598e63b532
## Summary Adds e2e tests for the `constant_keyword` regular `keyword` to compare between the two. Bugs found with these is one where we do not copy `constant_keyword` fields into signals which I added `.skip` to the tests now. Tested these rule types: * KQL * EQL * Threshold For the mappings of the `constant_keyword` I use both the `constant_keyword` and the field `alias` like so: ```json { "properties": { "@timestamp": { "type": "date" }, "data_stream": { "properties": { "dataset": { "type": "constant_keyword", "value": "dataset_name_1" }, "module": { "type": "constant_keyword", "value": "module_name_1" } } }, "event": { "properties": { "category": { "type": "keyword" }, "dataset": { "type": "alias", "path": "data_stream.dataset" }, "module": { "type": "alias", "path": "data_stream.module" } } } } } ``` To ensure we can detect against fields. I also mix them with regular const keyword fields in another index to ensure they work also in mixed use cases. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios |
||
---|---|---|
.. | ||
basic | ||
common | ||
security_and_spaces | ||
utils.ts |