Remove custom detection_engine fields from generated schema

elastic · Mar 29, 2021 · 8eb6bae · 8eb6bae
1 parent e848b32
commit 8eb6bae
Show file tree

Hide file tree

Showing 5 changed files with 0 additions and 37 deletions.
diff --git a/x-pack/plugins/event_log/README.md b/x-pack/plugins/event_log/README.md
@@ -124,10 +124,6 @@ Below is a document in the expected structure, with descriptions of the fields:
       action_subgroup: "alert action subgroup, for relevant documents",
       status: "overall alert status, after alert execution",
     },
-    detection_engine: {
-      rule_status: "detection rule execution status, e.g. warning",
-      rule_status_severity: 42,
-    },
     saved_objects: [
       {
         rel: "'primary' | undefined; see below",

diff --git a/x-pack/plugins/event_log/generated/mappings.json b/x-pack/plugins/event_log/generated/mappings.json
@@ -257,17 +257,6 @@
                         }
                     }
                 },
-                "detection_engine": {
-                    "properties": {
-                        "rule_status": {
-                            "type": "keyword",
-                            "ignore_above": 1024
-                        },
-                        "rule_status_severity": {
-                            "type": "integer"
-                        }
-                    }
-                },
                 "saved_objects": {
                     "type": "nested",
                     "properties": {

diff --git a/x-pack/plugins/event_log/generated/schemas.ts b/x-pack/plugins/event_log/generated/schemas.ts
@@ -109,12 +109,6 @@ export const EventSchema = schema.maybe(
             status: ecsString(),
           })
         ),
-        detection_engine: schema.maybe(
-          schema.object({
-            rule_status: ecsString(),
-            rule_status_severity: ecsNumber(),
-          })
-        ),
         saved_objects: schema.maybe(
           schema.arrayOf(
             schema.object({

diff --git a/x-pack/plugins/event_log/scripts/mappings.js b/x-pack/plugins/event_log/scripts/mappings.js
@@ -38,18 +38,6 @@ exports.EcsCustomPropertyMappings = {
           },
         },
       },
-      // fields specific to Detection Engine of Elastic Security app (x-pack/plugins/security_solution)
-      detection_engine: {
-        properties: {
-          rule_status: {
-            type: 'keyword',
-            ignore_above: 1024,
-          },
-          rule_status_severity: {
-            type: 'integer',
-          },
-        },
-      },
       // array of saved object references, for "linking" via search
       saved_objects: {
         type: 'nested',

diff --git a/x-pack/test/plugin_api_integration/test_suites/event_log/service_api_integration.ts b/x-pack/test/plugin_api_integration/test_suites/event_log/service_api_integration.ts
@@ -164,10 +164,6 @@ export default function ({ getService }: FtrProviderContext) {
             action_subgroup: 'alert action subgroup',
             status: 'overall alert status, after alert execution',
           },
-          detection_engine: {
-            rule_status: 'warning',
-            rule_status_severity: 65,
-          },
         },
       };