[Session View] remove use of runtime mapping once endpoint fixes same_as_process boolean. #128962
Assignees
Labels
bug
Fixes for quality problems that affect the customer experience
Team: AWP: Platform
Adaptive Workload Protection Platform team from Security Solution
v8.2.0
Comments
mitodrummer
added
bug
|
same_as_process should now be available in the latest endpoint-dev code. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Kibana version:
8.2
Describe the bug:
In order to query for all entry_session leaders for rendering in the sessions table, we currently need to use a complex runtime mapping. The ECS spec adds support for a entry_leader.same_as_process boolean, which can be used for this purpose.
e.g get all events WHERE process.entry_leader.same_as_process: true
Any additional context:
#127920 (comment)
The text was updated successfully, but these errors were encountered: