From c56943904c835e86231bc766f62f1a184563215a Mon Sep 17 00:00:00 2001 From: pzl Date: Mon, 25 Sep 2023 15:41:23 -0400 Subject: [PATCH] manually remove the required property from fields but build tools will likely replace these until fixed --- .../endpoint/data_stream/action_responses/fields/fields.yml | 4 +--- package/endpoint/data_stream/actions/fields/fields.yml | 4 +--- package/endpoint/data_stream/alerts/fields/fields.yml | 4 +--- package/endpoint/data_stream/api/fields/fields.yml | 4 +--- package/endpoint/data_stream/collection/fields/fields.yml | 4 +--- package/endpoint/data_stream/file/fields/fields.yml | 5 +---- package/endpoint/data_stream/heartbeat/fields/fields.yml | 1 - package/endpoint/data_stream/library/fields/fields.yml | 4 +--- package/endpoint/data_stream/metadata/fields/fields.yml | 4 +--- package/endpoint/data_stream/metrics/fields/fields.yml | 4 +--- package/endpoint/data_stream/network/fields/fields.yml | 4 +--- package/endpoint/data_stream/policy/fields/fields.yml | 4 +--- package/endpoint/data_stream/process/fields/fields.yml | 4 +--- package/endpoint/data_stream/registry/fields/fields.yml | 4 +--- package/endpoint/data_stream/security/fields/fields.yml | 4 +--- 15 files changed, 14 insertions(+), 44 deletions(-) diff --git a/package/endpoint/data_stream/action_responses/fields/fields.yml b/package/endpoint/data_stream/action_responses/fields/fields.yml index fcd8d5f20..971deb998 100644 --- a/package/endpoint/data_stream/action_responses/fields/fields.yml +++ b/package/endpoint/data_stream/action_responses/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. @@ -155,10 +154,9 @@ fields: - name: version level: core - required: true type: keyword ignore_above: 1024 - description: 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. + description: 'ECS version this event conforms to. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.' example: 1.0.0 diff --git a/package/endpoint/data_stream/actions/fields/fields.yml b/package/endpoint/data_stream/actions/fields/fields.yml index dba7027cf..4e09d7fee 100644 --- a/package/endpoint/data_stream/actions/fields/fields.yml +++ b/package/endpoint/data_stream/actions/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. @@ -161,10 +160,9 @@ fields: - name: version level: core - required: true type: keyword ignore_above: 1024 - description: 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. + description: 'ECS version this event conforms to. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.' example: 1.0.0 diff --git a/package/endpoint/data_stream/alerts/fields/fields.yml b/package/endpoint/data_stream/alerts/fields/fields.yml index c6559a734..8aeb23d17 100644 --- a/package/endpoint/data_stream/alerts/fields/fields.yml +++ b/package/endpoint/data_stream/alerts/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. @@ -3241,10 +3240,9 @@ fields: - name: version level: core - required: true type: keyword ignore_above: 1024 - description: 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. + description: 'ECS version this event conforms to. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.' example: 1.0.0 diff --git a/package/endpoint/data_stream/api/fields/fields.yml b/package/endpoint/data_stream/api/fields/fields.yml index e989deada..13af524b1 100644 --- a/package/endpoint/data_stream/api/fields/fields.yml +++ b/package/endpoint/data_stream/api/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. @@ -126,10 +125,9 @@ fields: - name: version level: core - required: true type: keyword ignore_above: 1024 - description: 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. + description: 'ECS version this event conforms to. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.' example: 1.0.0 diff --git a/package/endpoint/data_stream/collection/fields/fields.yml b/package/endpoint/data_stream/collection/fields/fields.yml index 1d260f760..1eafc09c0 100644 --- a/package/endpoint/data_stream/collection/fields/fields.yml +++ b/package/endpoint/data_stream/collection/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. @@ -45,10 +44,9 @@ fields: - name: version level: core - required: true type: keyword ignore_above: 1024 - description: 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. + description: 'ECS version this event conforms to. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.' example: 1.0.0 diff --git a/package/endpoint/data_stream/file/fields/fields.yml b/package/endpoint/data_stream/file/fields/fields.yml index b70a7a908..1b84b2d30 100644 --- a/package/endpoint/data_stream/file/fields/fields.yml +++ b/package/endpoint/data_stream/file/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. @@ -251,11 +250,9 @@ fields: - name: version level: core - required: true type: keyword ignore_above: 1024 - description: 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. - + description: 'ECS version this event conforms to. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.' example: 1.0.0 - name: event diff --git a/package/endpoint/data_stream/heartbeat/fields/fields.yml b/package/endpoint/data_stream/heartbeat/fields/fields.yml index 142515c16..658c33319 100644 --- a/package/endpoint/data_stream/heartbeat/fields/fields.yml +++ b/package/endpoint/data_stream/heartbeat/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. diff --git a/package/endpoint/data_stream/library/fields/fields.yml b/package/endpoint/data_stream/library/fields/fields.yml index 446d3a17c..1b2c40782 100644 --- a/package/endpoint/data_stream/library/fields/fields.yml +++ b/package/endpoint/data_stream/library/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. @@ -494,10 +493,9 @@ fields: - name: version level: core - required: true type: keyword ignore_above: 1024 - description: 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. + description: 'ECS version this event conforms to. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.' example: 1.0.0 diff --git a/package/endpoint/data_stream/metadata/fields/fields.yml b/package/endpoint/data_stream/metadata/fields/fields.yml index da3a3d4a2..931b1687a 100644 --- a/package/endpoint/data_stream/metadata/fields/fields.yml +++ b/package/endpoint/data_stream/metadata/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. @@ -153,10 +152,9 @@ fields: - name: version level: core - required: true type: keyword ignore_above: 1024 - description: 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. + description: 'ECS version this event conforms to. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.' example: 1.0.0 diff --git a/package/endpoint/data_stream/metrics/fields/fields.yml b/package/endpoint/data_stream/metrics/fields/fields.yml index 0d4203dd9..dc147ddc6 100644 --- a/package/endpoint/data_stream/metrics/fields/fields.yml +++ b/package/endpoint/data_stream/metrics/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. @@ -755,10 +754,9 @@ fields: - name: version level: core - required: true type: keyword ignore_above: 1024 - description: 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. + description: 'ECS version this event conforms to. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.' example: 1.0.0 diff --git a/package/endpoint/data_stream/network/fields/fields.yml b/package/endpoint/data_stream/network/fields/fields.yml index b8b4d5994..3e6f7590f 100644 --- a/package/endpoint/data_stream/network/fields/fields.yml +++ b/package/endpoint/data_stream/network/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. @@ -310,10 +309,9 @@ fields: - name: version level: core - required: true type: keyword ignore_above: 1024 - description: 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. + description: 'ECS version this event conforms to. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.' example: 1.0.0 diff --git a/package/endpoint/data_stream/policy/fields/fields.yml b/package/endpoint/data_stream/policy/fields/fields.yml index 2e8d898a7..d74e2866d 100644 --- a/package/endpoint/data_stream/policy/fields/fields.yml +++ b/package/endpoint/data_stream/policy/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. @@ -490,10 +489,9 @@ fields: - name: version level: core - required: true type: keyword ignore_above: 1024 - description: 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. + description: 'ECS version this event conforms to. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.' example: 1.0.0 diff --git a/package/endpoint/data_stream/process/fields/fields.yml b/package/endpoint/data_stream/process/fields/fields.yml index 3d49fdbb8..0837304a8 100644 --- a/package/endpoint/data_stream/process/fields/fields.yml +++ b/package/endpoint/data_stream/process/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. @@ -266,10 +265,9 @@ fields: - name: version level: core - required: true type: keyword ignore_above: 1024 - description: 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. + description: 'ECS version this event conforms to. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.' example: 1.0.0 diff --git a/package/endpoint/data_stream/registry/fields/fields.yml b/package/endpoint/data_stream/registry/fields/fields.yml index c8c558989..b5d06f225 100644 --- a/package/endpoint/data_stream/registry/fields/fields.yml +++ b/package/endpoint/data_stream/registry/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. @@ -210,10 +209,9 @@ fields: - name: version level: core - required: true type: keyword ignore_above: 1024 - description: 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. + description: 'ECS version this event conforms to. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.' example: 1.0.0 diff --git a/package/endpoint/data_stream/security/fields/fields.yml b/package/endpoint/data_stream/security/fields/fields.yml index 30aa1d39d..1dbf52019 100644 --- a/package/endpoint/data_stream/security/fields/fields.yml +++ b/package/endpoint/data_stream/security/fields/fields.yml @@ -1,6 +1,5 @@ - name: '@timestamp' level: core - required: true type: date description: 'Date/time when the event originated. @@ -170,10 +169,9 @@ fields: - name: version level: core - required: true type: keyword ignore_above: 1024 - description: 'ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. + description: 'ECS version this event conforms to. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.' example: 1.0.0