Cleaning up unused invalid ECS fields at root-level

elastic · kgeller · Sep 26, 2023 · Sep 25, 2023 · Sep 25, 2023 · Sep 25, 2023
commit 9f15c3d3ff1b2eb06a5e8b7ecade37ca9f84a37f
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: 1.15.1
+  changes:
+    - description: Removing unused ECS field declarations.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/7965
 - version: "1.15.0"
   changes:
     - description: Add event.action and message to specific events.

@@ -22,12 +22,6 @@
   name: destination.bytes
 - external: ecs
   name: destination.domain
-- external: ecs
-  name: destination.geo.city_name
-- external: ecs
-  name: destination.geo.country_name
-- external: ecs
-  name: destination.geo.location
 - external: ecs
   name: destination.ip
 - external: ecs
@@ -90,14 +84,6 @@
   name: file.size
 - external: ecs
   name: file.type
-- external: ecs
-  name: geo.city_name
-- external: ecs
-  name: geo.country_name
-- external: ecs
-  name: geo.name
-- external: ecs
-  name: geo.region_name
 - external: ecs
   name: group.id
 - external: ecs
@@ -200,12 +186,6 @@
   name: source.bytes
 - external: ecs
   name: source.domain
-- external: ecs
-  name: source.geo.city_name
-- external: ecs
-  name: source.geo.country_name
-- external: ecs
-  name: source.geo.location
 - external: ecs
   name: source.ip
 - external: ecs
@@ -246,22 +226,6 @@
   name: user_agent.original
 - external: ecs
   name: observer.hostname
-- external: ecs
-  name: destination.geo.continent_name
-- external: ecs
-  name: destination.geo.country_iso_code
-- external: ecs
-  name: destination.geo.region_iso_code
-- external: ecs
-  name: destination.geo.region_name
-- external: ecs
-  name: source.geo.continent_name
-- external: ecs
-  name: source.geo.country_iso_code
-- external: ecs
-  name: source.geo.region_iso_code
-- external: ecs
-  name: source.geo.region_name
 - external: ecs
   name: network.vlan.id
 - external: ecs
@@ -276,22 +240,6 @@
   name: threat.indicator.file.name
 - external: ecs
   name: threat.indicator.file.hash.sha256
-- external: ecs
-  name: client.geo.city_name
-- external: ecs
-  name: client.geo.continent_name
-- external: ecs
-  name: client.geo.country_iso_code
-- external: ecs
-  name: client.geo.country_name
-- external: ecs
-  name: client.geo.location.lat
-- external: ecs
-  name: client.geo.location.lon
-- external: ecs
-  name: client.geo.region_iso_code
-- external: ecs
-  name: client.geo.region_name
 - external: ecs
   name: organization.id
 - external: ecs

@@ -90,14 +90,6 @@
   name: file.size
 - external: ecs
   name: file.type
-- external: ecs
-  name: geo.city_name
-- external: ecs
-  name: geo.country_name
-- external: ecs
-  name: geo.name
-- external: ecs
-  name: geo.region_name
 - external: ecs
   name: group.id
 - external: ecs

@@ -168,10 +168,6 @@ The `cisco_meraki.log` dataset provides events from the configured syslog server
 | file.path.text | Multi-field of `file.path`. | match_only_text |
 | file.size | File size in bytes. Only relevant when `file.type` is "file". | long |
 | file.type | File type (file, dir, or symlink). | keyword |
-| geo.city_name | City name. | keyword |
-| geo.country_name | Country name. | keyword |
-| geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword |
-| geo.region_name | Region name. | keyword |
 | group.id | Unique identifier for the group on the system/platform. | keyword |
 | group.name | Name of the group. | keyword |
 | host.architecture | Operating system architecture. | keyword |
@@ -421,14 +417,6 @@ An example event for `log` looks as following:
 | cisco_meraki.event.sharedSecret | User defined secret to be validated by the webhook receiver (optional) | keyword |
 | cisco_meraki.event.version | Current version of webhook format | keyword |
 | client.domain | The domain name of the client system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword |
-| client.geo.city_name | City name. | keyword |
-| client.geo.continent_name | Name of the continent. | keyword |
-| client.geo.country_iso_code | Country ISO code. | keyword |
-| client.geo.country_name | Country name. | keyword |
-| client.geo.location.lat | Longitude and latitude. | geo_point |
-| client.geo.location.lon | Longitude and latitude. | geo_point |
-| client.geo.region_iso_code | Region ISO code. | keyword |
-| client.geo.region_name | Region name. | keyword |
 | client.ip | IP address of the client (IPv4 or IPv6). | ip |
 | client.mac | MAC address of the client. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword |
 | client.registered_domain | The highest registered client domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". | keyword |
@@ -456,13 +444,6 @@ An example event for `log` looks as following:
 | destination.as.organization.name.text | Multi-field of `destination.as.organization.name`. | match_only_text |
 | destination.bytes | Bytes sent from the destination to the source. | long |
 | destination.domain | The domain name of the destination system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword |
-| destination.geo.city_name | City name. | keyword |
-| destination.geo.continent_name | Name of the continent. | keyword |
-| destination.geo.country_iso_code | Country ISO code. | keyword |
-| destination.geo.country_name | Country name. | keyword |
-| destination.geo.location | Longitude and latitude. | geo_point |
-| destination.geo.region_iso_code | Region ISO code. | keyword |
-| destination.geo.region_name | Region name. | keyword |
 | destination.ip | IP address of the destination (IPv4 or IPv6). | ip |
 | destination.mac | MAC address of the destination. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword |
 | destination.nat.ip | Translated ip of destination based NAT sessions (e.g. internet to private DMZ) Typically used with load balancers, firewalls, or routers. | ip |
@@ -497,10 +478,6 @@ An example event for `log` looks as following:
 | file.path.text | Multi-field of `file.path`. | match_only_text |
 | file.size | File size in bytes. Only relevant when `file.type` is "file". | long |
 | file.type | File type (file, dir, or symlink). | keyword |
-| geo.city_name | City name. | keyword |
-| geo.country_name | Country name. | keyword |
-| geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword |
-| geo.region_name | Region name. | keyword |
 | group.id | Unique identifier for the group on the system/platform. | keyword |
 | group.name | Name of the group. | keyword |
 | host.architecture | Operating system architecture. | keyword |
@@ -578,13 +555,6 @@ An example event for `log` looks as following:
 | source.as.organization.name.text | Multi-field of `source.as.organization.name`. | match_only_text |
 | source.bytes | Bytes sent from the source to the destination. | long |
 | source.domain | The domain name of the source system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword |
-| source.geo.city_name | City name. | keyword |
-| source.geo.continent_name | Name of the continent. | keyword |
-| source.geo.country_iso_code | Country ISO code. | keyword |
-| source.geo.country_name | Country name. | keyword |
-| source.geo.location | Longitude and latitude. | geo_point |
-| source.geo.region_iso_code | Region ISO code. | keyword |
-| source.geo.region_name | Region name. | keyword |
 | source.ip | IP address of the source (IPv4 or IPv6). | ip |
 | source.mac | MAC address of the source. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword |
 | source.nat.ip | Translated ip of source based NAT sessions (e.g. internal client to internet) Typically connections traversing load balancers, firewalls, or routers. | ip |

@@ -1,7 +1,7 @@
 format_version: 2.11.0
 name: cisco_meraki
 title: Cisco Meraki
-version: "1.15.0"
+version: "1.15.1"
 description: Collect logs from Cisco Meraki with Elastic Agent.
 type: integration
 categories: