Skip to content

Commit

Permalink
Update ECS in auditbeat sessionmd processor (#38994)
Browse files Browse the repository at this point in the history 
The sessionmd processor requires some of the latest process field from ECS, that are not currently in libbeat. This adds the required ECS field assets to the processor.

Without these fields, some field types would be incorrect. For example, `session_leader.start` should be date, but were sent as keyword.
  • Loading branch information
@mjwolf
mjwolf authored Apr 18, 2024
1 parent eb122ef commit a0dfeea
Show file tree
Hide file tree
Showing 3 changed files with 1,376 additions and 1 deletion.
2 changes: 1 addition & 1 deletion CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
- Fix cache processor expiries infinite growth when large a large TTL is used and recurring keys are cached. {pull}38561[38561]

*Auditbeat*

- Set field types to correctly match ECS in sessionmd processor {issue}38955[38955] {pull}38994[38994]

*Filebeat*

Expand Down
Loading

0 comments on commit a0dfeea

Please sign in to comment.