Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add transform to spec #307

Merged
merged 23 commits into from
Jul 6, 2022
Merged

Add transform to spec #307

Show file tree
Hide file tree
Changes from 16 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
f5100f9
add to spec and test
eyalkraft Mar 30, 2022
032787a
update changelog
eyalkraft Mar 30, 2022
4b51706
fix changelog
eyalkraft Mar 30, 2022
291a75e
revert newline change
eyalkraft Mar 31, 2022
20f7a09
enforce subfolders and default.json naming
eyalkraft Mar 31, 2022
f8b57ac
add endpoint transforms as good examples
eyalkraft Apr 3, 2022
5095360
allow numbers in transform dir name
eyalkraft Apr 3, 2022
6ca6997
Merge branch 'main' into add-transform-to-spec
eyalkraft Apr 3, 2022
1b6687c
Merge branch 'main' into add-transform-to-spec
eyalkraft Jun 9, 2022
fd35caa
add dest index template
eyalkraft Jun 9, 2022
b63ec41
Merge branch 'main' into add-transform-to-spec
eyalkraft Jun 21, 2022
594115c
fix review comments
eyalkraft Jun 21, 2022
48d0bc6
wrap timestamp
eyalkraft Jun 21, 2022
8d7282c
add fields
eyalkraft Jun 22, 2022
32f5ed1
fix multifields
eyalkraft Jun 22, 2022
1e34688
fix nits
eyalkraft Jun 23, 2022
dd07c1a
add start flag
eyalkraft Jun 26, 2022
940629f
add naming convention to description
eyalkraft Jun 26, 2022
5a604bc
add transform validations
eyalkraft Jun 26, 2022
e736216
update index template naming
eyalkraft Jun 27, 2022
9b008f3
update transform naming
eyalkraft Jun 27, 2022
84abd35
update example
eyalkraft Jun 27, 2022
c06c5c7
update description with recommended source and destination index naming
eyalkraft Jun 27, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions test/packages/good/elasticsearch/transform/good_example_abc_1/transform.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
source:
index: kibana_sample_data_ecommerce
query:
term:
geoip.continent_name:
value: Asia
pivot:
group_by:
customer_id:
terms:
field: customer_id
aggregations:
max_price:
max:
field: taxful_total_price
description: Maximum priced ecommerce data by customer_id in Asia
dest:
index: kibana_sample_data_ecommerce_transform1
pipeline: add_timestamp_pipeline
frequency: 5m
sync:
time:
field: order_date
delay: 60s
retention_policy:
time:
field: order_date
max_age: 30d
198 changes: 198 additions & 0 deletions test/packages/good/elasticsearch/transform/metadata_current/fields/fields.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,198 @@
- name: '@timestamp'
type: date
- name: updated_at
type: alias
path: event.ingested
- name: Endpoint
type: group
fields:
- name: configuration
type: group
fields:
- name: isolation
type: boolean
null_value: false
- name: policy
type: group
fields:
- name: applied
type: group
fields:
- name: id
type: keyword
ignore_above: 1024
- name: name
type: keyword
ignore_above: 1024
- name: status
type: keyword
ignore_above: 1024
- name: state
type: group
fields:
- name: isolation
type: boolean
null_value: false
- name: status
type: keyword
ignore_above: 1024
- name: capabilities
type: keyword
ignore_above: 128
doc_values: false
- name: agent
type: group
fields:
- name: id
type: keyword
ignore_above: 1024
- name: name
type: keyword
ignore_above: 1024
- name: type
type: keyword
ignore_above: 1024
- name: version
type: keyword
ignore_above: 1024
- name: data_stream
type: group
fields:
- name: dataset
type: constant_keyword
value: endpoint.metadata
- name: namespace
type: keyword
- name: type
type: constant_keyword
value: metrics
- name: ecs
type: group
fields:
- name: version
type: keyword
ignore_above: 1024
- name: elastic
type: group
fields:
- name: agent
type: group
fields:
- name: id
type: keyword
ignore_above: 1024
- name: event
type: group
fields:
- name: action
type: keyword
ignore_above: 1024
- name: category
type: keyword
ignore_above: 1024
- name: code
type: keyword
ignore_above: 1024
- name: created
type: date
- name: dataset
type: keyword
ignore_above: 1024
- name: hash
type: keyword
ignore_above: 1024
- name: id
type: keyword
ignore_above: 1024
- name: ingested
type: date
- name: kind
type: keyword
ignore_above: 1024
- name: module
type: keyword
ignore_above: 1024
- name: outcome
type: keyword
ignore_above: 1024
- name: provider
type: keyword
ignore_above: 1024
- name: sequence
type: long
- name: severity
type: long
- name: type
type: keyword
ignore_above: 1024
- name: host
type: group
fields:
- name: architecture
type: keyword
ignore_above: 1024
- name: domain
type: keyword
ignore_above: 1024
- name: hostname
type: keyword
ignore_above: 1024
- name: id
type: keyword
ignore_above: 1024
- name: ip
type: ip
- name: mac
type: keyword
ignore_above: 1024
- name: name
type: keyword
ignore_above: 1024
- name: os
type: group
fields:
- name: Ext
type: group
fields:
- name: variant
type: keyword
ignore_above: 1024
- name: family
type: keyword
ignore_above: 1024
- name: full
type: keyword
ignore_above: 1024
multi_fields:
- name: caseless
type: keyword
ignore_above: 1024
normalizer: lowercase
- name: text
type: text
norms: false
- name: kernel
type: keyword
ignore_above: 1024
- name: name
type: keyword
ignore_above: 1024
multi_fields:
- name: caseless
type: keyword
ignore_above: 1024
normalizer: lowercase
- name: text
type: text
norms: false
- name: platform
type: keyword
ignore_above: 1024
- name: version
type: keyword
ignore_above: 1024
- name: type
type: keyword
ignore_above: 1024
- name: uptime
type: long
13 changes: 13 additions & 0 deletions test/packages/good/elasticsearch/transform/metadata_current/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
destination_index_template:
settings:
index:
codec: best_compression
refresh_interval: 5s
number_of_shards: 1
number_of_routing_shards: 30
sort.field:
- "@timestamp"
- agent.id
sort.order:
- desc
- asc
20 changes: 20 additions & 0 deletions test/packages/good/elasticsearch/transform/metadata_current/transform.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
source:
index: metrics-endpoint.metadata-*
query:
range:
"@timestamp":
gt: now-90d/d
dest:
index: metrics-endpoint.metadata_current_default
latest:
unique_key:
- elastic.agent.id
sort: "@timestamp"
description: Latest Endpoint metadata document per host
_meta:
managed: true
frequency: 1s
sync:
time:
field: event.ingested
delay: 1s
Loading