Add packetbeat migration to siem docs#6695
Conversation
Elastic Docs AI PR menuCheck the box to run an AI review for this pull request.
Powered by GitHub Agentic Workflows and docs-actions. For more information, reach out to the docs team. |
🔍 Preview links for changed docs |
✅ Vale Linting ResultsNo issues found on modified lines! The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale. |
| ::::{applies-switch} | ||
|
|
||
| :::{applies-item} {stack: ga 9.4+, serverless: ga} | ||
| :::{applies-item} {stack: ga 9.0-9.4} |
There was a problem hiding this comment.
Why is this 9.0-9.4 and is there other working examples of this syntax?
There was a problem hiding this comment.
I added 9.0-9.4 here as this job will not exist after 9.4. I think you could refer to the jobs tagged with stack 9.0-9.3.
Can someone from the docs team also confirm the tag? @natasha-moore-elastic
There was a problem hiding this comment.
Hey @sodhikirti07, if I remember correctly, the _ea suffixed jobs were only introduced in 9.4. If this is being removed in 9.5 (i.e. it will exist in 9.4 only), then the syntax should be {stack: removed 9.5+, ga =9.4}
There was a problem hiding this comment.
Thanks, updated the tags on packetbeat jobs
3 participants
Summary
In 9.5, we are migrating two packetbeat jobs from the
security_packetbeatmodule to thesecurity_networkmodule to improve compatibility with additional integrations such as Defend. This PR updates the list ofsecurity_packetbeatandsecurity_networkjobs accordingly.packetbeat_dns_tunneling_eaandpacketbeat_rare_dns_question_eaare updated from tag version 9.4+ toga 9.0- 9.4. Moving forward, these jobs will no longer exist under thesecurity_packetbeatmodule.dns_tunneling_eaandrare_dns_question_eaand moved under thesecurity_networkmodule with a tag version of 9.5+.Generative AI disclosure