[Automatic Import] Ensure the @timestamp field is present

elastic / kibana

Your window into the Elastic Stack

https://www.elastic.co/products/kibana

Other

19.79k stars 8.19k forks source link

[Automatic Import] Ensure the @timestamp field is present #196040

Open ilyannn opened 1 day ago

ilyannn commented 1 day ago

Context

A lot of our generated integrations don't have this field, even though it's very important. Examples in https://github.com/elastic/kibana/pull/194386

Action Item

When mapping to ECS fields, we ask the LLM to explicitly map to @timestamp. Possibly make it an error if there is no timestamp field in the mapping.

elasticmachine commented 1 day ago

Pinging @elastic/security-scalability (Team:Security-Scalability)