Closed machadoum closed 4 days ago
Pinging @elastic/security-solution (Team: SecuritySolution)
Pinging @elastic/security-entity-analytics (Team:Entity Analytics)
@jcoyne-elastic Hi Jordyn. This PR captures the new Service entity fields we are targeting for the next release. Does customer 0 include or use service.name values in your events? Are these service.* fields satisfactory?
We do use service.name in some autditbeat logs, @aarju do you know when service.* is specifically used and what fields we would look to add to a service entity store if relevant?
@joedatlive @jaredburgettelastic On this PR, I am collecting all values for all service fields. We might want to store only the most recent value for some fields, as we do for risk score and asset criticality. If so, let me know which field should have this behaviour.
Some candidates: service.state
and service.version
Starting backport for target branches: 8.x
Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app
id | before | after | diff |
---|---|---|---|
securitySolution |
14.6MB | 14.6MB | +136.0B |
Size of the bundles that are downloaded on every page load. Target size is below 100kb
id | before | after | diff |
---|---|---|---|
securitySolution |
87.8KB | 87.9KB | +29.0B |
cc @machadoum
Status | Branch | Result |
---|---|---|
❌ | 8.x | Backport failed because of merge conflicts |
To create the backport manually run:
node scripts/backport --pr 202344
Please refer to the Backport tool documentation
Status | Branch | Result |
---|---|---|
✅ | 8.x |
Note: Successful backport PRs will be merged automatically after passing CI.
Please refer to the Backport tool documentation
Summary
Service Definition:
https://github.com/elastic/kibana/pull/202344/files#diff-42c7dd345e0500c97f85824904a70a11162827ea8f8df6982082a9047ca04ff1
Acceptance Criteria
service.name
Stored Entity
How to test it?
Create mappings
Create document
``` PUT /logs-test POST logs-test/_doc { "service": { "name": "test123 name", "address": "test123 address", "environment": "test123 environment", "ephemeral_id": "test123 ephemeral_id", "id": "test123 id", "node.roles": "test123 node roles", "node.name": "test123 node name", "state": "test123 state", "type": "test123 type", "version": "test123 version" }, "@timestamp": "2024-12-02T10:43:13.856Z" } ````GET .entities.v1.latest.security_service_default/_search
Open Questions