Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace wildcard and match_only_text types to keyword #590

Closed
3 tasks done
Tracked by #22887
AlexRuiz7 opened this issue Dec 11, 2024 · 1 comment · Fixed by #619 or wazuh/wazuh-indexer-plugins#202
Closed
3 tasks done
Tracked by #22887

Replace wildcard and match_only_text types to keyword #590

AlexRuiz7 opened this issue Dec 11, 2024 · 1 comment · Fixed by #619 or wazuh/wazuh-indexer-plugins#202
Assignees
@f-galland
Labels
level/task Task issue mvp Minimum Viable Product type/enhancement Enhancement issue

Comments

@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Dec 11, 2024
edited
Loading

Description

Due to a bug in OpenSearch Dashboards not rendering supported types properly in Discover and other places of the UI, we need to change the mappings for every Wazuh index replacing wildcard and match_only_text types with keyword|text.

Related issues:

Functional requirements

  • None of the stateful indices use wildcard or match_only_text field types.
  • None of the stateless (alerts, commands) indices use wildcard or match_only_text field types.

Implementation restrictions

  • The changes must be performed by updating our generation script, so the replacements are automated.
  • Consider using text instead of keyword for better search behavior.

Plan

  • Patch the generate.sh script.
  • Regenerate the mappings.
  • Update the index templates for the setup and command-manager plugins.
@AlexRuiz7 AlexRuiz7 added level/task Task issue type/enhancement Enhancement issue mvp Minimum Viable Product labels Dec 11, 2024
@wazuhci wazuhci moved this to Backlog in Release 5.0.0 Dec 11, 2024
@AlexRuiz7 AlexRuiz7 removed the mvp Minimum Viable Product label Dec 12, 2024
@AlexRuiz7 AlexRuiz7 mentioned this issue Dec 12, 2024
Open
25 tasks
@wazuhci wazuhci moved this from Backlog to In progress in Release 5.0.0 Dec 23, 2024
@AlexRuiz7 AlexRuiz7 added the mvp Minimum Viable Product label Dec 23, 2024
@f-galland f-galland mentioned this issue Dec 23, 2024
Merged
3 tasks
@f-galland f-galland linked a pull request Dec 23, 2024 that will close this issue
Swap wildcard and match_only_text for keyword in mappings wazuh/wazuh-indexer-plugins#202
Merged
@f-galland f-galland mentioned this issue Dec 23, 2024
Merged
@f-galland
Copy link
Member

No wildcard or match_only_text fields are present in the plugins mappings anymore:

(env) fede@tyner:~/IdeaProjects/wazuh-indexer-plugins/plugins (enhancement/590-replace-wildcard-and-match_only_text)
$ grep -ERl 'wildcard|match_only_text' setup/src/main/resources/

(env) fede@tyner:~/IdeaProjects/wazuh-indexer-plugins/plugins (enhancement/590-replace-wildcard-and-match_only_text)
$ grep -ERl 'wildcard|match_only_text' command-manager/src/main/resources/

(env) fede@tyner:~/IdeaProjects/wazuh-indexer-plugins/plugins (enhancement/590-replace-wildcard-and-match_only_text)

@wazuhci wazuhci moved this from In progress to Pending review in Release 5.0.0 Dec 23, 2024
@wazuhci wazuhci moved this from Pending review to Done in Release 5.0.0 Dec 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@f-galland f-galland

Labels
level/task Task issue mvp Minimum Viable Product type/enhancement Enhancement issue
Projects
Release 5.0.0
Status: Done
Milestone
No milestone
2 participants
@AlexRuiz7 @f-galland