Add skeleton x-pack Auditbeat module

auditbeat/_meta/fields.common.yml

@@ -7,6 +7,10 @@
     description: >
       The name of the module that generated the event.
 
+  - name: event.dataset
+    description: >
+      The name of the module's dataset that generated the event.
+
   - name: event.action
     type: keyword
     example: logged-in

auditbeat/core/eventmod.go

@@ -30,4 +30,10 @@ func AddDatasetToEvent(module, metricSet string, event *mb.Event) {
 	}
 
 	event.RootFields.Put("event.module", module)
+
+	// Modules without "datasets" should set their module and metricset names
+	// to the same value then this will omit the event.dataset field.
+	if module != metricSet {
+		event.RootFields.Put("event.dataset", metricSet)
+	}
 }

auditbeat/docs/fields.asciidoc

@@ -2759,6 +2759,14 @@ Contains common fields available in all event types.
 The name of the module that generated the event.
 
 
+--
+
+*`event.dataset`*::
++
+--
+The name of the module's dataset that generated the event.
+
+
 --
 
 *`event.action`*::

x-pack/auditbeat/cmd/root.go

@@ -4,11 +4,16 @@
 
 package cmd
 
-import "github.com/elastic/beats/auditbeat/cmd"
+import (
+	"github.com/elastic/beats/auditbeat/cmd"
 
-// RootCmd to handle beats cli
+	// Register Auditbeat x-pack modules.
+	_ "github.com/elastic/beats/x-pack/auditbeat/include"
+)
+
+// RootCmd to handle beats CLI.
 var RootCmd = cmd.RootCmd
 
 func init() {
-	// TODO inject x-pack features
+	// TODO: Inject x-pack features.
 }

x-pack/auditbeat/include/list.go

@@ -0,0 +1,11 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License;
+// you may not use this file except in compliance with the Elastic License.
+
+package include
+
+import (
+	// Include all Auditbeat modules so that they register their
+	// factories with the global registry.
+	_ "github.com/elastic/beats/x-pack/auditbeat/module/sysinfo/host"
+)

x-pack/auditbeat/module/sysinfo/_meta/config.yml.tmpl

@@ -0,0 +1,15 @@
+{{ if .Reference -}}
+{{ end -}}
+- module: sysinfo
+  {{ if eq .GOOS "darwin" -}}
+  metricsets:
+    - host
+  {{ else if eq .GOOS "windows" -}}
+  metricsets:
+    - host
+  {{ else -}}
+  metricsets:
+    - host
+  {{- end }}
+{{ if .Reference }}
+{{- end }}

x-pack/auditbeat/module/sysinfo/_meta/docs.asciidoc

@@ -0,0 +1,22 @@
+== Sysinfo Module
+
+The `sysinfo` module ... TODO.
+
+The module is implemented for Linux, macOS (Darwin), and Windows.
+
+[float]
+=== How it works
+
+TODO
+
+[float]
+=== Configuration options
+
+TODO
+
+[source,yaml]
+----
+- module: sysinfo
+----
+
+*`some_option`*:: TODO

x-pack/auditbeat/module/sysinfo/_meta/fields.yml

@@ -0,0 +1,4 @@
+- key: sysinfo
+  title: Sysinfo
+  description: These are the fields generated by the sysinfo module.
+  fields:

x-pack/auditbeat/module/sysinfo/host/_meta/docs.asciidoc

@@ -0,0 +1,8 @@
+The Sysinfo `host` metricset provides ... TODO.
+
+The module is implemented for Linux, macOS (Darwin), and Windows.
+
+[float]
+=== Configuration options
+
+TODO

x-pack/auditbeat/module/sysinfo/host/_meta/fields.yml

@@ -0,0 +1,6 @@
+- name: host
+  type: group
+  description: >
+    `host` contains TODO.
+  release: experimental
+  fields:

x-pack/auditbeat/module/sysinfo/host/config.go

@@ -0,0 +1,17 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License;
+// you may not use this file except in compliance with the Elastic License.
+
+package host
+
+// Config defines the host metricset's configuration options.
+type Config struct {
+	// TODO: Add config options.
+}
+
+// Validate validates the host metricset config.
+func (c *Config) Validate() error {
+	return nil
+}
+
+var defaultConfig = Config{}

x-pack/auditbeat/module/sysinfo/host/host.go

@@ -0,0 +1,50 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License;
+// you may not use this file except in compliance with the Elastic License.
+
+package host
+
+import (
+	"github.com/pkg/errors"
+
+	"github.com/elastic/beats/libbeat/common"
+	"github.com/elastic/beats/libbeat/common/cfgwarn"
+	"github.com/elastic/beats/metricbeat/mb"
+)
+
+const (
+	moduleName    = "sysinfo"
+	metricsetName = "host"
+)
+
+func init() {
+	mb.Registry.MustAddMetricSet(moduleName, metricsetName, New,
+		mb.DefaultMetricSet(),
+	)
+}
+
+// MetricSet collects data about the host.
+type MetricSet struct {
+	mb.BaseMetricSet
+}
+
+// New constructs a new MetricSet.
+func New(base mb.BaseMetricSet) (mb.MetricSet, error) {
+	cfgwarn.Experimental("The %v/%v dataset is experimental", moduleName, metricsetName)
+
+	config := defaultConfig
+	if err := base.Module().UnpackConfig(&config); err != nil {
+		return nil, errors.Wrapf(err, "failed to unpack the %v/%v config", moduleName, metricsetName)
+	}
+
+	return &MetricSet{base}, nil
+}
+
+// Fetch collects data about the host. It is invoked periodically.
+func (ms *MetricSet) Fetch(report mb.ReporterV2) {
+	report.Event(mb.Event{
+		RootFields: common.MapStr{
+			"hello": "world",
+		},
+	})
+}