Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cisco_aironet: add ECS mapping for destination.port #11103

Merged
merged 2 commits into from
Sep 23, 2024
Merged

cisco_aironet: add ECS mapping for destination.port #11103

merged 2 commits into from
Sep 23, 2024

Conversation

zmoog
Copy link
Contributor

@zmoog zmoog commented Sep 11, 2024
edited
Loading

Proposed commit message

Add ECS mapping for the destination.port field (long type).

Users reported mapping exceptions due to destination.port string values causing field mapping as keyword instead of long. See the related issue.

Elasticsearch maps a field as a keyword if it has a string value. This happens even on stack versions 8.13+ because ecs@mappings does not perform type coercion.

By adding the destination.port field to the file fields/ecs.yml, we ensure Elasticsearch uses the expected ECS field mapping as long even when the value is a string.

IMPORTANT: To fully resolve the issue, the input/integration owner should update it to emit the right value type to leverage ecs@mappings.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

@zmoog zmoog added Integration:cisco_aironet Cisco Aironet bugfix Pull request that fixes a bug issue labels Sep 11, 2024
@zmoog zmoog self-assigned this Sep 11, 2024
@zmoog zmoog mentioned this pull request Sep 11, 2024
Open
@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@zmoog zmoog marked this pull request as ready for review September 11, 2024 22:22
@zmoog zmoog requested a review from a team as a code owner September 11, 2024 22:22
@andrewkroh andrewkroh added the Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices] label Sep 11, 2024
@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @zmoog

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@taylor-swanson taylor-swanson merged commit 08db9aa into elastic:main Sep 23, 2024
5 checks passed
@taylor-swanson taylor-swanson mentioned this pull request Sep 23, 2024
Open
4 tasks
@elastic-vault-github-plugin-prod
Copy link

Package cisco_aironet - 1.14.1 containing this change is available at https://epr.elastic.co/search?package=cisco_aironet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taylor-swanson taylor-swanson taylor-swanson approved these changes

Assignees

@zmoog zmoog

Labels
bugfix Pull request that fixes a bug issue Integration:cisco_aironet Cisco Aironet Team:Security-Deployment and Devices Deployment and Devices Security team [elastic/sec-deployment-and-devices]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@zmoog @elasticmachine @taylor-swanson @andrewkroh