Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for specifying a constant_keyword value #194

Merged
merged 2 commits into from
Jun 23, 2021
Merged

Add support for specifying a constant_keyword value #194

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e5df662
Add support for specifying a constant_keyword value
andrewkroh Jun 22, 2021
5eb3f6e
Move constant_keyword to some_fields.yml
andrewkroh Jun 23, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion code/go/internal/spec/statik.go
View file
Open in desktop

Large diffs are not rendered by default.

5 changes: 4 additions & 1 deletion test/packages/good/data_stream/foo/fields/external-fields.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,7 @@
description: Event family
fields:
- name: category
external: ecs
external: ecs
- name: module
andrewkroh marked this conversation as resolved.
Show resolved Hide resolved
type: constant_keyword
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that this is an inconsistency comparing to the original source - ECS repository, which defines it as keyword:

    - name: module
      level: core
      type: keyword
      ignore_above: 1024
      description: 'Name of the module this data is coming from.
        If your monitoring agent supports the concept of modules or plugins to process
        events of a given source (e.g. Apache logs), `event.module` should contain
        the name of this module.'

Do we plan to adjust the ECS schema too (event.module)?

This brings me to the final question - currently the import logic in elastic-package imports fields as they are defined. In this case (event.module) the definition would be altered with local properties (value, type). I'm making sure this is expected behavior.

Copy link
Member Author

@andrewkroh andrewkroh Jun 23, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we plan to adjust the ECS schema too (event.module)?

AFAIK there are plans at the moment to change the definition of event.module. But there have been some talks of loosing the specification to allow implementors to use either keyword or constant_keyword.

// fyi: @elastic/ecs

In this case (event.module) the definition would be altered with local properties (value, type). I'm making sure this is expected behavior.

I was expecting that packages would be required to declare their full definition of event.module if they make it a constant_keyword. But for the use-case where the imported definition has constant_keyword but no value I think it should be possible to add a value while also using definition.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you prefer you can leave overriding for further improvement (not to block this PR).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AFAIK there are plans at the moment to change the definition of event.module.

I've heard some discussion, but I'm not aware of a decision being made yet.

I suggested allowing keyword and constant_keyword to be interchangeable and avoid requiring a specific indexing strategy for all ECS users who wish to use event.module.

value: good
5 changes: 4 additions & 1 deletion versions/1/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,4 +144,7 @@
link: https://github.com/elastic/package-spec/pull/191
- description: Improve semantic versioning for version integrity
type: enhancement
link: https://github.com/elastic/package-spec/pull/193
link: https://github.com/elastic/package-spec/pull/193
- description: Introduce "value" property for constant_keyword fields
type: enhancement
link: https://github.com/elastic/package-spec/pull/194
3 changes: 3 additions & 0 deletions versions/1/data_stream/fields/fields.spec.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,9 @@ spec:
description:
description: Short description of field
type: string
value:
description: The value to associate with a constant_keyword field.
type: string
metric_type:
description: Metric type
type: string
Expand Down