search

Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.21k stars 1.05k forks source link

Add associated_assets field to Events #19740

Closed danotorrey closed 4 days ago

danotorrey commented 1 week ago

Description

Add support for the associated_assets (string id array) field to Events. Also updates the event mapping accordingly. This field needs to be present at the top-level of the Event, since (similar to the Message object), it must be an array in order to support effective/efficient search filtering.

Motivation and Context

Server changes needed for https://github.com/Graylog2/graylog-plugin-enterprise/issues/7475

Corresponding Enterprise PR: https://github.com/Graylog2/graylog-plugin-enterprise/pull/7603

How Has This Been Tested?

Verified that the new events mapping is applied successfully when the Graylog Events index is rotated. Subsequent events index successfully. See additional testing notes in corresponding PR.

/nocl

danotorrey commented 5 days ago

Thanks for the feedback/testing/reviews @ryan-carroll-graylog @kingzacko1! I will wait on merging these until tomorrow in case anyone else has feedback.