From 4dee5501363eadf4f2a7840d81f744fcbaaa26c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Constan=C3=A7a=20Manteigas?= <113898685+constanca-m@users.noreply.github.com> Date: Mon, 5 Jun 2023 18:25:53 +0200 Subject: [PATCH] [AWS] Add metric type to SNS, SQS and Billing data streams (#6319) * Add metric type to SNS. Signed-off-by: constanca-m * Add metric type to SQS. Signed-off-by: constanca-m * Add metric type to Billing. Signed-off-by: constanca-m * Update changelog. Signed-off-by: constanca-m * Update files. Signed-off-by: constanca-m --------- Signed-off-by: constanca-m --- packages/aws/changelog.yml | 5 + .../aws/data_stream/billing/fields/fields.yml | 6 + .../aws/data_stream/sns/fields/fields.yml | 11 ++ .../aws/data_stream/sqs/fields/fields.yml | 9 ++ packages/aws/docs/billing.md | 140 +++++++++--------- packages/aws/docs/sns.md | 130 ++++++++-------- packages/aws/docs/sqs.md | 120 +++++++-------- packages/aws/manifest.yml | 2 +- 8 files changed, 227 insertions(+), 196 deletions(-) diff --git a/packages/aws/changelog.yml b/packages/aws/changelog.yml index 83b87db9f2d..c3cd11f1891 100644 --- a/packages/aws/changelog.yml +++ b/packages/aws/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.40.0" + changes: + - description: Add metric type to SNS, SQS and Billing data streams. + type: enhancement + link: https://github.com/elastic/integrations/pull/6319 - version: "1.39.0" changes: - description: Add AWS API Gateway data stream. diff --git a/packages/aws/data_stream/billing/fields/fields.yml b/packages/aws/data_stream/billing/fields/fields.yml index cb897fec928..a8f1b9bdca5 100644 --- a/packages/aws/data_stream/billing/fields/fields.yml +++ b/packages/aws/data_stream/billing/fields/fields.yml @@ -6,6 +6,7 @@ fields: - name: EstimatedCharges type: long + metric_type: gauge description: Maximum estimated charges for AWS acccount. - name: Currency type: keyword @@ -19,6 +20,7 @@ fields: - name: amount type: double + metric_type: gauge description: Amortized cost amount. - name: unit type: keyword @@ -28,6 +30,7 @@ fields: - name: amount type: double + metric_type: gauge description: Blended cost amount. - name: unit type: keyword @@ -37,6 +40,7 @@ fields: - name: amount type: double + metric_type: gauge description: Normalized usage amount. - name: unit type: keyword @@ -46,6 +50,7 @@ fields: - name: amount type: double + metric_type: gauge description: Unblended cost amount. - name: unit type: keyword @@ -54,6 +59,7 @@ type: group fields: - name: amount + metric_type: gauge type: double description: Usage quantity amount. - name: unit diff --git a/packages/aws/data_stream/sns/fields/fields.yml b/packages/aws/data_stream/sns/fields/fields.yml index cf2294fd43e..d91b6fb93a7 100644 --- a/packages/aws/data_stream/sns/fields/fields.yml +++ b/packages/aws/data_stream/sns/fields/fields.yml @@ -32,35 +32,46 @@ fields: - name: PublishSize.avg type: double + metric_type: gauge description: The size of messages published. - name: SMSSuccessRate.avg type: double + metric_type: gauge description: The rate of successful SMS message deliveries. - name: NumberOfMessagesPublished.sum type: long + metric_type: gauge description: The number of messages published to your Amazon SNS topics. - name: NumberOfNotificationsDelivered.sum type: long + metric_type: gauge description: The number of messages successfully delivered from your Amazon SNS topics to subscribing endpoints. - name: NumberOfNotificationsFailed.sum type: long + metric_type: gauge description: The number of messages that Amazon SNS failed to deliver. - name: NumberOfNotificationsFilteredOut.sum type: long + metric_type: gauge description: The number of messages that were rejected by subscription filter policies. - name: NumberOfNotificationsFilteredOut-InvalidAttributes.sum type: long + metric_type: gauge description: The number of messages that were rejected by subscription filter policies because the messages' attributes are invalid - for example, because the attribute JSON is incorrectly formatted. - name: NumberOfNotificationsFilteredOut-NoMessageAttributes.sum type: long + metric_type: gauge description: The number of messages that were rejected by subscription filter policies because the messages have no attributes. - name: NumberOfNotificationsRedrivenToDlq.sum type: long + metric_type: gauge description: The number of messages that have been moved to a dead-letter queue. - name: NumberOfNotificationsFailedToRedriveToDlq.sum type: long + metric_type: gauge description: The number of messages that couldn't be moved to a dead-letter queue. - name: SMSMonthToDateSpentUSD.sum + metric_type: gauge type: long description: The charges you have accrued since the start of the current calendar month for sending SMS messages. - name: cloudwatch diff --git a/packages/aws/data_stream/sqs/fields/fields.yml b/packages/aws/data_stream/sqs/fields/fields.yml index c181a0f2c41..dd9f2035128 100644 --- a/packages/aws/data_stream/sqs/fields/fields.yml +++ b/packages/aws/data_stream/sqs/fields/fields.yml @@ -13,39 +13,48 @@ fields: - name: oldest_message_age.sec type: long + metric_type: gauge format: duration description: | The approximate age of the oldest non-deleted message in the queue. - name: messages.delayed type: long + metric_type: gauge description: | TThe number of messages in the queue that are delayed and not available for reading immediately. - name: messages.not_visible type: long + metric_type: gauge description: | The number of messages that are in flight. - name: messages.visible type: long + metric_type: gauge description: | The number of messages available for retrieval from the queue. - name: messages.deleted type: long + metric_type: gauge description: | The number of messages deleted from the queue. - name: messages.received type: long + metric_type: gauge description: | The number of messages returned by calls to the ReceiveMessage action. - name: messages.sent type: long + metric_type: gauge description: | The number of messages added to a queue. - name: empty_receives type: long + metric_type: gauge description: | The number of ReceiveMessage API calls that did not return a message. - name: sent_message_size.bytes type: long + metric_type: gauge format: bytes description: | The size of messages added to a queue. diff --git a/packages/aws/docs/billing.md b/packages/aws/docs/billing.md index d93bd134f6d..2760854e1e0 100644 --- a/packages/aws/docs/billing.md +++ b/packages/aws/docs/billing.md @@ -111,74 +111,74 @@ An example event for `billing` looks as following: **Exported fields** -| Field | Description | Type | -|---|---|---| -| @timestamp | Event timestamp. | date | -| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | -| aws.\*.metrics.\*.\* | Metrics that returned from Cloudwatch API query. | object | -| aws.billing.AmortizedCost.amount | Amortized cost amount. | double | -| aws.billing.AmortizedCost.unit | Amortized cost unit. | keyword | -| aws.billing.BlendedCost.amount | Blended cost amount. | double | -| aws.billing.BlendedCost.unit | Blended cost unit. | keyword | -| aws.billing.Currency | Currency name. | keyword | -| aws.billing.EstimatedCharges | Maximum estimated charges for AWS acccount. | long | -| aws.billing.NormalizedUsageAmount.amount | Normalized usage amount. | double | -| aws.billing.NormalizedUsageAmount.unit | Normalized usage amount unit. | keyword | -| aws.billing.ServiceName | AWS service name. | keyword | -| aws.billing.UnblendedCost.amount | Unblended cost amount. | double | -| aws.billing.UnblendedCost.unit | Unblended cost unit. | keyword | -| aws.billing.UsageQuantity.amount | Usage quantity amount. | double | -| aws.billing.UsageQuantity.unit | Usage quantity unit. | keyword | -| aws.billing.end_date | End date for retrieving AWS costs. | keyword | -| aws.billing.group_by | Cost explorer group by key values. | object | -| aws.billing.group_definition.key | The string that represents a key for a specified group. | keyword | -| aws.billing.group_definition.type | The string that represents the type of group. | keyword | -| aws.billing.start_date | Start date for retrieving AWS costs. | keyword | -| aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword | -| aws.dimensions.\* | Metric dimensions. | object | -| aws.linked_account.id | ID used to identify linked account. | keyword | -| aws.linked_account.name | Name or alias used to identify linked account. | keyword | -| aws.s3.bucket.name | Name of a S3 bucket. | keyword | -| aws.tags.\* | Tag key value pairs from aws resources. | object | -| cloud | Fields related to the cloud or infrastructure the events are coming from. | group | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | -| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | -| cloud.image.id | Image ID for the cloud instance. | keyword | -| cloud.instance.id | Instance ID of the host machine. | keyword | -| cloud.instance.name | Instance name of the host machine. | keyword | -| cloud.machine.type | Machine type of the host machine. | keyword | -| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | -| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host, resource, or service is located. | keyword | -| container.id | Unique container id. | keyword | -| container.image.name | Name of the image the container was built on. | keyword | -| container.labels | Image labels. | object | -| container.name | Container name. | keyword | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| error | These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error. | group | -| error.message | Error message. | match_only_text | -| event.dataset | Event dataset | constant_keyword | -| event.module | Event module | constant_keyword | -| host.architecture | Operating system architecture. | keyword | -| host.containerized | If the host is a container. | boolean | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | -| host.ip | Host ip addresses. | ip | -| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | -| host.os.build | OS build information. | keyword | -| host.os.codename | OS codename, if any. | keyword | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | -| host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.version | Operating system version as a raw string. | keyword | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | +| Field | Description | Type | Metric Type | +|---|---|---|---| +| @timestamp | Event timestamp. | date | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | +| aws.\*.metrics.\*.\* | Metrics that returned from Cloudwatch API query. | object | | +| aws.billing.AmortizedCost.amount | Amortized cost amount. | double | gauge | +| aws.billing.AmortizedCost.unit | Amortized cost unit. | keyword | | +| aws.billing.BlendedCost.amount | Blended cost amount. | double | gauge | +| aws.billing.BlendedCost.unit | Blended cost unit. | keyword | | +| aws.billing.Currency | Currency name. | keyword | | +| aws.billing.EstimatedCharges | Maximum estimated charges for AWS acccount. | long | gauge | +| aws.billing.NormalizedUsageAmount.amount | Normalized usage amount. | double | gauge | +| aws.billing.NormalizedUsageAmount.unit | Normalized usage amount unit. | keyword | | +| aws.billing.ServiceName | AWS service name. | keyword | | +| aws.billing.UnblendedCost.amount | Unblended cost amount. | double | gauge | +| aws.billing.UnblendedCost.unit | Unblended cost unit. | keyword | | +| aws.billing.UsageQuantity.amount | Usage quantity amount. | double | gauge | +| aws.billing.UsageQuantity.unit | Usage quantity unit. | keyword | | +| aws.billing.end_date | End date for retrieving AWS costs. | keyword | | +| aws.billing.group_by | Cost explorer group by key values. | object | | +| aws.billing.group_definition.key | The string that represents a key for a specified group. | keyword | | +| aws.billing.group_definition.type | The string that represents the type of group. | keyword | | +| aws.billing.start_date | Start date for retrieving AWS costs. | keyword | | +| aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword | | +| aws.dimensions.\* | Metric dimensions. | object | | +| aws.linked_account.id | ID used to identify linked account. | keyword | | +| aws.linked_account.name | Name or alias used to identify linked account. | keyword | | +| aws.s3.bucket.name | Name of a S3 bucket. | keyword | | +| aws.tags.\* | Tag key value pairs from aws resources. | object | | +| cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | +| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | +| cloud.image.id | Image ID for the cloud instance. | keyword | | +| cloud.instance.id | Instance ID of the host machine. | keyword | | +| cloud.instance.name | Instance name of the host machine. | keyword | | +| cloud.machine.type | Machine type of the host machine. | keyword | | +| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | | +| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | +| container.id | Unique container id. | keyword | | +| container.image.name | Name of the image the container was built on. | keyword | | +| container.labels | Image labels. | object | | +| container.name | Container name. | keyword | | +| data_stream.dataset | Data stream dataset. | constant_keyword | | +| data_stream.namespace | Data stream namespace. | constant_keyword | | +| data_stream.type | Data stream type. | constant_keyword | | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | +| error | These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error. | group | | +| error.message | Error message. | match_only_text | | +| event.dataset | Event dataset | constant_keyword | | +| event.module | Event module | constant_keyword | | +| host.architecture | Operating system architecture. | keyword | | +| host.containerized | If the host is a container. | boolean | | +| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | +| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | +| host.ip | Host ip addresses. | ip | | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.os.build | OS build information. | keyword | | +| host.os.codename | OS codename, if any. | keyword | | +| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | +| host.os.kernel | Operating system kernel version as a raw string. | keyword | | +| host.os.name | Operating system name, without the version. | keyword | | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | +| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | +| host.os.version | Operating system version as a raw string. | keyword | | +| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | +| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | diff --git a/packages/aws/docs/sns.md b/packages/aws/docs/sns.md index 1ed98d2a557..5e7b2426b22 100644 --- a/packages/aws/docs/sns.md +++ b/packages/aws/docs/sns.md @@ -115,68 +115,68 @@ An example event for `sns` looks as following: **Exported fields** -| Field | Description | Type | -|---|---|---| -| @timestamp | Event timestamp. | date | -| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | -| aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword | -| aws.dimensions.\* | Metric dimensions. | object | -| aws.dimensions.Application | Filters on application objects, which represent an app and device registered with one of the supported push notification services, such as APNs and FCM. | keyword | -| aws.dimensions.Country | Filters on the destination country or region of an SMS message. | keyword | -| aws.dimensions.Platform | Filters on platform objects for the push notification services, such as APNs and FCM. | keyword | -| aws.dimensions.SMSType | Filters on the message type of SMS message. | keyword | -| aws.dimensions.TopicName | Filters on Amazon SNS topic names. | keyword | -| aws.s3.bucket.name | Name of a S3 bucket. | keyword | -| aws.sns.metrics.NumberOfMessagesPublished.sum | The number of messages published to your Amazon SNS topics. | long | -| aws.sns.metrics.NumberOfNotificationsDelivered.sum | The number of messages successfully delivered from your Amazon SNS topics to subscribing endpoints. | long | -| aws.sns.metrics.NumberOfNotificationsFailed.sum | The number of messages that Amazon SNS failed to deliver. | long | -| aws.sns.metrics.NumberOfNotificationsFailedToRedriveToDlq.sum | The number of messages that couldn't be moved to a dead-letter queue. | long | -| aws.sns.metrics.NumberOfNotificationsFilteredOut-InvalidAttributes.sum | The number of messages that were rejected by subscription filter policies because the messages' attributes are invalid - for example, because the attribute JSON is incorrectly formatted. | long | -| aws.sns.metrics.NumberOfNotificationsFilteredOut-NoMessageAttributes.sum | The number of messages that were rejected by subscription filter policies because the messages have no attributes. | long | -| aws.sns.metrics.NumberOfNotificationsFilteredOut.sum | The number of messages that were rejected by subscription filter policies. | long | -| aws.sns.metrics.NumberOfNotificationsRedrivenToDlq.sum | The number of messages that have been moved to a dead-letter queue. | long | -| aws.sns.metrics.PublishSize.avg | The size of messages published. | double | -| aws.sns.metrics.SMSMonthToDateSpentUSD.sum | The charges you have accrued since the start of the current calendar month for sending SMS messages. | long | -| aws.sns.metrics.SMSSuccessRate.avg | The rate of successful SMS message deliveries. | double | -| aws.tags.\* | Tag key value pairs from aws resources. | object | -| cloud | Fields related to the cloud or infrastructure the events are coming from. | group | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | -| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | -| cloud.image.id | Image ID for the cloud instance. | keyword | -| cloud.instance.id | Instance ID of the host machine. | keyword | -| cloud.instance.name | Instance name of the host machine. | keyword | -| cloud.machine.type | Machine type of the host machine. | keyword | -| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | -| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host, resource, or service is located. | keyword | -| container.id | Unique container id. | keyword | -| container.image.name | Name of the image the container was built on. | keyword | -| container.labels | Image labels. | object | -| container.name | Container name. | keyword | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| error | These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error. | group | -| error.message | Error message. | match_only_text | -| event.dataset | Event dataset | constant_keyword | -| event.module | Event module | constant_keyword | -| host.architecture | Operating system architecture. | keyword | -| host.containerized | If the host is a container. | boolean | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | -| host.ip | Host ip addresses. | ip | -| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | -| host.os.build | OS build information. | keyword | -| host.os.codename | OS codename, if any. | keyword | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | -| host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.version | Operating system version as a raw string. | keyword | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | +| Field | Description | Type | Metric Type | +|---|---|---|---| +| @timestamp | Event timestamp. | date | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | +| aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword | | +| aws.dimensions.\* | Metric dimensions. | object | | +| aws.dimensions.Application | Filters on application objects, which represent an app and device registered with one of the supported push notification services, such as APNs and FCM. | keyword | | +| aws.dimensions.Country | Filters on the destination country or region of an SMS message. | keyword | | +| aws.dimensions.Platform | Filters on platform objects for the push notification services, such as APNs and FCM. | keyword | | +| aws.dimensions.SMSType | Filters on the message type of SMS message. | keyword | | +| aws.dimensions.TopicName | Filters on Amazon SNS topic names. | keyword | | +| aws.s3.bucket.name | Name of a S3 bucket. | keyword | | +| aws.sns.metrics.NumberOfMessagesPublished.sum | The number of messages published to your Amazon SNS topics. | long | gauge | +| aws.sns.metrics.NumberOfNotificationsDelivered.sum | The number of messages successfully delivered from your Amazon SNS topics to subscribing endpoints. | long | gauge | +| aws.sns.metrics.NumberOfNotificationsFailed.sum | The number of messages that Amazon SNS failed to deliver. | long | gauge | +| aws.sns.metrics.NumberOfNotificationsFailedToRedriveToDlq.sum | The number of messages that couldn't be moved to a dead-letter queue. | long | gauge | +| aws.sns.metrics.NumberOfNotificationsFilteredOut-InvalidAttributes.sum | The number of messages that were rejected by subscription filter policies because the messages' attributes are invalid - for example, because the attribute JSON is incorrectly formatted. | long | gauge | +| aws.sns.metrics.NumberOfNotificationsFilteredOut-NoMessageAttributes.sum | The number of messages that were rejected by subscription filter policies because the messages have no attributes. | long | gauge | +| aws.sns.metrics.NumberOfNotificationsFilteredOut.sum | The number of messages that were rejected by subscription filter policies. | long | gauge | +| aws.sns.metrics.NumberOfNotificationsRedrivenToDlq.sum | The number of messages that have been moved to a dead-letter queue. | long | gauge | +| aws.sns.metrics.PublishSize.avg | The size of messages published. | double | gauge | +| aws.sns.metrics.SMSMonthToDateSpentUSD.sum | The charges you have accrued since the start of the current calendar month for sending SMS messages. | long | gauge | +| aws.sns.metrics.SMSSuccessRate.avg | The rate of successful SMS message deliveries. | double | gauge | +| aws.tags.\* | Tag key value pairs from aws resources. | object | | +| cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | +| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | +| cloud.image.id | Image ID for the cloud instance. | keyword | | +| cloud.instance.id | Instance ID of the host machine. | keyword | | +| cloud.instance.name | Instance name of the host machine. | keyword | | +| cloud.machine.type | Machine type of the host machine. | keyword | | +| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | | +| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | +| container.id | Unique container id. | keyword | | +| container.image.name | Name of the image the container was built on. | keyword | | +| container.labels | Image labels. | object | | +| container.name | Container name. | keyword | | +| data_stream.dataset | Data stream dataset. | constant_keyword | | +| data_stream.namespace | Data stream namespace. | constant_keyword | | +| data_stream.type | Data stream type. | constant_keyword | | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | +| error | These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error. | group | | +| error.message | Error message. | match_only_text | | +| event.dataset | Event dataset | constant_keyword | | +| event.module | Event module | constant_keyword | | +| host.architecture | Operating system architecture. | keyword | | +| host.containerized | If the host is a container. | boolean | | +| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | +| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | +| host.ip | Host ip addresses. | ip | | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.os.build | OS build information. | keyword | | +| host.os.codename | OS codename, if any. | keyword | | +| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | +| host.os.kernel | Operating system kernel version as a raw string. | keyword | | +| host.os.name | Operating system name, without the version. | keyword | | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | +| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | +| host.os.version | Operating system version as a raw string. | keyword | | +| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | +| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | diff --git a/packages/aws/docs/sqs.md b/packages/aws/docs/sqs.md index de9e566d965..d7c06994a9e 100644 --- a/packages/aws/docs/sqs.md +++ b/packages/aws/docs/sqs.md @@ -122,63 +122,63 @@ An example event for `sqs` looks as following: **Exported fields** -| Field | Description | Type | -|---|---|---| -| @timestamp | Event timestamp. | date | -| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | -| aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword | -| aws.dimensions.\* | Metric dimensions. | object | -| aws.dimensions.QueueName | SQS queue name | keyword | -| aws.s3.bucket.name | Name of a S3 bucket. | keyword | -| aws.sqs.empty_receives | The number of ReceiveMessage API calls that did not return a message. | long | -| aws.sqs.messages.delayed | TThe number of messages in the queue that are delayed and not available for reading immediately. | long | -| aws.sqs.messages.deleted | The number of messages deleted from the queue. | long | -| aws.sqs.messages.not_visible | The number of messages that are in flight. | long | -| aws.sqs.messages.received | The number of messages returned by calls to the ReceiveMessage action. | long | -| aws.sqs.messages.sent | The number of messages added to a queue. | long | -| aws.sqs.messages.visible | The number of messages available for retrieval from the queue. | long | -| aws.sqs.oldest_message_age.sec | The approximate age of the oldest non-deleted message in the queue. | long | -| aws.sqs.queue.name | SQS queue name | keyword | -| aws.sqs.sent_message_size.bytes | The size of messages added to a queue. | long | -| aws.tags.\* | Tag key value pairs from aws resources. | object | -| cloud | Fields related to the cloud or infrastructure the events are coming from. | group | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | -| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | -| cloud.image.id | Image ID for the cloud instance. | keyword | -| cloud.instance.id | Instance ID of the host machine. | keyword | -| cloud.instance.name | Instance name of the host machine. | keyword | -| cloud.machine.type | Machine type of the host machine. | keyword | -| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | -| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host, resource, or service is located. | keyword | -| container.id | Unique container id. | keyword | -| container.image.name | Name of the image the container was built on. | keyword | -| container.labels | Image labels. | object | -| container.name | Container name. | keyword | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| error | These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error. | group | -| error.message | Error message. | match_only_text | -| event.dataset | Event dataset | constant_keyword | -| event.module | Event module | constant_keyword | -| host.architecture | Operating system architecture. | keyword | -| host.containerized | If the host is a container. | boolean | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | -| host.ip | Host ip addresses. | ip | -| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | -| host.os.build | OS build information. | keyword | -| host.os.codename | OS codename, if any. | keyword | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | -| host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.version | Operating system version as a raw string. | keyword | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | +| Field | Description | Type | Metric Type | +|---|---|---|---| +| @timestamp | Event timestamp. | date | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | +| aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword | | +| aws.dimensions.\* | Metric dimensions. | object | | +| aws.dimensions.QueueName | SQS queue name | keyword | | +| aws.s3.bucket.name | Name of a S3 bucket. | keyword | | +| aws.sqs.empty_receives | The number of ReceiveMessage API calls that did not return a message. | long | gauge | +| aws.sqs.messages.delayed | TThe number of messages in the queue that are delayed and not available for reading immediately. | long | gauge | +| aws.sqs.messages.deleted | The number of messages deleted from the queue. | long | gauge | +| aws.sqs.messages.not_visible | The number of messages that are in flight. | long | gauge | +| aws.sqs.messages.received | The number of messages returned by calls to the ReceiveMessage action. | long | gauge | +| aws.sqs.messages.sent | The number of messages added to a queue. | long | gauge | +| aws.sqs.messages.visible | The number of messages available for retrieval from the queue. | long | gauge | +| aws.sqs.oldest_message_age.sec | The approximate age of the oldest non-deleted message in the queue. | long | gauge | +| aws.sqs.queue.name | SQS queue name | keyword | | +| aws.sqs.sent_message_size.bytes | The size of messages added to a queue. | long | gauge | +| aws.tags.\* | Tag key value pairs from aws resources. | object | | +| cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | +| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | +| cloud.image.id | Image ID for the cloud instance. | keyword | | +| cloud.instance.id | Instance ID of the host machine. | keyword | | +| cloud.instance.name | Instance name of the host machine. | keyword | | +| cloud.machine.type | Machine type of the host machine. | keyword | | +| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | | +| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | +| container.id | Unique container id. | keyword | | +| container.image.name | Name of the image the container was built on. | keyword | | +| container.labels | Image labels. | object | | +| container.name | Container name. | keyword | | +| data_stream.dataset | Data stream dataset. | constant_keyword | | +| data_stream.namespace | Data stream namespace. | constant_keyword | | +| data_stream.type | Data stream type. | constant_keyword | | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | +| error | These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error. | group | | +| error.message | Error message. | match_only_text | | +| event.dataset | Event dataset | constant_keyword | | +| event.module | Event module | constant_keyword | | +| host.architecture | Operating system architecture. | keyword | | +| host.containerized | If the host is a container. | boolean | | +| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | +| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | +| host.ip | Host ip addresses. | ip | | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.os.build | OS build information. | keyword | | +| host.os.codename | OS codename, if any. | keyword | | +| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | +| host.os.kernel | Operating system kernel version as a raw string. | keyword | | +| host.os.name | Operating system name, without the version. | keyword | | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | +| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | +| host.os.version | Operating system version as a raw string. | keyword | | +| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | +| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index 76f3952b749..5fffe99d729 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: aws title: AWS -version: 1.39.0 +version: 1.40.0 license: basic description: Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent. type: integration