[Box Events] Update field mapping to account for non-boolean values#17413
[Box Events] Update field mapping to account for non-boolean values#17413
Conversation
efd6
left a comment
efd6
left a comment
There was a problem hiding this comment.
This needs an elastic-package build (or just the application of the following diff):
diff --git a/packages/box_events/docs/README.md b/packages/box_events/docs/README.md
index 1b09c46a4d..f3437d7c42 100644
--- a/packages/box_events/docs/README.md
+++ b/packages/box_events/docs/README.md
@@ -227,7 +227,7 @@ Preserves a raw copy of the original event, added to the field `event.original`.
| box.source.item_status | Defines if this item has been deleted or not. active when the item has is not in the trash trashed when the item has been moved to the trash but not deleted deleted when the item has been permanently deleted. Value is one of `active`, `trashed`, `deleted` | keyword |
| box.source.job_title | User job title | boolean |
| box.source.language | User preferred language | boolean |
-| box.source.login | User login | boolean |
+| box.source.login | User login | keyword |
| box.source.max_upload_size | Max upload size | boolean |
| box.source.modified_at | The date and time at which this folder was last updated | date |
| box.source.modified_by.id | The unique identifier for this user that last modified the file. | keyword |Can you add a test for this? There is no event in the pipeline tests for this field, which is presumably why it has persisted so long.
andrewkroh
added
Integration:box_events
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
|
Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as |
✅ Vale Linting ResultsNo issues found on modified lines! The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale. |
@efd6 Sorry for the delay. This should be done. Can you re-review please? |
KyleOnK8s
force-pushed
the
kyleonk8s-box-events-field-remap
branch
from
d5f2794 to
3beafdc
Compare
|
/test |
andrewkroh
added
the
documentation
efd6
left a comment
efd6
left a comment
There was a problem hiding this comment.
Please make the change in the fields.yml and then regenerate the documentation with elastic-package build.
🚀 Benchmarks reportTo see the full report comment with |
|
Can you use the text that I suggested? At the moment, it is not grammatically correct. |
|
@efd6 done. Sorry, I didn't realize you had changed the grammar. I didn't edit that field in this PR so I was just adding the periods to make the linter happy. I had to remove the colon in your example. It threw an error because it thought I was trying to define another key. |
KyleOnK8s
force-pushed
the
kyleonk8s-box-events-field-remap
branch
from
e7690bc to
c01bdac
Compare
|
/test |
💚 Build Succeeded
History
|
|
Package box_events - 3.1.2 containing this change is available at https://epr.elastic.co/package/box_events/3.1.2/ |
4 participants
Proposed commit message
Box Events sends either
nullor an email tobox.source.loginwhen using theadmin_logs_streamingsetting. Setting this field to abooleancauses data set quality issues and fields to become ignored.Changing this to a
keywordshould resolve issues with data set quality.Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Related issues
Screenshots