Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update pgSQL protocol to use ECS fields #10147

Merged
merged 4 commits into from
Jan 24, 2019
Merged

Update pgSQL protocol to use ECS fields #10147

merged 4 commits into from
Jan 24, 2019

Conversation

andrewkroh
Copy link
Member

That dashboard was updated too.

Here's a summary of what fields changed.

Part of #7968

Changed

  • bytes_in -> source.bytes
  • bytes_out -> destination.bytes
  • notes -> error.message
  • responsetime -> event.duration (unit are now nanoseconds)

Added

  • destination
  • event.dataset = pgsql
  • event.end
  • event.start
  • network.bytes
  • network.community_id
  • network.protocol = pgsql
  • network.transport = tcp
  • network.type
  • source

Removed

  • pgsql.iserror - It was a boolean that reflected the same information as status which uses OK or Error.
  • pgsql.query - It was in fields.yml but not in the code.

Unchanged Packetbeat Fields

  • method
  • query
  • status
  • type = pgsql (we might remove this since we have event.dataset)

@andrewkroh andrewkroh requested review from a team as code owners January 17, 2019 18:07
webmat
webmat reviewed Jan 18, 2019
View reviewed changes
Copy link
Contributor

@webmat webmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a few comments. Looking pretty good

packetbeat/_meta/kibana/6/dashboard/Packetbeat-pgsql.json Outdated Show resolved Hide resolved
packetbeat/tests/system/packetbeat.py Outdated Show resolved Hide resolved
@webmat
Copy link
Contributor

webmat commented Jan 18, 2019

If I understand correctly, all changed fields are Pb-wide, so the ecs-migration.yml and field aliases will come at the end. That's good.

Is that also how you're approaching the changelog for the breaking changes?

This PR could have an "Added" changelog, though.

@webmat
Copy link
Contributor

webmat commented Jan 18, 2019

Never mind the comment about the changelog above. Not sure how I missed it when reviewing.

@andrewkroh andrewkroh force-pushed the feature/pb/pgsql-ecs branch from 8d4f118 to 1ef4807 Compare January 18, 2019 20:54
@andrewkroh
Update pgSQL protocol to use ECS fields
f48700e 
That dashboard was updated too.

Here's a summary of what fields changed.

Part of elastic#7968

Changed

- bytes_in -> source.bytes
- bytes_out -> destination.bytes
- notes -> error.message
- responsetime -> event.duration (unit are now nanoseconds)

Added

- destination
- event.dataset = pgsql
- event.end
- event.start
- network.bytes
- network.community_id
- network.protocol = pgsql
- network.transport = tcp
- network.type
- source

Removed

- pgsql.iserror - It was a boolean that reflected the same information as `status` which uses OK or Error.
- pgsql.query - It was in fields.yml but not in the code.

Unchanged Packetbeat Fields

- method
- query
- status
- type = pgsql (we might remove this since we have event.dataset)
@andrewkroh
add event.end and event.duration
47131e4
@andrewkroh
Add PR number to changelog
4aaa10b
@andrewkroh
Remove time_zone from Kibana viz
868448a
@andrewkroh andrewkroh force-pushed the feature/pb/pgsql-ecs branch from 3c86a18 to 868448a Compare January 23, 2019 17:01
@andrewkroh andrewkroh merged commit 8baf1f9 into elastic:master Jan 24, 2019
@andrewkroh andrewkroh mentioned this pull request Jan 24, 2019
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@webmat webmat webmat left review comments

Assignees
No one assigned
Labels
Packetbeat review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andrewkroh @webmat