Skip to content

[Stack Monitoring] Missing mapping for "event.created" missing in the integration packages #5869

New issue
New issue
Closed
#6028
Closed
[Stack Monitoring] Missing mapping for "event.created" missing in the integration packages#5869
#6028
Assignees
jennypavlova
Labels
Integration:elasticsearchElasticsearchIntegration:kibanaKibanaIntegration:logstashLogstashTeam:Infra Monitoring UI - DEPRECATEDLabel for the Infrastructure Monitoring UI team. - DEPRECATED - Use Team:obs-ux-infra_servicesbugSomething isn't working, use only for issues
@crespocarlos

Description

@crespocarlos
crespocarlos
opened on Apr 12, 2023

Some SM integration packages data-streams are missing the mapping for the event.created field, which causes them to be mapped as keyword and not date.

Here are a few examples of data streams that are missing this mapping:

  • Elasticsearch
    • gc
    • server
    • deprecation
    • slowlog
  • Kibana
    • log
    • audit
  • Logstash
    • log

It might be interesting to make sure the SM packages contain all necessary event fields mapped

- external: ecs
  name: event.ingested
- external: ecs
  name: event.kind
- external: ecs
  name: event.category
- external: ecs
  name: event.type
- external: ecs
  name: event.created
- external: ecs
  name: event.original
- external: ecs

Acceptance criteria

  • event.date is mapped as date

Metadata

Metadata

Assignees

Labels

Integration:elasticsearchElasticsearchIntegration:kibanaKibanaIntegration:logstashLogstashTeam:Infra Monitoring UI - DEPRECATEDLabel for the Infrastructure Monitoring UI team. - DEPRECATED - Use Team:obs-ux-infra_servicesbugSomething isn't working, use only for issues

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions