From 6e6dff075841f9bc5119fc00cb652711d22100d8 Mon Sep 17 00:00:00 2001 From: Luke G <11671118+lgestc@users.noreply.github.com> Date: Thu, 27 Jun 2024 10:21:34 +0200 Subject: [PATCH] Remove example and description from browser field (#186897) ## Summary Further progress towards cleaning up the sourcerer model, aligning it with the FieldSpec. This PR removes description and examples fields from the `BrowserField`, sourcing these from the EcsFlat available in `@elastic/ecs` package. --- .../column_headers/helpers.test.tsx | 21 --- .../data_table/mock/mock_source.ts | 83 ---------- .../drag_drop_context_wrapper.test.tsx.snap | 71 --------- .../components/drag_and_drop/helpers.ts | 4 +- .../event_fields_browser.test.tsx | 4 +- .../components/event_details/helpers.test.tsx | 19 +-- .../event_details/summary_view.test.tsx | 2 - .../event_details/table/field_name_cell.tsx | 18 ++- .../table/field_value_cell.test.tsx | 10 -- .../table/prevalence_cell.test.tsx | 2 - .../table/summary_value_cell.test.tsx | 4 - .../public/common/containers/source/mock.ts | 85 ---------- .../public/sourcerer/containers/mocks.ts | 2 - .../__snapshots__/index.test.tsx.snap | 71 --------- .../body/column_headers/helpers.test.ts | 10 -- .../use_timeline_columns.test.ts.snap | 32 ---- .../search_strategy/index_fields/index.ts | 2 - .../timelines/public/mock/browser_fields.ts | 145 ------------------ 18 files changed, 19 insertions(+), 566 deletions(-) diff --git a/x-pack/packages/security-solution/data_table/components/data_table/column_headers/helpers.test.tsx b/x-pack/packages/security-solution/data_table/components/data_table/column_headers/helpers.test.tsx index b3687272274f7..c68dd56b4b00e 100644 --- a/x-pack/packages/security-solution/data_table/components/data_table/column_headers/helpers.test.tsx +++ b/x-pack/packages/security-solution/data_table/components/data_table/column_headers/helpers.test.tsx @@ -228,10 +228,7 @@ describe('helpers', () => { aggregatable: true, columnHeaderType: 'not-filtered', defaultSortDirection, - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', esTypes: ['date'], - example: '2016-05-23T08:05:34.853Z', format: '', id: '@timestamp', indexes: ['auditbeat', 'filebeat', 'packetbeat'], @@ -248,9 +245,7 @@ describe('helpers', () => { aggregatable: true, columnHeaderType: 'not-filtered', defaultSortDirection, - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', esTypes: ['ip'], - example: '', format: '', id: 'source.ip', indexes: ['auditbeat', 'filebeat', 'packetbeat'], @@ -266,10 +261,7 @@ describe('helpers', () => { aggregatable: true, columnHeaderType: 'not-filtered', defaultSortDirection, - description: - 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', esTypes: ['ip'], - example: '', format: '', id: 'destination.ip', indexes: ['auditbeat', 'filebeat', 'packetbeat'], @@ -295,10 +287,7 @@ describe('helpers', () => { aggregatable: true, columnHeaderType: 'not-filtered', defaultSortDirection, - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', esTypes: ['date'], - example: '2016-05-23T08:05:34.853Z', format: '', id: '@timestamp', indexes: ['auditbeat', 'filebeat', 'packetbeat'], @@ -351,9 +340,6 @@ describe('helpers', () => { const fieldName = 'test_field'; const testField = { aggregatable: true, - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - example: '2016-05-23T08:05:34.853Z', format: 'date', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: fieldName, @@ -384,8 +370,6 @@ describe('helpers', () => { const fieldName = 'testFieldName'; const testField = { aggregatable: true, - description: 'test field description', - example: '2016-05-23T08:05:34.853Z', format: 'date', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: fieldName, @@ -416,8 +400,6 @@ describe('helpers', () => { const fieldName = 'test.field.splittable'; const testField = { aggregatable: true, - description: 'test field description', - example: '2016-05-23T08:05:34.853Z', format: 'date', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: fieldName, @@ -448,9 +430,6 @@ describe('helpers', () => { describe('allowSorting', () => { const aggregatableField = { - description: - 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.', - example: '666777888999', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.account.id', searchable: true, diff --git a/x-pack/packages/security-solution/data_table/mock/mock_source.ts b/x-pack/packages/security-solution/data_table/mock/mock_source.ts index 588e302c9818b..822922f52754d 100644 --- a/x-pack/packages/security-solution/data_table/mock/mock_source.ts +++ b/x-pack/packages/security-solution/data_table/mock/mock_source.ts @@ -25,9 +25,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'agent.ephemeral_id': { aggregatable: true, - description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.ephemeral_id', @@ -37,8 +34,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.hostname': { aggregatable: true, - description: null, - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.hostname', @@ -48,9 +43,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.id': { aggregatable: true, - description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', - example: '8a4f500d', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.id', @@ -60,9 +52,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.name': { aggregatable: true, - description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', - example: 'foo', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.name', @@ -76,8 +65,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'auditd.data.a0': { aggregatable: true, - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a0', @@ -87,8 +74,6 @@ export const mockBrowserFields: BrowserFields = { }, 'auditd.data.a1': { aggregatable: true, - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a1', @@ -98,8 +83,6 @@ export const mockBrowserFields: BrowserFields = { }, 'auditd.data.a2': { aggregatable: true, - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a2', @@ -113,9 +96,6 @@ export const mockBrowserFields: BrowserFields = { fields: { '@timestamp': { aggregatable: true, - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - example: '2016-05-23T08:05:34.853Z', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: '@timestamp', @@ -125,8 +105,6 @@ export const mockBrowserFields: BrowserFields = { readFromDocValues: true, }, _id: { - description: 'Each document has an _id that uniquely identifies it', - example: 'Y-6TfmcB0WOhS6qyMv3s', name: '_id', type: 'string', esTypes: [], @@ -135,9 +113,6 @@ export const mockBrowserFields: BrowserFields = { indexes: ['auditbeat', 'filebeat', 'packetbeat'], }, message: { - description: - 'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.', - example: 'Hello World', name: 'message', type: 'string', esTypes: ['text'], @@ -152,9 +127,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'client.address': { aggregatable: true, - description: - 'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.address', @@ -164,8 +136,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.bytes': { aggregatable: true, - description: 'Bytes sent from the client to the server.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.bytes', @@ -175,8 +145,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.domain': { aggregatable: true, - description: 'Client domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.domain', @@ -186,8 +154,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.geo.country_iso_code': { aggregatable: true, - description: 'Country ISO code.', - example: 'CA', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.geo.country_iso_code', @@ -201,9 +167,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'cloud.account.id': { aggregatable: true, - description: - 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.', - example: '666777888999', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.account.id', @@ -213,8 +176,6 @@ export const mockBrowserFields: BrowserFields = { }, 'cloud.availability_zone': { aggregatable: true, - description: 'Availability zone in which this host is running.', - example: 'us-east-1c', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.availability_zone', @@ -228,8 +189,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'container.id': { aggregatable: true, - description: 'Unique container id.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.id', @@ -239,8 +198,6 @@ export const mockBrowserFields: BrowserFields = { }, 'container.image.name': { aggregatable: true, - description: 'Name of the image the container was built on.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.name', @@ -250,8 +207,6 @@ export const mockBrowserFields: BrowserFields = { }, 'container.image.tag': { aggregatable: true, - description: 'Container image tag.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.tag', @@ -265,9 +220,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'destination.address': { aggregatable: true, - description: - 'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.address', @@ -277,8 +229,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.bytes': { aggregatable: true, - description: 'Bytes sent from the destination to the source.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.bytes', @@ -288,8 +238,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.domain': { aggregatable: true, - description: 'Destination domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.domain', @@ -299,9 +247,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.ip': { aggregatable: true, - description: - 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.ip', @@ -311,8 +256,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.port': { aggregatable: true, - description: 'Port of the destination.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.port', @@ -325,9 +268,6 @@ export const mockBrowserFields: BrowserFields = { event: { fields: { 'event.end': { - description: - 'event.end contains the date when the event ended or when the activity was last observed.', - example: null, format: '', indexes: DEFAULT_INDEX_PATTERN, name: 'event.end', @@ -337,9 +277,6 @@ export const mockBrowserFields: BrowserFields = { aggregatable: true, }, 'event.action': { - description: - 'The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer.', - example: 'user-password-change', name: 'event.action', type: 'string', esTypes: ['keyword'], @@ -349,9 +286,6 @@ export const mockBrowserFields: BrowserFields = { indexes: DEFAULT_INDEX_PATTERN, }, 'event.category': { - description: - 'This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.', - example: 'authentication', name: 'event.category', type: 'string', esTypes: ['keyword'], @@ -361,9 +295,6 @@ export const mockBrowserFields: BrowserFields = { indexes: DEFAULT_INDEX_PATTERN, }, 'event.severity': { - description: - "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`.", - example: 7, name: 'event.severity', type: 'number', esTypes: ['long'], @@ -377,8 +308,6 @@ export const mockBrowserFields: BrowserFields = { host: { fields: { 'host.name': { - description: - 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.', name: 'host.name', type: 'string', esTypes: ['keyword'], @@ -393,8 +322,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'source.ip': { aggregatable: true, - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.ip', @@ -404,8 +331,6 @@ export const mockBrowserFields: BrowserFields = { }, 'source.port': { aggregatable: true, - description: 'Port of the source.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.port', @@ -418,8 +343,6 @@ export const mockBrowserFields: BrowserFields = { user: { fields: { 'user.name': { - description: 'Short name or login of the user.', - example: 'albert', name: 'user.name', type: 'string', esTypes: ['keyword'], @@ -434,8 +357,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'nestedField.firstAttributes': { aggregatable: false, - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.firstAttributes', @@ -449,8 +370,6 @@ export const mockBrowserFields: BrowserFields = { }, 'nestedField.secondAttributes': { aggregatable: false, - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.secondAttributes', @@ -464,8 +383,6 @@ export const mockBrowserFields: BrowserFields = { }, 'nestedField.thirdAttributes': { aggregatable: false, - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.thirdAttributes', diff --git a/x-pack/plugins/security_solution/public/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap b/x-pack/plugins/security_solution/public/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap index b313ad4b41998..87f926e5b2b7f 100644 --- a/x-pack/plugins/security_solution/public/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap @@ -8,11 +8,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "agent.ephemeral_id": Object { "aggregatable": true, - "description": "Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but \`agent.id\` does not.", "esTypes": Array [ "keyword", ], - "example": "8a4f500f", "format": "", "indexes": Array [ "auditbeat", @@ -25,11 +23,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "agent.hostname": Object { "aggregatable": true, - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -42,11 +38,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "agent.id": Object { "aggregatable": true, - "description": "Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.", "esTypes": Array [ "keyword", ], - "example": "8a4f500d", "format": "", "indexes": Array [ "auditbeat", @@ -59,11 +53,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "agent.name": Object { "aggregatable": true, - "description": "Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.", "esTypes": Array [ "keyword", ], - "example": "foo", "format": "", "indexes": Array [ "auditbeat", @@ -80,11 +72,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "auditd.data.a0": Object { "aggregatable": true, - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -95,11 +85,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "auditd.data.a1": Object { "aggregatable": true, - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -110,11 +98,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "auditd.data.a2": Object { "aggregatable": true, - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -129,11 +115,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "@timestamp": Object { "aggregatable": true, - "description": "Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.", "esTypes": Array [ "date", ], - "example": "2016-05-23T08:05:34.853Z", "format": "", "indexes": Array [ "auditbeat", @@ -147,9 +131,7 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "_id": Object { "aggregatable": false, - "description": "Each document has an _id that uniquely identifies it", "esTypes": Array [], - "example": "Y-6TfmcB0WOhS6qyMv3s", "indexes": Array [ "auditbeat", "filebeat", @@ -161,11 +143,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "message": Object { "aggregatable": false, - "description": "For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.", "esTypes": Array [ "text", ], - "example": "Hello World", "format": "string", "indexes": Array [ "auditbeat", @@ -182,11 +162,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "client.address": Object { "aggregatable": true, - "description": "Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the \`.address\` field. Then it should be duplicated to \`.ip\` or \`.domain\`, depending on which one it is.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -199,11 +177,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "client.bytes": Object { "aggregatable": true, - "description": "Bytes sent from the client to the server.", "esTypes": Array [ "long", ], - "example": "184", "format": "", "indexes": Array [ "auditbeat", @@ -216,11 +192,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "client.domain": Object { "aggregatable": true, - "description": "Client domain.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -233,11 +207,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "client.geo.country_iso_code": Object { "aggregatable": true, - "description": "Country ISO code.", "esTypes": Array [ "keyword", ], - "example": "CA", "format": "", "indexes": Array [ "auditbeat", @@ -254,11 +226,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "cloud.account.id": Object { "aggregatable": true, - "description": "The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.", "esTypes": Array [ "keyword", ], - "example": "666777888999", "format": "", "indexes": Array [ "auditbeat", @@ -271,11 +241,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "cloud.availability_zone": Object { "aggregatable": true, - "description": "Availability zone in which this host is running.", "esTypes": Array [ "keyword", ], - "example": "us-east-1c", "format": "", "indexes": Array [ "auditbeat", @@ -292,11 +260,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "container.id": Object { "aggregatable": true, - "description": "Unique container id.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -309,11 +275,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "container.image.name": Object { "aggregatable": true, - "description": "Name of the image the container was built on.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -326,11 +290,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "container.image.tag": Object { "aggregatable": true, - "description": "Container image tag.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -347,11 +309,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "destination.address": Object { "aggregatable": true, - "description": "Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the \`.address\` field. Then it should be duplicated to \`.ip\` or \`.domain\`, depending on which one it is.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -364,11 +324,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "destination.bytes": Object { "aggregatable": true, - "description": "Bytes sent from the destination to the source.", "esTypes": Array [ "long", ], - "example": "184", "format": "", "indexes": Array [ "auditbeat", @@ -381,11 +339,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "destination.domain": Object { "aggregatable": true, - "description": "Destination domain.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -398,11 +354,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "destination.ip": Object { "aggregatable": true, - "description": "IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -415,11 +369,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "destination.port": Object { "aggregatable": true, - "description": "Port of the destination.", "esTypes": Array [ "long", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -436,11 +388,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "event.action": Object { "aggregatable": true, - "description": "The action captured by the event. This describes the information in the event. It is more specific than \`event.category\`. Examples are \`group-add\`, \`process-started\`, \`file-created\`. The value is normally defined by the implementer.", "esTypes": Array [ "keyword", ], - "example": "user-password-change", "format": "string", "indexes": Array [ "apm-*-transaction*", @@ -459,11 +409,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "event.category": Object { "aggregatable": true, - "description": "This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. \`event.category\` represents the \\"big buckets\\" of ECS categories. For example, filtering on \`event.category:process\` yields all events relating to process activity. This field is closely related to \`event.type\`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.", "esTypes": Array [ "keyword", ], - "example": "authentication", "format": "string", "indexes": Array [ "apm-*-transaction*", @@ -482,11 +430,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "event.end": Object { "aggregatable": true, - "description": "event.end contains the date when the event ended or when the activity was last observed.", "esTypes": Array [ "date", ], - "example": null, "format": "", "indexes": Array [ "apm-*-transaction*", @@ -505,11 +451,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "event.kind": Object { "aggregatable": true, - "description": "This defined the type of event eg. alerts", "esTypes": Array [ "keyword", ], - "example": "signal", "format": "string", "indexes": Array [ "apm-*-transaction*", @@ -528,11 +472,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "event.severity": Object { "aggregatable": true, - "description": "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in \`log.syslog.severity.code\`. \`event.severity\` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the \`log.syslog.severity.code\` to \`event.severity\`.", "esTypes": Array [ "long", ], - "example": 7, "format": "number", "indexes": Array [ "apm-*-transaction*", @@ -555,7 +497,6 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "host.name": Object { "aggregatable": true, - "description": "Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.", "esTypes": Array [ "keyword", ], @@ -581,8 +522,6 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "nestedField.firstAttributes": Object { "aggregatable": false, - "description": "", - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -600,8 +539,6 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "nestedField.secondAttributes": Object { "aggregatable": false, - "description": "", - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -619,8 +556,6 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "nestedField.thirdAttributes": Object { "aggregatable": false, - "description": "", - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -657,11 +592,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "source.ip": Object { "aggregatable": true, - "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -674,11 +607,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "source.port": Object { "aggregatable": true, - "description": "Port of the source.", "esTypes": Array [ "long", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -695,11 +626,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "user.name": Object { "aggregatable": true, - "description": "Short name or login of the user.", "esTypes": Array [ "keyword", ], - "example": "albert", "format": "string", "indexes": Array [ "auditbeat", diff --git a/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts b/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts index fc08b8eb81a9a..5b14d7919baf2 100644 --- a/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts +++ b/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts @@ -4,7 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { isString, keyBy } from 'lodash/fp'; +import { keyBy } from 'lodash/fp'; import type { DropResult } from '@hello-pangea/dnd'; import type { Dispatch } from 'redux'; import type { ActionCreator } from 'typescript-fsa'; @@ -232,8 +232,6 @@ export const addFieldToColumns = ({ scopedActions.upsertColumn({ column: { columnHeaderType: 'not-filtered', - description: isString(column.description) ? column.description : undefined, - example: isString(column.example) ? column.example : undefined, id: fieldId, linkField: linkFields[fieldId] ?? undefined, type: column.type, diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.test.tsx index 433cf98d8fa97..1ddc73207725a 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.test.tsx @@ -204,9 +204,7 @@ describe('EventFieldsBrowser', () => { expect( wrapper.find('[data-test-subj="field-name-cell"]').at(0).find('EuiToolTip').prop('content') - ).toContain( - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events. Example: 2016-05-23T08:05:34.853Z' - ); + ).toContain('Date/time when the event originated.'); }); }); }); diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/helpers.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/helpers.test.tsx index bcdec78fe0614..6e5f4f7217527 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/helpers.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/helpers.test.tsx @@ -5,29 +5,18 @@ * 2.0. */ -import { mockDetailItemData } from '../../mock/mock_detail_item'; - import { getExampleText, getIconFromType } from './helpers'; -import { mockBrowserFields } from '../../containers/source/mock'; - -const aField = { - ...mockDetailItemData[4], - ...mockBrowserFields.base.fields?.['@timestamp'], -}; describe('helpers', () => { describe('getExampleText', () => { test('it returns the expected example text when the field contains an example', () => { - expect(getExampleText(aField.example)).toEqual('Example: 2016-05-23T08:05:34.853Z'); + expect(getExampleText('2016-05-23T08:05:34.853Z')).toEqual( + 'Example: 2016-05-23T08:05:34.853Z' + ); }); test(`it returns an empty string when the field's example is an empty string`, () => { - const fieldWithEmptyExample = { - ...aField, - example: '', - }; - - expect(getExampleText(fieldWithEmptyExample.example)).toEqual(''); + expect(getExampleText('')).toEqual(''); }); }); diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/summary_view.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/summary_view.test.tsx index 8030aad826b5f..3848bb8a15295 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/summary_view.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/summary_view.test.tsx @@ -21,8 +21,6 @@ const eventId = 'TUWyf3wBFCFU0qRJTauW'; const hostIpValues = ['127.0.0.1', '::1', '10.1.2.3', '2001:0DB8:AC10:FE01::']; const hostIpFieldFromBrowserField: BrowserField = { aggregatable: true, - description: 'Host ip addresses.', - example: '127.0.0.1', fields: {}, format: '', indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'], diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/table/field_name_cell.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/table/field_name_cell.tsx index 1304c14f9044a..3ca3ae7a2b0c7 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/table/field_name_cell.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/table/field_name_cell.tsx @@ -10,11 +10,21 @@ import { EuiFlexGroup, EuiFlexItem, EuiBadge, EuiText, EuiToolTip } from '@elast import { isEmpty } from 'lodash'; import { FieldIcon } from '@kbn/react-field'; import type { DataViewField } from '@kbn/data-views-plugin/common'; +import { EcsFlat } from '@elastic/ecs'; import * as i18n from '../translations'; import { getExampleText } from '../helpers'; import type { EventFieldsData } from '../types'; import { getFieldTypeName } from './get_field_type_name'; +const getEcsField = (field: string): { example?: string; description?: string } | undefined => { + return EcsFlat[field as keyof typeof EcsFlat] as + | { + example?: string; + description?: string; + } + | undefined; +}; + export interface FieldNameCellProps { data: EventFieldsData; field: string; @@ -23,13 +33,11 @@ export interface FieldNameCellProps { } export const FieldNameCell = React.memo( ({ data, field, fieldMapping, scripted }: FieldNameCellProps) => { + const ecsField = getEcsField(field); const typeName = getFieldTypeName(data.type); // TODO: We don't have fieldMapping or isMultiField until kibana indexPatterns is implemented. Will default to field for now const displayName = fieldMapping && fieldMapping.displayName ? fieldMapping.displayName : field; const defaultTooltip = displayName !== field ? `${field} (${displayName})` : field; - // TODO: Remove. This is what was used to show the plaintext fieldName vs the tooltip one - // const showPlainTextName = - // (data.isObjectArray && data.type !== 'geo_point') || fieldFromBrowserField == null; const isMultiField = fieldMapping?.isSubtypeMulti(); return ( <> @@ -52,8 +60,8 @@ export const FieldNameCell = React.memo( { const messageData: EventFieldsData = { aggregatable: false, ariaRowindex: 50, - description: - 'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.', - example: 'Hello World', field: 'message', fields: {}, format: '', @@ -107,9 +102,6 @@ describe('FieldValueCell', () => { const messageFieldFromBrowserField: BrowserField = { aggregatable: false, - description: - 'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.', - example: 'Hello World', fields: {}, format: '', indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'], @@ -147,8 +139,6 @@ describe('FieldValueCell', () => { describe('when `BrowserField` metadata IS available', () => { const hostIpFieldFromBrowserField: BrowserField = { aggregatable: true, - description: 'Host ip addresses.', - example: '127.0.0.1', fields: {}, format: '', indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'], diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/table/prevalence_cell.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/table/prevalence_cell.test.tsx index 0ed62c23bd436..d48d7cd0fdaaf 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/table/prevalence_cell.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/table/prevalence_cell.test.tsx @@ -27,8 +27,6 @@ const eventId = 'TUWyf3wBFCFU0qRJTauW'; const hostIpValues = ['127.0.0.1', '::1', '10.1.2.3', '2001:0DB8:AC10:FE01::']; const hostIpFieldFromBrowserField: BrowserField = { aggregatable: true, - description: 'Host ip addresses.', - example: '127.0.0.1', fields: {}, format: '', indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'], diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/table/summary_value_cell.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/table/summary_value_cell.test.tsx index d0349079b8c8e..859d1b258c796 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/table/summary_value_cell.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/table/summary_value_cell.test.tsx @@ -24,8 +24,6 @@ const eventId = 'TUWyf3wBFCFU0qRJTauW'; const hostIpValues = ['127.0.0.1', '::1', '10.1.2.3', '2001:0DB8:AC10:FE01::']; const hostIpFieldFromBrowserField: BrowserField = { aggregatable: true, - description: 'Host ip addresses.', - example: '127.0.0.1', fields: {}, format: '', indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'], @@ -60,8 +58,6 @@ const enrichedAgentStatusData: AlertSummaryRow['description'] = { format: '', type: '', aggregatable: false, - description: '', - example: '', fields: {}, indexes: [], name: AGENT_STATUS_FIELD_NAME, diff --git a/x-pack/plugins/security_solution/public/common/containers/source/mock.ts b/x-pack/plugins/security_solution/public/common/containers/source/mock.ts index 6bbb2cb26d0ab..ad0a86d2490df 100644 --- a/x-pack/plugins/security_solution/public/common/containers/source/mock.ts +++ b/x-pack/plugins/security_solution/public/common/containers/source/mock.ts @@ -53,9 +53,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'agent.ephemeral_id': { aggregatable: true, - description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.ephemeral_id', @@ -65,8 +62,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.hostname': { aggregatable: true, - description: null, - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.hostname', @@ -76,9 +71,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.id': { aggregatable: true, - description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', - example: '8a4f500d', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.id', @@ -88,9 +80,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.name': { aggregatable: true, - description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', - example: 'foo', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.name', @@ -104,8 +93,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'auditd.data.a0': { aggregatable: true, - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a0', @@ -115,8 +102,6 @@ export const mockBrowserFields: BrowserFields = { }, 'auditd.data.a1': { aggregatable: true, - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a1', @@ -126,8 +111,6 @@ export const mockBrowserFields: BrowserFields = { }, 'auditd.data.a2': { aggregatable: true, - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a2', @@ -141,9 +124,6 @@ export const mockBrowserFields: BrowserFields = { fields: { '@timestamp': { aggregatable: true, - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - example: '2016-05-23T08:05:34.853Z', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: '@timestamp', @@ -153,8 +133,6 @@ export const mockBrowserFields: BrowserFields = { readFromDocValues: true, }, _id: { - description: 'Each document has an _id that uniquely identifies it', - example: 'Y-6TfmcB0WOhS6qyMv3s', name: '_id', type: 'string', esTypes: [], @@ -163,9 +141,6 @@ export const mockBrowserFields: BrowserFields = { indexes: ['auditbeat', 'filebeat', 'packetbeat'], }, message: { - description: - 'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.', - example: 'Hello World', name: 'message', type: 'string', esTypes: ['text'], @@ -180,9 +155,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'client.address': { aggregatable: true, - description: - 'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.address', @@ -192,8 +164,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.bytes': { aggregatable: true, - description: 'Bytes sent from the client to the server.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.bytes', @@ -203,8 +173,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.domain': { aggregatable: true, - description: 'Client domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.domain', @@ -214,8 +182,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.geo.country_iso_code': { aggregatable: true, - description: 'Country ISO code.', - example: 'CA', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.geo.country_iso_code', @@ -229,9 +195,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'cloud.account.id': { aggregatable: true, - description: - 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.', - example: '666777888999', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.account.id', @@ -241,8 +204,6 @@ export const mockBrowserFields: BrowserFields = { }, 'cloud.availability_zone': { aggregatable: true, - description: 'Availability zone in which this host is running.', - example: 'us-east-1c', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.availability_zone', @@ -256,8 +217,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'container.id': { aggregatable: true, - description: 'Unique container id.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.id', @@ -267,8 +226,6 @@ export const mockBrowserFields: BrowserFields = { }, 'container.image.name': { aggregatable: true, - description: 'Name of the image the container was built on.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.name', @@ -278,8 +235,6 @@ export const mockBrowserFields: BrowserFields = { }, 'container.image.tag': { aggregatable: true, - description: 'Container image tag.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.tag', @@ -293,9 +248,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'destination.address': { aggregatable: true, - description: - 'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.address', @@ -305,8 +257,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.bytes': { aggregatable: true, - description: 'Bytes sent from the destination to the source.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.bytes', @@ -316,8 +266,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.domain': { aggregatable: true, - description: 'Destination domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.domain', @@ -327,9 +275,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.ip': { aggregatable: true, - description: - 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.ip', @@ -339,8 +284,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.port': { aggregatable: true, - description: 'Port of the destination.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.port', @@ -353,9 +296,6 @@ export const mockBrowserFields: BrowserFields = { event: { fields: { 'event.end': { - description: - 'event.end contains the date when the event ended or when the activity was last observed.', - example: null, format: '', indexes: DEFAULT_INDEX_PATTERN, name: 'event.end', @@ -365,9 +305,6 @@ export const mockBrowserFields: BrowserFields = { aggregatable: true, }, 'event.action': { - description: - 'The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer.', - example: 'user-password-change', name: 'event.action', type: 'string', esTypes: ['keyword'], @@ -377,9 +314,6 @@ export const mockBrowserFields: BrowserFields = { indexes: DEFAULT_INDEX_PATTERN, }, 'event.category': { - description: - 'This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.', - example: 'authentication', name: 'event.category', type: 'string', esTypes: ['keyword'], @@ -389,9 +323,6 @@ export const mockBrowserFields: BrowserFields = { indexes: DEFAULT_INDEX_PATTERN, }, 'event.severity': { - description: - "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`.", - example: 7, name: 'event.severity', type: 'number', esTypes: ['long'], @@ -401,8 +332,6 @@ export const mockBrowserFields: BrowserFields = { indexes: DEFAULT_INDEX_PATTERN, }, 'event.kind': { - description: 'This defined the type of event eg. alerts', - example: 'signal', name: 'event.kind', type: 'string', esTypes: ['keyword'], @@ -416,8 +345,6 @@ export const mockBrowserFields: BrowserFields = { host: { fields: { 'host.name': { - description: - 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.', name: 'host.name', type: 'string', esTypes: ['keyword'], @@ -432,8 +359,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'source.ip': { aggregatable: true, - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.ip', @@ -443,8 +368,6 @@ export const mockBrowserFields: BrowserFields = { }, 'source.port': { aggregatable: true, - description: 'Port of the source.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.port', @@ -457,8 +380,6 @@ export const mockBrowserFields: BrowserFields = { user: { fields: { 'user.name': { - description: 'Short name or login of the user.', - example: 'albert', name: 'user.name', type: 'string', esTypes: ['keyword'], @@ -473,8 +394,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'nestedField.firstAttributes': { aggregatable: false, - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.firstAttributes', @@ -488,8 +407,6 @@ export const mockBrowserFields: BrowserFields = { }, 'nestedField.secondAttributes': { aggregatable: false, - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.secondAttributes', @@ -503,8 +420,6 @@ export const mockBrowserFields: BrowserFields = { }, 'nestedField.thirdAttributes': { aggregatable: false, - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.thirdAttributes', diff --git a/x-pack/plugins/security_solution/public/sourcerer/containers/mocks.ts b/x-pack/plugins/security_solution/public/sourcerer/containers/mocks.ts index 2bce14ddcadf0..a763383f4a731 100644 --- a/x-pack/plugins/security_solution/public/sourcerer/containers/mocks.ts +++ b/x-pack/plugins/security_solution/public/sourcerer/containers/mocks.ts @@ -28,9 +28,7 @@ export const mockSourcererScope: SelectedDataView = { fields: { _id: { aggregatable: false, - description: 'Each document has an _id that uniquely identifies it', esTypes: undefined, - example: 'Y-6TfmcB0WOhS6qyMv3s', format: undefined, indexes: mockPatterns, name: '_id', diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap index d197cc88f46e0..6844342e8b2f0 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap @@ -9,11 +9,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "agent.ephemeral_id": Object { "aggregatable": true, - "description": "Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but \`agent.id\` does not.", "esTypes": Array [ "keyword", ], - "example": "8a4f500f", "format": "", "indexes": Array [ "auditbeat", @@ -26,11 +24,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "agent.hostname": Object { "aggregatable": true, - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -43,11 +39,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "agent.id": Object { "aggregatable": true, - "description": "Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.", "esTypes": Array [ "keyword", ], - "example": "8a4f500d", "format": "", "indexes": Array [ "auditbeat", @@ -60,11 +54,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "agent.name": Object { "aggregatable": true, - "description": "Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.", "esTypes": Array [ "keyword", ], - "example": "foo", "format": "", "indexes": Array [ "auditbeat", @@ -81,11 +73,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "auditd.data.a0": Object { "aggregatable": true, - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -96,11 +86,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "auditd.data.a1": Object { "aggregatable": true, - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -111,11 +99,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "auditd.data.a2": Object { "aggregatable": true, - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -130,11 +116,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "@timestamp": Object { "aggregatable": true, - "description": "Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.", "esTypes": Array [ "date", ], - "example": "2016-05-23T08:05:34.853Z", "format": "", "indexes": Array [ "auditbeat", @@ -148,9 +132,7 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "_id": Object { "aggregatable": false, - "description": "Each document has an _id that uniquely identifies it", "esTypes": Array [], - "example": "Y-6TfmcB0WOhS6qyMv3s", "indexes": Array [ "auditbeat", "filebeat", @@ -162,11 +144,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "message": Object { "aggregatable": false, - "description": "For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.", "esTypes": Array [ "text", ], - "example": "Hello World", "format": "string", "indexes": Array [ "auditbeat", @@ -183,11 +163,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "client.address": Object { "aggregatable": true, - "description": "Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the \`.address\` field. Then it should be duplicated to \`.ip\` or \`.domain\`, depending on which one it is.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -200,11 +178,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "client.bytes": Object { "aggregatable": true, - "description": "Bytes sent from the client to the server.", "esTypes": Array [ "long", ], - "example": "184", "format": "", "indexes": Array [ "auditbeat", @@ -217,11 +193,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "client.domain": Object { "aggregatable": true, - "description": "Client domain.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -234,11 +208,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "client.geo.country_iso_code": Object { "aggregatable": true, - "description": "Country ISO code.", "esTypes": Array [ "keyword", ], - "example": "CA", "format": "", "indexes": Array [ "auditbeat", @@ -255,11 +227,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "cloud.account.id": Object { "aggregatable": true, - "description": "The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.", "esTypes": Array [ "keyword", ], - "example": "666777888999", "format": "", "indexes": Array [ "auditbeat", @@ -272,11 +242,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "cloud.availability_zone": Object { "aggregatable": true, - "description": "Availability zone in which this host is running.", "esTypes": Array [ "keyword", ], - "example": "us-east-1c", "format": "", "indexes": Array [ "auditbeat", @@ -293,11 +261,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "container.id": Object { "aggregatable": true, - "description": "Unique container id.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -310,11 +276,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "container.image.name": Object { "aggregatable": true, - "description": "Name of the image the container was built on.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -327,11 +291,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "container.image.tag": Object { "aggregatable": true, - "description": "Container image tag.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -348,11 +310,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "destination.address": Object { "aggregatable": true, - "description": "Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the \`.address\` field. Then it should be duplicated to \`.ip\` or \`.domain\`, depending on which one it is.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -365,11 +325,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "destination.bytes": Object { "aggregatable": true, - "description": "Bytes sent from the destination to the source.", "esTypes": Array [ "long", ], - "example": "184", "format": "", "indexes": Array [ "auditbeat", @@ -382,11 +340,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "destination.domain": Object { "aggregatable": true, - "description": "Destination domain.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -399,11 +355,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "destination.ip": Object { "aggregatable": true, - "description": "IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -416,11 +370,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "destination.port": Object { "aggregatable": true, - "description": "Port of the destination.", "esTypes": Array [ "long", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -437,11 +389,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "event.action": Object { "aggregatable": true, - "description": "The action captured by the event. This describes the information in the event. It is more specific than \`event.category\`. Examples are \`group-add\`, \`process-started\`, \`file-created\`. The value is normally defined by the implementer.", "esTypes": Array [ "keyword", ], - "example": "user-password-change", "format": "string", "indexes": Array [ "apm-*-transaction*", @@ -460,11 +410,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "event.category": Object { "aggregatable": true, - "description": "This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. \`event.category\` represents the \\"big buckets\\" of ECS categories. For example, filtering on \`event.category:process\` yields all events relating to process activity. This field is closely related to \`event.type\`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.", "esTypes": Array [ "keyword", ], - "example": "authentication", "format": "string", "indexes": Array [ "apm-*-transaction*", @@ -483,11 +431,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "event.end": Object { "aggregatable": true, - "description": "event.end contains the date when the event ended or when the activity was last observed.", "esTypes": Array [ "date", ], - "example": null, "format": "", "indexes": Array [ "apm-*-transaction*", @@ -506,11 +452,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "event.kind": Object { "aggregatable": true, - "description": "This defined the type of event eg. alerts", "esTypes": Array [ "keyword", ], - "example": "signal", "format": "string", "indexes": Array [ "apm-*-transaction*", @@ -529,11 +473,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "event.severity": Object { "aggregatable": true, - "description": "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in \`log.syslog.severity.code\`. \`event.severity\` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the \`log.syslog.severity.code\` to \`event.severity\`.", "esTypes": Array [ "long", ], - "example": 7, "format": "number", "indexes": Array [ "apm-*-transaction*", @@ -556,7 +498,6 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "host.name": Object { "aggregatable": true, - "description": "Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.", "esTypes": Array [ "keyword", ], @@ -582,8 +523,6 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "nestedField.firstAttributes": Object { "aggregatable": false, - "description": "", - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -601,8 +540,6 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "nestedField.secondAttributes": Object { "aggregatable": false, - "description": "", - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -620,8 +557,6 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "nestedField.thirdAttributes": Object { "aggregatable": false, - "description": "", - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -658,11 +593,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "source.ip": Object { "aggregatable": true, - "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -675,11 +608,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "source.port": Object { "aggregatable": true, - "description": "Port of the source.", "esTypes": Array [ "long", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -696,11 +627,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "user.name": Object { "aggregatable": true, - "description": "Short name or login of the user.", "esTypes": Array [ "keyword", ], - "example": "albert", "format": "string", "indexes": Array [ "auditbeat", diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.test.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.test.ts index 5f56dfbf0bf06..b205f7c73a94e 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.test.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.test.ts @@ -106,9 +106,6 @@ describe('helpers', () => { { aggregatable: true, columnHeaderType: 'not-filtered', - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - example: '2016-05-23T08:05:34.853Z', format: '', id: '@timestamp', indexes: ['auditbeat', 'filebeat', 'packetbeat'], @@ -122,8 +119,6 @@ describe('helpers', () => { { aggregatable: true, columnHeaderType: 'not-filtered', - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', id: 'source.ip', indexes: ['auditbeat', 'filebeat', 'packetbeat'], @@ -136,9 +131,6 @@ describe('helpers', () => { { aggregatable: true, columnHeaderType: 'not-filtered', - description: - 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', id: 'destination.ip', indexes: ['auditbeat', 'filebeat', 'packetbeat'], @@ -168,9 +160,7 @@ describe('helpers', () => { { aggregatable: false, columnHeaderType: 'not-filtered', - description: 'Each document has an _id that uniquely identifies it', esTypes: [], - example: 'Y-6TfmcB0WOhS6qyMv3s', id: '_id', indexes: ['auditbeat', 'filebeat', 'packetbeat'], initialWidth: 180, diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/__snapshots__/use_timeline_columns.test.ts.snap b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/__snapshots__/use_timeline_columns.test.ts.snap index 8e42f726a7e15..709438a5fcb74 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/__snapshots__/use_timeline_columns.test.ts.snap +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/__snapshots__/use_timeline_columns.test.ts.snap @@ -5,11 +5,9 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.", "esTypes": Array [ "date", ], - "example": "2016-05-23T08:05:34.853Z", "format": "", "id": "@timestamp", "indexes": Array [ @@ -26,11 +24,9 @@ Array [ Object { "aggregatable": false, "columnHeaderType": "not-filtered", - "description": "For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.", "esTypes": Array [ "text", ], - "example": "Hello World", "format": "string", "id": "message", "indexes": Array [ @@ -46,11 +42,9 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. \`event.category\` represents the \\"big buckets\\" of ECS categories. For example, filtering on \`event.category:process\` yields all events relating to process activity. This field is closely related to \`event.type\`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.", "esTypes": Array [ "keyword", ], - "example": "authentication", "format": "string", "id": "event.category", "indexes": Array [ @@ -72,11 +66,9 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "The action captured by the event. This describes the information in the event. It is more specific than \`event.category\`. Examples are \`group-add\`, \`process-started\`, \`file-created\`. The value is normally defined by the implementer.", "esTypes": Array [ "keyword", ], - "example": "user-password-change", "format": "string", "id": "event.action", "indexes": Array [ @@ -98,7 +90,6 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.", "esTypes": Array [ "keyword", ], @@ -123,11 +114,9 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "id": "source.ip", "indexes": Array [ @@ -143,11 +132,9 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "id": "destination.ip", "indexes": Array [ @@ -163,11 +150,9 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "Short name or login of the user.", "esTypes": Array [ "keyword", ], - "example": "albert", "format": "string", "id": "user.name", "indexes": Array [ @@ -188,11 +173,9 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.", "esTypes": Array [ "date", ], - "example": "2016-05-23T08:05:34.853Z", "format": "", "id": "@timestamp", "indexes": Array [ @@ -209,11 +192,9 @@ Array [ Object { "aggregatable": false, "columnHeaderType": "not-filtered", - "description": "For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.", "esTypes": Array [ "text", ], - "example": "Hello World", "format": "string", "id": "message", "indexes": Array [ @@ -229,11 +210,9 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. \`event.category\` represents the \\"big buckets\\" of ECS categories. For example, filtering on \`event.category:process\` yields all events relating to process activity. This field is closely related to \`event.type\`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.", "esTypes": Array [ "keyword", ], - "example": "authentication", "format": "string", "id": "event.category", "indexes": Array [ @@ -254,11 +233,9 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "The action captured by the event. This describes the information in the event. It is more specific than \`event.category\`. Examples are \`group-add\`, \`process-started\`, \`file-created\`. The value is normally defined by the implementer.", "esTypes": Array [ "keyword", ], - "example": "user-password-change", "format": "string", "id": "event.action", "indexes": Array [ @@ -279,7 +256,6 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.", "esTypes": Array [ "keyword", ], @@ -303,11 +279,9 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "id": "source.ip", "indexes": Array [ @@ -322,11 +296,9 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "id": "destination.ip", "indexes": Array [ @@ -341,11 +313,9 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "Short name or login of the user.", "esTypes": Array [ "keyword", ], - "example": "albert", "format": "string", "id": "user.name", "indexes": Array [ @@ -365,11 +335,9 @@ Array [ Object { "aggregatable": true, "columnHeaderType": "not-filtered", - "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "id": "source.ip", "indexes": Array [ diff --git a/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts b/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts index efc66d0a7dbca..81b681dfd812b 100644 --- a/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts +++ b/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts @@ -76,8 +76,6 @@ export interface IndexFieldsStrategyResponse extends IEsSearchResponse { */ export interface BrowserField { aggregatable: boolean; - description: string | null; // FIXME: replace with customDescription or EcsFlat - example: string | number | null; // FIXME: not there, could be pulled from the ecs fields: Record>; // FIXME: missing in FieldSpec format: string; indexes: string[]; // FIXME: missing in FieldSpec diff --git a/x-pack/plugins/timelines/public/mock/browser_fields.ts b/x-pack/plugins/timelines/public/mock/browser_fields.ts index a65dda5c0aa49..eb7acfd9484c0 100644 --- a/x-pack/plugins/timelines/public/mock/browser_fields.ts +++ b/x-pack/plugins/timelines/public/mock/browser_fields.ts @@ -23,9 +23,6 @@ export const mocksSource = { indexFields: [ { category: 'base', - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - example: '2016-05-23T08:05:34.853Z', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: '@timestamp', @@ -35,9 +32,6 @@ export const mocksSource = { }, { category: 'agent', - description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.ephemeral_id', @@ -47,8 +41,6 @@ export const mocksSource = { }, { category: 'agent', - description: null, - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.hostname', @@ -58,9 +50,6 @@ export const mocksSource = { }, { category: 'agent', - description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', - example: '8a4f500d', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.id', @@ -70,9 +59,6 @@ export const mocksSource = { }, { category: 'agent', - description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', - example: 'foo', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.name', @@ -82,8 +68,6 @@ export const mocksSource = { }, { category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a0', @@ -93,8 +77,6 @@ export const mocksSource = { }, { category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a1', @@ -104,8 +86,6 @@ export const mocksSource = { }, { category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a2', @@ -115,9 +95,6 @@ export const mocksSource = { }, { category: 'client', - description: - 'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.address', @@ -127,8 +104,6 @@ export const mocksSource = { }, { category: 'client', - description: 'Bytes sent from the client to the server.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.bytes', @@ -138,8 +113,6 @@ export const mocksSource = { }, { category: 'client', - description: 'Client domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.domain', @@ -149,8 +122,6 @@ export const mocksSource = { }, { category: 'client', - description: 'Country ISO code.', - example: 'CA', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.geo.country_iso_code', @@ -160,9 +131,6 @@ export const mocksSource = { }, { category: 'cloud', - description: - 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.', - example: '666777888999', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.account.id', @@ -172,8 +140,6 @@ export const mocksSource = { }, { category: 'cloud', - description: 'Availability zone in which this host is running.', - example: 'us-east-1c', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.availability_zone', @@ -183,8 +149,6 @@ export const mocksSource = { }, { category: 'container', - description: 'Unique container id.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.id', @@ -194,8 +158,6 @@ export const mocksSource = { }, { category: 'container', - description: 'Name of the image the container was built on.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.name', @@ -205,8 +167,6 @@ export const mocksSource = { }, { category: 'container', - description: 'Container image tag.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.tag', @@ -216,9 +176,6 @@ export const mocksSource = { }, { category: 'destination', - description: - 'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.address', @@ -228,8 +185,6 @@ export const mocksSource = { }, { category: 'destination', - description: 'Bytes sent from the destination to the source.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.bytes', @@ -239,8 +194,6 @@ export const mocksSource = { }, { category: 'destination', - description: 'Destination domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.domain', @@ -251,8 +204,6 @@ export const mocksSource = { { aggregatable: true, category: 'destination', - description: 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.ip', @@ -262,8 +213,6 @@ export const mocksSource = { { aggregatable: true, category: 'destination', - description: 'Port of the destination.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.port', @@ -273,8 +222,6 @@ export const mocksSource = { { aggregatable: true, category: 'source', - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.ip', @@ -284,8 +231,6 @@ export const mocksSource = { { aggregatable: true, category: 'source', - description: 'Port of the source.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.port', @@ -295,9 +240,6 @@ export const mocksSource = { { aggregatable: true, category: 'event', - description: - 'event.end contains the date when the event ended or when the activity was last observed.', - example: null, format: '', indexes: DEFAULT_INDEX_PATTERN, name: 'event.end', @@ -307,8 +249,6 @@ export const mocksSource = { { aggregatable: false, category: 'nestedField', - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.firstAttributes', @@ -323,8 +263,6 @@ export const mocksSource = { { aggregatable: false, category: 'nestedField', - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.secondAttributes', @@ -372,9 +310,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'agent.ephemeral_id': { aggregatable: true, - description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.ephemeral_id', @@ -383,8 +318,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.hostname': { aggregatable: true, - description: null, - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.hostname', @@ -393,9 +326,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.id': { aggregatable: true, - description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', - example: '8a4f500d', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.id', @@ -404,9 +334,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.name': { aggregatable: true, - description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', - example: 'foo', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.name', @@ -419,8 +346,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'auditd.data.a0': { aggregatable: true, - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a0', @@ -429,8 +354,6 @@ export const mockBrowserFields: BrowserFields = { }, 'auditd.data.a1': { aggregatable: true, - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a1', @@ -439,8 +362,6 @@ export const mockBrowserFields: BrowserFields = { }, 'auditd.data.a2': { aggregatable: true, - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a2', @@ -453,9 +374,6 @@ export const mockBrowserFields: BrowserFields = { fields: { '@timestamp': { aggregatable: true, - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - example: '2016-05-23T08:05:34.853Z', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: '@timestamp', @@ -463,8 +381,6 @@ export const mockBrowserFields: BrowserFields = { type: 'date', }, _id: { - description: 'Each document has an _id that uniquely identifies it', - example: 'Y-6TfmcB0WOhS6qyMv3s', name: '_id', type: 'string', searchable: true, @@ -472,9 +388,6 @@ export const mockBrowserFields: BrowserFields = { indexes: ['auditbeat', 'filebeat', 'packetbeat'], }, message: { - description: - 'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.', - example: 'Hello World', name: 'message', type: 'string', searchable: true, @@ -488,9 +401,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'client.address': { aggregatable: true, - description: - 'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.address', @@ -499,8 +409,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.bytes': { aggregatable: true, - description: 'Bytes sent from the client to the server.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.bytes', @@ -509,8 +417,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.domain': { aggregatable: true, - description: 'Client domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.domain', @@ -519,8 +425,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.geo.country_iso_code': { aggregatable: true, - description: 'Country ISO code.', - example: 'CA', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.geo.country_iso_code', @@ -533,9 +437,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'cloud.account.id': { aggregatable: true, - description: - 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.', - example: '666777888999', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.account.id', @@ -544,8 +445,6 @@ export const mockBrowserFields: BrowserFields = { }, 'cloud.availability_zone': { aggregatable: true, - description: 'Availability zone in which this host is running.', - example: 'us-east-1c', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.availability_zone', @@ -558,8 +457,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'container.id': { aggregatable: true, - description: 'Unique container id.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.id', @@ -568,8 +465,6 @@ export const mockBrowserFields: BrowserFields = { }, 'container.image.name': { aggregatable: true, - description: 'Name of the image the container was built on.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.name', @@ -578,8 +473,6 @@ export const mockBrowserFields: BrowserFields = { }, 'container.image.tag': { aggregatable: true, - description: 'Container image tag.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.tag', @@ -592,9 +485,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'destination.address': { aggregatable: true, - description: - 'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.address', @@ -603,8 +493,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.bytes': { aggregatable: true, - description: 'Bytes sent from the destination to the source.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.bytes', @@ -613,8 +501,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.domain': { aggregatable: true, - description: 'Destination domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.domain', @@ -623,9 +509,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.ip': { aggregatable: true, - description: - 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.ip', @@ -634,8 +517,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.port': { aggregatable: true, - description: 'Port of the destination.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.port', @@ -647,9 +528,6 @@ export const mockBrowserFields: BrowserFields = { event: { fields: { 'event.end': { - description: - 'event.end contains the date when the event ended or when the activity was last observed.', - example: null, format: '', indexes: DEFAULT_INDEX_PATTERN, name: 'event.end', @@ -658,9 +536,6 @@ export const mockBrowserFields: BrowserFields = { aggregatable: true, }, 'event.action': { - description: - 'The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer.', - example: 'user-password-change', name: 'event.action', type: 'string', searchable: true, @@ -669,9 +544,6 @@ export const mockBrowserFields: BrowserFields = { indexes: DEFAULT_INDEX_PATTERN, }, 'event.category': { - description: - 'This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.', - example: 'authentication', name: 'event.category', type: 'string', searchable: true, @@ -680,9 +552,6 @@ export const mockBrowserFields: BrowserFields = { indexes: DEFAULT_INDEX_PATTERN, }, 'event.severity': { - description: - "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`.", - example: 7, name: 'event.severity', type: 'number', format: 'number', @@ -695,8 +564,6 @@ export const mockBrowserFields: BrowserFields = { host: { fields: { 'host.name': { - description: - 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.', name: 'host.name', type: 'string', searchable: true, @@ -710,8 +577,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'source.ip': { aggregatable: true, - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.ip', @@ -720,8 +585,6 @@ export const mockBrowserFields: BrowserFields = { }, 'source.port': { aggregatable: true, - description: 'Port of the source.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.port', @@ -733,8 +596,6 @@ export const mockBrowserFields: BrowserFields = { user: { fields: { 'user.name': { - description: 'Short name or login of the user.', - example: 'albert', name: 'user.name', type: 'string', searchable: true, @@ -748,8 +609,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'nestedField.firstAttributes': { aggregatable: false, - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.firstAttributes', @@ -763,8 +622,6 @@ export const mockBrowserFields: BrowserFields = { }, 'nestedField.secondAttributes': { aggregatable: false, - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.secondAttributes', @@ -778,8 +635,6 @@ export const mockBrowserFields: BrowserFields = { }, 'nestedField.thirdAttributes': { aggregatable: false, - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.thirdAttributes',