Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Osquery Manager: Update schema fields description #1020

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 26, 2021
Merged

Osquery Manager: Update schema fields description #1020

merged 3 commits into from
May 26, 2021

Conversation

aleksmaus
Copy link
Contributor

Provides better description for the schema fields.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • If I'm introducing a new feature, I have modified the Kibana version constraint in my package's manifest.yml file to point to the latest Elastic stack release (e.g. ^7.13.0).

Related issues

@aleksmaus aleksmaus added v7.14.0 Team:Asset Mgt Security Assets Management team [elastic/security-asset-management] labels May 25, 2021
@melissaburpo
Copy link
Contributor

@aleksmaus - this looks good, but one question: it looks like the Type column now has 2 entries for most fields. For example, keyword, text.text. Is that intentional? Previously, almost all of them were just keyword.

Ex:
image

@elasticmachine
Copy link

elasticmachine commented May 25, 2021
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Pull request #1020 updated

  • Start Time: 2021-05-25T18:26:03.344+0000

  • Duration: 11 min 41 sec

  • Commit: eff7086

Test stats 🧪

Test Results
Failed 0
Passed 1
Skipped 0
Total 1

Trends 🧪

Image of Build Times

Image of Tests

@aleksmaus
Copy link
Contributor Author

aleksmaus commented May 25, 2021
edited
Loading

@aleksmaus - this looks good, but one question: it looks like the Type column now has 2 entries for most fields. For example, keyword, text.text. Is that intentional? Previously, almost all of them were just keyword.

Ex:
image

The previous README.MD didn't capture that the fields were multi-fields as defined in osquery.yml for the actual Elasticsearch mapping.

@aleksmaus
Copy link
Contributor Author

While testing with kibana stumbled upon issue, the line breaks are sanitized and not rendered correctly.
Screen Shot 2021-05-25 at 1 08 26 PM

Screen Shot 2021-05-25 at 1 10 03 PM

None of the other approaches with markdown worked, it's either didn't render README.md in github correctly or was not rendering with kibana.

Updated to the multi-line cells that looks like this with kibana
Screen Shot 2021-05-25 at 2 25 11 PM

And markdown README.md renders sufficiently ok
Screen Shot 2021-05-25 at 2 29 24 PM

@melissaburpo
Copy link
Contributor

That looks great @aleksmaus - it's very readable.

@aleksmaus aleksmaus merged commit d61f54d into elastic:master May 26, 2021
@aleksmaus aleksmaus deleted the osquery_manager/update_fields_description branch May 26, 2021 11:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@melissaburpo melissaburpo melissaburpo approved these changes

@james-elastic james-elastic james-elastic approved these changes

@lykkin lykkin Awaiting requested review from lykkin

@patrykkopycinski patrykkopycinski Awaiting requested review from patrykkopycinski

Assignees
No one assigned
Labels
Team:Asset Mgt Security Assets Management team [elastic/security-asset-management] v7.14.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@aleksmaus @melissaburpo @elasticmachine @james-elastic