diff --git a/CHANGELOG.md b/CHANGELOG.md index b54b9eb5cf..f81f0ac62a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,8 @@ All notable changes to this project will be documented in this file based on the * Added network directions ingress and egress. #945 * Added `threat.technique.subtechnique` to capture MITRE ATT&CKĀ® subtechniques. #951 * Added `configuration` as an allowed `event.category`. #963 +* Added a new directory with experimental artifacts, which includes all changes + from RFCs that have reached stage 2. #993, #1053 #### Improvements @@ -43,8 +45,6 @@ All notable changes to this project will be documented in this file based on the * Added check under `--strict` that ensures composite types in example fields are quoted. #966 * Added `ignore_above` and `normalizer` support for keyword multi-fields. #971 * Added `--oss` flag for users who want to generate ECS templates for use on OSS clusters. #991 -* Added a new directory with experimental artifacts, which includes all changes - from RFCs that have reached stage 2. #993 #### Improvements diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index be3a96763c..5f9de5f78d 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -3565,8 +3565,7 @@ default_field: false - name: parent.thread.name level: extended - type: keyword - ignore_above: 1024 + type: wildcard description: Thread name. example: thread-0 default_field: false @@ -3680,8 +3679,7 @@ example: 4242 - name: thread.name level: extended - type: keyword - ignore_above: 1024 + type: wildcard description: Thread name. example: thread-0 - name: title diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index 964fa9acc2..372a8464d5 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -413,7 +413,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 2.0.0-dev,true,process,process.parent.ppid,long,extended,,4241,Parent process' pid. 2.0.0-dev,true,process,process.parent.start,date,extended,,2016-05-23T08:05:34.853Z,The time the process started. 2.0.0-dev,true,process,process.parent.thread.id,long,extended,,4242,Thread ID. -2.0.0-dev,true,process,process.parent.thread.name,keyword,extended,,thread-0,Thread name. +2.0.0-dev,true,process,process.parent.thread.name,wildcard,extended,,thread-0,Thread name. 2.0.0-dev,true,process,process.parent.title,wildcard,extended,,,Process title. 2.0.0-dev,true,process,process.parent.title.text,text,extended,,,Process title. 2.0.0-dev,true,process,process.parent.uptime,long,extended,,1325,Seconds the process has been up. @@ -431,7 +431,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 2.0.0-dev,true,process,process.ppid,long,extended,,4241,Parent process' pid. 2.0.0-dev,true,process,process.start,date,extended,,2016-05-23T08:05:34.853Z,The time the process started. 2.0.0-dev,true,process,process.thread.id,long,extended,,4242,Thread ID. -2.0.0-dev,true,process,process.thread.name,keyword,extended,,thread-0,Thread name. +2.0.0-dev,true,process,process.thread.name,wildcard,extended,,thread-0,Thread name. 2.0.0-dev,true,process,process.title,wildcard,extended,,,Process title. 2.0.0-dev,true,process,process.title.text,text,extended,,,Process title. 2.0.0-dev,true,process,process.uptime,long,extended,,1325,Seconds the process has been up. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index b07d2ba201..8d7be33e8a 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -5384,13 +5384,12 @@ process.parent.thread.name: description: Thread name. example: thread-0 flat_name: process.parent.thread.name - ignore_above: 1024 level: extended name: thread.name normalize: [] original_fieldset: process short: Thread name. - type: keyword + type: wildcard process.parent.title: dashed_name: process-parent-title description: 'Process title. @@ -5581,12 +5580,11 @@ process.thread.name: description: Thread name. example: thread-0 flat_name: process.thread.name - ignore_above: 1024 level: extended name: thread.name normalize: [] short: Thread name. - type: keyword + type: wildcard process.title: dashed_name: process-title description: 'Process title. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index ebd19083ed..f939f31420 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -6426,13 +6426,12 @@ process: description: Thread name. example: thread-0 flat_name: process.parent.thread.name - ignore_above: 1024 level: extended name: thread.name normalize: [] original_fieldset: process short: Thread name. - type: keyword + type: wildcard process.parent.title: dashed_name: process-parent-title description: 'Process title. @@ -6623,12 +6622,11 @@ process: description: Thread name. example: thread-0 flat_name: process.thread.name - ignore_above: 1024 level: extended name: thread.name normalize: [] short: Thread name. - type: keyword + type: wildcard process.title: dashed_name: process-title description: 'Process title. diff --git a/experimental/generated/elasticsearch/7/template.json b/experimental/generated/elasticsearch/7/template.json index 80d7e168d4..6dbc46a6af 100644 --- a/experimental/generated/elasticsearch/7/template.json +++ b/experimental/generated/elasticsearch/7/template.json @@ -1903,8 +1903,7 @@ "type": "long" }, "name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } }, @@ -1980,8 +1979,7 @@ "type": "long" }, "name": { - "ignore_above": 1024, - "type": "keyword" + "type": "wildcard" } } }, diff --git a/experimental/schemas/process.yml b/experimental/schemas/process.yml index da492e4564..e759e97e86 100644 --- a/experimental/schemas/process.yml +++ b/experimental/schemas/process.yml @@ -7,6 +7,8 @@ type: wildcard - name: name type: wildcard + - name: thread.name + type: wildcard - name: title type: wildcard - name: working_directory