983,6 @@ format: string description: Process id. example: 4242 - - name: ppid - level: extended - type: long - format: string - description: Parent process' pid. - example: 4241 - name: start level: extended type: date diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index 5f4046e513..18fa590e8c 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -544,7 +544,6 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.0.0-dev,true,process,process.parent.pe.product,keyword,extended,,Microsoft® Windows® Operating System,"Internal product name of the file, provided at compile-time." 8.0.0-dev,true,process,process.parent.pgid,long,extended,,,Identifier of the group of processes the process belongs to. 8.0.0-dev,true,process,process.parent.pid,long,core,,4242,Process id. -8.0.0-dev,true,process,process.parent.ppid,long,extended,,4241,Parent process' pid. 8.0.0-dev,true,process,process.parent.start,date,extended,,2016-05-23T08:05:34.853Z,The time the process started. 8.0.0-dev,true,process,process.parent.thread.id,long,extended,,4242,Thread ID. 8.0.0-dev,true,process,process.parent.thread.name,keyword,extended,,thread-0,Thread name. @@ -562,7 +561,6 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.0.0-dev,true,process,process.pe.product,keyword,extended,,Microsoft® Windows® Operating System,"Internal product name of the file, provided at compile-time." 8.0.0-dev,true,process,process.pgid,long,extended,,,Identifier of the group of processes the process belongs to. 8.0.0-dev,true,process,process.pid,long,core,,4242,Process id. -8.0.0-dev,true,process,process.ppid,long,extended,,4241,Parent process' pid. 8.0.0-dev,true,process,process.start,date,extended,,2016-05-23T08:05:34.853Z,The time the process started. 8.0.0-dev,true,process,process.thread.id,long,extended,,4242,Thread ID. 8.0.0-dev,true,process,process.thread.name,keyword,extended,,thread-0,Thread name. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 215b2f0189..083a8a7687 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -7042,18 +7042,6 @@ process.parent.pid: original_fieldset: process short: Process id. type: long -process.parent.ppid: - dashed_name: process-parent-ppid - description: Parent process' pid. - example: 4241 - flat_name: process.parent.ppid - format: string - level: extended - name: ppid - normalize: [] - original_fieldset: process - short: Parent process' pid. - type: long process.parent.start: dashed_name: process-parent-start description: The time the process started. @@ -7243,17 +7231,6 @@ process.pid: normalize: [] short: Process id. type: long -process.ppid: - dashed_name: process-ppid - description: Parent process' pid. - example: 4241 - flat_name: process.ppid - format: string - level: extended - name: ppid - normalize: [] - short: Parent process' pid. - type: long process.start: dashed_name: process-start description: The time the process started. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 41cf358d5a..04e7ad8c82 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -8609,18 +8609,6 @@ process: original_fieldset: process short: Process id. type: long - process.parent.ppid: - dashed_name: process-parent-ppid - description: Parent process' pid. - example: 4241 - flat_name: process.parent.ppid - format: string - level: extended - name: ppid - normalize: [] - original_fieldset: process - short: Parent process' pid. - type: long process.parent.start: dashed_name: process-parent-start description: The time the process started. @@ -8810,17 +8798,6 @@ process: normalize: [] short: Process id. type: long - process.ppid: - dashed_name: process-ppid - description: Parent process' pid. - example: 4241 - flat_name: process.ppid - format: string - level: extended - name: ppid - normalize: [] - short: Parent process' pid. - type: long process.start: dashed_name: process-start description: The time the process started. diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json index 7a119fed0b..ceb38e5704 100644 --- a/generated/elasticsearch/6/template.json +++ b/generated/elasticsearch/6/template.json @@ -2501,9 +2501,6 @@ "pid": { "type": "long" }, - "ppid": { - "type": "long" - }, "start": { "type": "date" }, @@ -2581,9 +2578,6 @@ "pid": { "type": "long" }, - "ppid": { - "type": "long" - }, "start": { "type": "date" }, diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json index 663d0d531b..32ea66f2ea 100644 --- a/generated/elasticsearch/7/template.json +++ b/generated/elasticsearch/7/template.json @@ -2466,9 +2466,6 @@ "pid": { "type": "long" }, - "ppid": { - "type": "long" - }, "start": { "type": "date" }, @@ -2544,9 +2541,6 @@ "pid": { "type": "long" }, - "ppid": { - "type": "long" - }, "start": { "type": "date" }, diff --git a/generated/elasticsearch/component/process.json b/generated/elasticsearch/component/process.json index 1949086375..2e2d8be8ae 100644 --- a/generated/elasticsearch/component/process.json +++ b/generated/elasticsearch/component/process.json @@ -488,9 +488,6 @@ "pid": { "type": "long" }, - "ppid": { - "type": "long" - }, "start": { "type": "date" }, @@ -566,9 +563,6 @@ "pid": { "type": "long" }, - "ppid": { - "type": "long" - }, "start": { "type": "date" }, From 26bbddfe5b8f72d01be8c26146c93e7b3d4c108a Mon Sep 17 00:00:00 2001 From: Eric Beahan Date: Thu, 26 Aug 2021 13:10:40 -0500 Subject: [PATCH 3/3] changelog entry --- CHANGELOG.next.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 0cf6a7bd13..f374737619 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -16,6 +16,7 @@ Thanks, you're awesome :-) --> * Remove deprecation notice on `http.request.method`. #1443 * Migrate `log.origin.file.line` from `integer` to `long`. #1533 * Remove `log.original` field. #1580 +* Remove `process.ppid` field. #1596 #### Bugfixes