diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 96d80b05ea5..72f79e3c9d3 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -89,6 +89,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Only filesets that are explicitly configured will be enabled. {issue}17256[17256] {pull}27526[27526] - All filesets are disabled in the default configuration. {issue}17256[17256] {pull}27762[27762] - Remove deprecated fields in Kafka module. {pull}27938[27938] +- Remove deprecated fields in coredns module. {pull}28196[28196] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index c3b2e75246f..c343709f78f 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -27522,16 +27522,6 @@ coredns fields after normalization -*`coredns.id`*:: -+ --- -id of the DNS transaction - - -type: keyword - --- - *`coredns.query.size`*:: + -- @@ -27544,56 +27534,6 @@ format: bytes -- -*`coredns.query.class`*:: -+ --- -DNS query class - - -type: keyword - --- - -*`coredns.query.name`*:: -+ --- -DNS query name - - -type: keyword - --- - -*`coredns.query.type`*:: -+ --- -DNS query type - - -type: keyword - --- - -*`coredns.response.code`*:: -+ --- -DNS response code - - -type: keyword - --- - -*`coredns.response.flags`*:: -+ --- -DNS response flags - - -type: keyword - --- - *`coredns.response.size`*:: + -- @@ -27606,16 +27546,6 @@ format: bytes -- -*`coredns.dnssec_ok`*:: -+ --- -dnssec flag - - -type: boolean - --- - [[exported-fields-crowdstrike]] == Crowdstrike fields diff --git a/x-pack/filebeat/module/coredns/_meta/fields.yml b/x-pack/filebeat/module/coredns/_meta/fields.yml index 98ee91094ab..a50add785a1 100644 --- a/x-pack/filebeat/module/coredns/_meta/fields.yml +++ b/x-pack/filebeat/module/coredns/_meta/fields.yml @@ -8,50 +8,14 @@ description: > coredns fields after normalization fields: - - name: id - type: keyword - description: > - id of the DNS transaction - - name: query.size type: integer format: bytes description: > size of the DNS query - - name: query.class - type: keyword - description: > - DNS query class - - - name: query.name - type: keyword - description: > - DNS query name - - - name: query.type - type: keyword - description: > - DNS query type - - - name: response.code - type: keyword - description: > - DNS response code - - - name: response.flags - type: keyword - description: > - DNS response flags - - name: response.size type: integer format: bytes description: > size of the DNS response - - - name: dnssec_ok - type: boolean - description: > - dnssec flag - diff --git a/x-pack/filebeat/module/coredns/fields.go b/x-pack/filebeat/module/coredns/fields.go index 7671ccd0ec9..47a33b19e1c 100644 --- a/x-pack/filebeat/module/coredns/fields.go +++ b/x-pack/filebeat/module/coredns/fields.go @@ -19,5 +19,5 @@ func init() { // AssetCoredns returns asset data. // This is the base64 encoded zlib format compressed contents of module/coredns. func AssetCoredns() string { - return "eJy00kFugzAQheE9p3gXSA7Aopt22256gMqxB2LF8VCPUeWcvrIhBCFQpKKyikb4/8YKB1wo1dAcyHipgGijoxqv08CQ6GC7aNnXeKkA4J1N7wgNB5yVN876Fo5bQRfY9JoMTmmWbCw5I3U5eoBXV5qD+Ympoxpt4L4bJytqfsZjYxKqiRTgOVyVszeV3x5fnZsP1ZqpNJAXSj8cHtMNFrAG3CCeCW8fn4hBeVG6eAviu6eQjmJvtKCsj9RSmKZN3jrWOKVI8nyBXJyvUJx1XDsl8teLTm0MmVUh/94PlMpqPyf390tl0Q8kHXuho2azi7iHUEJbSuNUu+uvmJihtOX8//d2p5YrGC9C+osvC/7E7Ej559AQKPerqt8AAAD//23BSVQ=" + return "eJy8zjFS9DAMBeA+p3gX2P8ALv4GWmg4gTd+znrwWkZWCu/pGbMhZBhoUflGep9OeGV3mEUZSpsAS5bp8LAHgW3WVC1Jcfg/AcCThDUTURQXX0JOZUGWpaGqhHVmwLkfKmNiDs19nJ5Q/JVHcIz1SodFZa1b8oM6ZjvbKuGjUVFErz6nmx/b2+rR/FLfVmr/19KNe+OdTsW4UPc0jkpzOHdj29NfngJGIyTCLsTj88vdmb7hylalNP6B/0lN7wEAAP//HDeN8A==" } diff --git a/x-pack/filebeat/module/coredns/log/ingest/pipeline-entry.yml b/x-pack/filebeat/module/coredns/log/ingest/pipeline-entry.yml index 0a14b12f4c1..129828d5646 100644 --- a/x-pack/filebeat/module/coredns/log/ingest/pipeline-entry.yml +++ b/x-pack/filebeat/module/coredns/log/ingest/pipeline-entry.yml @@ -71,35 +71,8 @@ processors: - remove: field: - coredns.duration + - coredns.dnssec_ok ignore_missing: true - # The following copies values from dns namespace (ECS) to the coredns - # namespace to avoid introducing breaking change. This should be removed - # for 8.0.0. Additionally coredns.dnssec_ok can be removed. - - set: - field: coredns.id - value: '{{dns.id}}' - ignore_empty_value: true - - set: - field: coredns.query.class - value: '{{dns.question.class}}' - ignore_empty_value: true - - set: - field: coredns.query.name - value: '{{dns.question.name}}' - ignore_empty_value: true - - set: - field: coredns.query.type - value: '{{dns.question.type}}' - ignore_empty_value: true - - set: - field: coredns.response.code - value: '{{dns.response_code}}' - ignore_empty_value: true - - script: - if: ctx.dns?.header_flags != null - lang: painless - source: > - ctx.coredns.response.flags = ctx.dns.header_flags; # Right trim the trailing dot from domain names. - script: if: ctx.dns?.question?.name != null diff --git a/x-pack/filebeat/module/coredns/log/test/coredns-json.log-expected.json b/x-pack/filebeat/module/coredns/log/test/coredns-json.log-expected.json index 000c31f591e..9a1c8520b76 100644 --- a/x-pack/filebeat/module/coredns/log/test/coredns-json.log-expected.json +++ b/x-pack/filebeat/module/coredns/log/test/coredns-json.log-expected.json @@ -1,18 +1,7 @@ [ { "@timestamp": "2019-02-12T00:27:28.903Z", - "coredns.dnssec_ok": false, - "coredns.id": "21583", - "coredns.query.class": "IN", - "coredns.query.name": "httpbin.org.cluster.local.", "coredns.query.size": 43, - "coredns.query.type": "A", - "coredns.response.code": "NXDOMAIN", - "coredns.response.flags": [ - "QR", - "RA", - "RD" - ], "coredns.response.size": 136, "dns.header_flags": [ "QR", @@ -64,18 +53,7 @@ }, { "@timestamp": "2019-03-19T02:57:23.213Z", - "coredns.dnssec_ok": false, - "coredns.id": "6966", - "coredns.query.class": "IN", - "coredns.query.name": "httpbin.org.", "coredns.query.size": 29, - "coredns.query.type": "A", - "coredns.response.code": "NOERROR", - "coredns.response.flags": [ - "QR", - "RA", - "RD" - ], "coredns.response.size": 83, "dns.header_flags": [ "QR", @@ -127,18 +105,7 @@ }, { "@timestamp": "2019-03-11T07:16:34.013Z", - "coredns.dnssec_ok": false, - "coredns.id": "62762", - "coredns.query.class": "IN", - "coredns.query.name": "czbaoyu.com.", "coredns.query.size": 29, - "coredns.query.type": "AAAA", - "coredns.response.code": "NOERROR", - "coredns.response.flags": [ - "QR", - "RA", - "RD" - ], "coredns.response.size": 100, "dns.header_flags": [ "QR", diff --git a/x-pack/filebeat/module/coredns/log/test/coredns.log-expected.json b/x-pack/filebeat/module/coredns/log/test/coredns.log-expected.json index 5a8a6878003..82c4942488b 100644 --- a/x-pack/filebeat/module/coredns/log/test/coredns.log-expected.json +++ b/x-pack/filebeat/module/coredns/log/test/coredns.log-expected.json @@ -1,18 +1,7 @@ [ { "@timestamp": "2019-03-06T08:55:28.903Z", - "coredns.dnssec_ok": false, - "coredns.id": "21583", - "coredns.query.class": "IN", - "coredns.query.name": "httpbin.org.cluster.local.", "coredns.query.size": 43, - "coredns.query.type": "A", - "coredns.response.code": "NXDOMAIN", - "coredns.response.flags": [ - "QR", - "RA", - "RD" - ], "coredns.response.size": 136, "dns.header_flags": [ "QR", @@ -55,18 +44,7 @@ }, { "@timestamp": "2019-03-18T22:13:36.289-07:00", - "coredns.dnssec_ok": false, - "coredns.id": "14639", - "coredns.query.class": "IN", - "coredns.query.name": "www.yahoo.com.", "coredns.query.size": 42, - "coredns.query.type": "A", - "coredns.response.code": "NOERROR", - "coredns.response.flags": [ - "QR", - "RA", - "RD" - ], "coredns.response.size": 188, "dns.header_flags": [ "QR",