Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
ECS - Missing fields, possible nesting issue
See original GitHub issueSummary
There are some missing ECS fields related to the threat intelligence features in Elastic Stack. Is it possible to add these into ECS? I believe it might be related to a previous issue around grouping and ordering that was recently fixed. Since the packages map fields to the generated ECS, the CI components are failing.
threat.indicator.file.x509.*
threat.indicator.file.hash.sha384
threat.indicator.file.hash.tlsh
threat.indicator.file.hash.pehash
Issue Analytics
- State:
- Created 2 years ago
- Comments:12 (12 by maintainers)
Top Results From Across the Web
ECS fields | Filebeat Reference [8.5] - Elastic
This section defines Elastic Common Schema (ECS) fields—a common set of fields to be used when storing event data in Elasticsearch.
Read more >Nested field support · Issue #1084 · elastic/kibana - GitHub
I installed elasticsearch and kibana 7.16.2 and I cannot access nested fields in visualizatation. It worked in the older version of elastcsearch ...
Read more >Elastic Common Schema (ECS) Reference
If you're ingesting to Elasticsearch using the API, your fields must be nested objects, not strings containing dots. See [dot-notation] for more details....
Read more >Advice on how to structure things in ECS - Unity Forum
The issue that I'm running into is the limitation on nested NativeContainers. Ideally I want to have a hashmap containing all of the...
Read more >Event Patterns in CloudWatch Events - AWS Documentation
The detail content in the example above is very simple, just two fields. AWS API call events have detail objects with around 50...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Closing, these fields have now been added to ECS schema. Thanks for all the help @kgeller!
Can absolutely get those added.
Normally for schema changes, we recommend going through the RFC process as it allows us to fully vet the proposal. However these fields appear straightforward, so I am inclined to say we can simply add them via a PR. What do you think?