From e62aa44a82c64bc7e9c39c3bef0ba226f95af5db Mon Sep 17 00:00:00 2001 From: fgierlinger <2966031+fgierlinger@users.noreply.github.com> Date: Fri, 6 Oct 2023 20:22:03 +0200 Subject: [PATCH 1/4] docs: fixes loglsyslog.severity.name description --- schemas/log.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schemas/log.yml b/schemas/log.yml index 2d90ef0a96..5831cf1541 100644 --- a/schemas/log.yml +++ b/schemas/log.yml @@ -119,7 +119,7 @@ example: Error short: Syslog text-based severity of the event. description: > - The Syslog numeric severity of the log event, if available. + The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source's text severity should go to `log.level`. From d6213e7a3a30075b6ae0f4f2dc188e9044c1883b Mon Sep 17 00:00:00 2001 From: fgierlinger <2966031+fgierlinger@users.noreply.github.com> Date: Fri, 6 Oct 2023 20:24:19 +0200 Subject: [PATCH 2/4] add artifacts --- docs/fields/field-details.asciidoc | 2 +- experimental/generated/beats/fields.ecs.yml | 2 +- experimental/generated/ecs/ecs_flat.yml | 2 +- experimental/generated/ecs/ecs_nested.yml | 2 +- generated/beats/fields.ecs.yml | 2 +- generated/ecs/ecs_flat.yml | 2 +- generated/ecs/ecs_nested.yml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc index b71ae31f60..8cd6f45b6e 100644 --- a/docs/fields/field-details.asciidoc +++ b/docs/fields/field-details.asciidoc @@ -5910,7 +5910,7 @@ example: `3` [[field-log-syslog-severity-name]] <> -a| The Syslog numeric severity of the log event, if available. +a| The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source's text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`. diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 27ee873efa..9b2950d359 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -3965,7 +3965,7 @@ level: extended type: keyword ignore_above: 1024 - description: 'The Syslog numeric severity of the log event, if available. + description: 'The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source''s text severity should go to `log.level`. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 9b74b8e01a..701500a314 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -6502,7 +6502,7 @@ log.syslog.severity.code: type: long log.syslog.severity.name: dashed_name: log-syslog-severity-name - description: 'The Syslog numeric severity of the log event, if available. + description: 'The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source''s text severity should go to `log.level`. If diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 0eee0300d9..a31d8b6e1a 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -7990,7 +7990,7 @@ log: type: long log.syslog.severity.name: dashed_name: log-syslog-severity-name - description: 'The Syslog numeric severity of the log event, if available. + description: 'The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source''s text severity should go to `log.level`. diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 0c45bd930d..f58a6523f2 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -3915,7 +3915,7 @@ level: extended type: keyword ignore_above: 1024 - description: 'The Syslog numeric severity of the log event, if available. + description: 'The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source''s text severity should go to `log.level`. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index e5f035baa7..b933e4cdbe 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -6433,7 +6433,7 @@ log.syslog.severity.code: type: long log.syslog.severity.name: dashed_name: log-syslog-severity-name - description: 'The Syslog numeric severity of the log event, if available. + description: 'The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source''s text severity should go to `log.level`. If diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 048948d37f..f32a4807a0 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -7910,7 +7910,7 @@ log: type: long log.syslog.severity.name: dashed_name: log-syslog-severity-name - description: 'The Syslog numeric severity of the log event, if available. + description: 'The Syslog text-based severity of the log event, if available. If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source''s text severity should go to `log.level`. From 47b6906c53185967bc5cfd95a79fd03edb36873c Mon Sep 17 00:00:00 2001 From: fgierlinger <2966031+fgierlinger@users.noreply.github.com> Date: Fri, 6 Oct 2023 20:42:57 +0200 Subject: [PATCH 3/4] docs: update CHANGELOG --- CHANGELOG.next.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 029229ee84..74e300f7c0 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -18,6 +18,8 @@ Thanks, you're awesome :-) --> #### Improvements +Updated description for 'syslog.severity.name' to clarify that the type is text-based. #2290 + #### Deprecated ### Tooling and Artifact Changes @@ -30,6 +32,8 @@ Thanks, you're awesome :-) --> #### Improvements + + #### Deprecated From 751eb5ab8f7f83bd29a057905dcb027c232371d6 Mon Sep 17 00:00:00 2001 From: fgierlinger <2966031+fgierlinger@users.noreply.github.com> Date: Wed, 18 Oct 2023 21:49:02 +0200 Subject: [PATCH 4/4] docs: move changelog to bugfix category --- CHANGELOG.next.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 74e300f7c0..f867516024 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -14,12 +14,12 @@ Thanks, you're awesome :-) --> #### Bugfixes +Updated description for 'syslog.severity.name' to clarify that the type is text-based. #2290 + #### Added #### Improvements -Updated description for 'syslog.severity.name' to clarify that the type is text-based. #2290 - #### Deprecated ### Tooling and Artifact Changes