Skip to content

[Website]: document Cisco Umbrella Log Schema Version #2837

New issue
New issue
Closed
Closed
[Website]: document Cisco Umbrella Log Schema Version#2837
Assignees
alaudazzi
Labels
Team:ExperienceIssues owned by the Experience Docs Teamsource:webIssues originating from the elastic.co docs
@matthewabbott

Description

@matthewabbott
matthewabbott
opened on Sep 5, 2025

Type of issue

None

What documentation page is affected

https://www.elastic.co/docs/reference/integrations/cisco_umbrella

What happened?

Right now, it’s not documented on this page what version of the Umbrella Log Schema the integration supports.

Reviewing the source code for the integration here: https://github.com/elastic/integrations/blob/main/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml#L104-L106, I believe it supports the fields from up to v8/9.

But it does not handle the fields that were added in v10 and v11, described in https://docs.umbrella.com/deployment-umbrella/docs/log-formats-and-versioning#find-your-log-schema-version

It would be nice if, under https://www.elastic.co/docs/reference/integrations/cisco_umbrella#umbrella or elsewhere, the page explicitly noted which version is supported, which I believe, currently, is v9 based on elastic/integrations#5446 adding support for v8, and afaik from the cisco docs, v9 doesn’t add any new fields (though that may be a misapprehension).

Additional info

No response

Metadata

Metadata

Assignees

Labels

Team:ExperienceIssues owned by the Experience Docs Teamsource:webIssues originating from the elastic.co docs

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions