Merge remote-tracking branch 'origin/release/v11' into release/v11

mjabascal10 · mjabascal10 · commit 6291cb669125 · 2025-11-10T09:58:33.000-06:00
diff --git a/backend/src/main/resources/config/liquibase/changelog/20251107002_update_filters_fields_visualization.xml b/backend/src/main/resources/config/liquibase/changelog/20251107002_update_filters_fields_visualization.xml
@@ -23,7 +23,7 @@
 
         <!-- aggregation -->
         <update tableName="utm_visualization">
-            <column name="aggregation" valueComputed="REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(aggregation::text, 'log.winlog.event_id', 'log.winlogEventId'), 'log.winlog.event_data.SubjectUserName', 'log.winlogEventDataSubjectUserName'), 'log.winlog.event_data.TargetUserName', 'log.winlogEventDataTargetUserName'), 'log.winlog.event_data.NewProcessName.keyword', 'winlogEventDataProcessName.keyword'), 'log.winlog.event.code.keyword', 'log.eventCode'), 'log.winlog.event_name.keyword', 'log.eventName'), 'log.winlog.event_data.SubjectUserSid.keyword', 'log.winlogEventDataSubjectUserSid'), 'log.winlog.beat.hostname.keyword', 'dataSource.keyword'), 'log.winlog.event_data.LogonType.keyword', 'log.winlogEventDataLogonType.keyword')::json"/>
+            <column name="aggregation" valueComputed="REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(aggregation::text, 'log.winlog.event_id', 'log.winlogEventId.keyword'), 'log.winlog.event_data.SubjectUserName', 'log.winlogEventDataSubjectUserName.keyword'), 'log.winlog.event_data.TargetUserName', 'log.winlogEventDataTargetUserName.keyword'), 'log.winlog.event_data.NewProcessName.keyword', 'winlogEventDataProcessName.keyword'), 'log.winlog.event.code.keyword', 'log.eventCode'), 'log.winlog.event_name.keyword', 'log.eventName.keyword'), 'log.winlog.event_data.SubjectUserSid.keyword', 'log.winlogEventDataSubjectUserSid.keyword'), 'log.winlog.beat.hostname.keyword', 'dataSource.keyword'), 'log.winlog.event_data.LogonType.keyword', 'log.winlogEventDataLogonType.keyword')::json"/>
             <where>
                 aggregation::text LIKE '%log.winlog.event_id%' OR
                 aggregation::text LIKE '%log.winlog.event_data.SubjectUserName%' OR
