diff --git a/go.mod b/go.mod index 52ca053f5e2..f8e18842e5c 100644 --- a/go.mod +++ b/go.mod @@ -164,3 +164,5 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) + +replace github.com/elastic/package-spec => github.com/andrewkroh/package-spec v0.0.0-20220428215201-2223ec9f7aca diff --git a/go.sum b/go.sum index 101a093df5c..cdbd8258511 100644 --- a/go.sum +++ b/go.sum @@ -151,6 +151,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk= +github.com/andrewkroh/package-spec v0.0.0-20220428215201-2223ec9f7aca h1:CC16fzMHuy9a3z6QzAAExWgufJUWnp0kW016UXGPyPQ= +github.com/andrewkroh/package-spec v0.0.0-20220428215201-2223ec9f7aca/go.mod h1:KzGTSDqCkdhmL1IFpOH2ZQNSSE9JEhNtndxU3ZrQilA= github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/andybalholm/brotli v1.0.3/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= @@ -427,8 +429,6 @@ github.com/elastic/go-windows v1.0.1 h1:AlYZOldA+UJ0/2nBuqWdo90GFCgG9xuyw9SYzGUt github.com/elastic/go-windows v1.0.1/go.mod h1:FoVvqWSun28vaDQPbj2Elfc0JahhPB7WQEGa3c814Ss= github.com/elastic/package-registry v1.8.0 h1:c2nUbBZct3c2LZ6uw0HotB+11PmYM8xh0ynvyeuzFBY= github.com/elastic/package-registry v1.8.0/go.mod h1:zh8h1v9v2VYBQvlZK2KoD/uDJlYC7re5PLf4eDALEFA= -github.com/elastic/package-spec v1.7.0 h1:cwWMVz3YIAbyUDFrVOdPfqwn3btZoMPSKSedfT0VlZA= -github.com/elastic/package-spec v1.7.0/go.mod h1:KzGTSDqCkdhmL1IFpOH2ZQNSSE9JEhNtndxU3ZrQilA= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= diff --git a/packages/activemq/changelog.yml b/packages/activemq/changelog.yml index d1a86f7c13e..72fa2d22258 100644 --- a/packages/activemq/changelog.yml +++ b/packages/activemq/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.3.1" changes: - description: Add documentation for multi-fields diff --git a/packages/activemq/data_stream/audit/fields/agent.yml b/packages/activemq/data_stream/audit/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/activemq/data_stream/audit/fields/agent.yml +++ b/packages/activemq/data_stream/audit/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/activemq/data_stream/audit/fields/ecs.yml b/packages/activemq/data_stream/audit/fields/ecs.yml index 12993b02683..0d6967a91ca 100644 --- a/packages/activemq/data_stream/audit/fields/ecs.yml +++ b/packages/activemq/data_stream/audit/fields/ecs.yml @@ -51,7 +51,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/activemq/data_stream/broker/fields/ecs.yml b/packages/activemq/data_stream/broker/fields/ecs.yml index 12993b02683..0d6967a91ca 100644 --- a/packages/activemq/data_stream/broker/fields/ecs.yml +++ b/packages/activemq/data_stream/broker/fields/ecs.yml @@ -51,7 +51,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/activemq/data_stream/broker/fields/fields.yml b/packages/activemq/data_stream/broker/fields/fields.yml index 06f310115f2..b54aaa3ff1a 100644 --- a/packages/activemq/data_stream/broker/fields/fields.yml +++ b/packages/activemq/data_stream/broker/fields/fields.yml @@ -1,6 +1,5 @@ - name: activemq.broker type: group - release: beta fields: - name: mbean type: keyword @@ -39,15 +38,12 @@ type: long description: Number of message producers active on destinations on the broker. - name: service - title: Service - group: 2 description: 'The service fields describe the service for or from which the data was collected. These fields help you find and correlate logs for a specific service and version.' type: group fields: - name: type - level: core type: keyword ignore_above: 1024 description: 'The type of the service data is collected from. @@ -56,7 +52,6 @@ Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`.' - name: address - level: core type: keyword ignore_above: 1024 description: 'The type of the service data is collected from. diff --git a/packages/activemq/data_stream/log/fields/ecs.yml b/packages/activemq/data_stream/log/fields/ecs.yml index 12993b02683..0d6967a91ca 100644 --- a/packages/activemq/data_stream/log/fields/ecs.yml +++ b/packages/activemq/data_stream/log/fields/ecs.yml @@ -51,7 +51,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/activemq/data_stream/log/fields/package-fields.yml b/packages/activemq/data_stream/log/fields/package-fields.yml index 7c7fdc96c7d..344e5296469 100644 --- a/packages/activemq/data_stream/log/fields/package-fields.yml +++ b/packages/activemq/data_stream/log/fields/package-fields.yml @@ -1,5 +1,4 @@ - name: activemq - group: 2 type: group fields: - name: caller diff --git a/packages/activemq/data_stream/queue/fields/ecs.yml b/packages/activemq/data_stream/queue/fields/ecs.yml index 12993b02683..0d6967a91ca 100644 --- a/packages/activemq/data_stream/queue/fields/ecs.yml +++ b/packages/activemq/data_stream/queue/fields/ecs.yml @@ -51,7 +51,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/activemq/data_stream/queue/fields/fields.yml b/packages/activemq/data_stream/queue/fields/fields.yml index 3789682dcb6..2aa03e2ef0e 100644 --- a/packages/activemq/data_stream/queue/fields/fields.yml +++ b/packages/activemq/data_stream/queue/fields/fields.yml @@ -1,6 +1,5 @@ - name: activemq.queue type: group - release: beta fields: - name: mbean type: keyword @@ -49,15 +48,12 @@ type: long description: Number of producers attached to this destination. - name: service - title: Service - group: 2 description: 'The service fields describe the service for or from which the data was collected. These fields help you find and correlate logs for a specific service and version.' type: group fields: - name: type - level: core type: keyword ignore_above: 1024 description: 'The type of the service data is collected from. @@ -66,7 +62,6 @@ Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`.' - name: address - level: core type: keyword ignore_above: 1024 description: 'The type of the service data is collected from. diff --git a/packages/activemq/data_stream/topic/fields/ecs.yml b/packages/activemq/data_stream/topic/fields/ecs.yml index 12993b02683..0d6967a91ca 100644 --- a/packages/activemq/data_stream/topic/fields/ecs.yml +++ b/packages/activemq/data_stream/topic/fields/ecs.yml @@ -51,7 +51,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/activemq/data_stream/topic/fields/fields.yml b/packages/activemq/data_stream/topic/fields/fields.yml index 1e8023d1477..23048b30439 100644 --- a/packages/activemq/data_stream/topic/fields/fields.yml +++ b/packages/activemq/data_stream/topic/fields/fields.yml @@ -1,6 +1,5 @@ - name: activemq.topic type: group - release: beta fields: - name: mbean type: keyword @@ -46,15 +45,12 @@ type: long description: Number of producers attached to this destination. - name: service - title: Service - group: 2 description: 'The service fields describe the service for or from which the data was collected. These fields help you find and correlate logs for a specific service and version.' type: group fields: - name: type - level: core type: keyword ignore_above: 1024 description: 'The type of the service data is collected from. @@ -63,7 +59,6 @@ Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`.' - name: address - level: core type: keyword ignore_above: 1024 description: 'The type of the service data is collected from. diff --git a/packages/activemq/manifest.yml b/packages/activemq/manifest.yml index fb6a8b36dd9..6bc609f4e42 100644 --- a/packages/activemq/manifest.yml +++ b/packages/activemq/manifest.yml @@ -1,6 +1,6 @@ name: activemq title: ActiveMQ -version: 0.3.1 +version: "0.3.2" release: beta description: Collect logs and metrics from ActiveMQ instances with Elastic Agent. type: integration diff --git a/packages/akamai/changelog.yml b/packages/akamai/changelog.yml index 7e480c35bc8..35448bc28cc 100644 --- a/packages/akamai/changelog.yml +++ b/packages/akamai/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/akamai/data_stream/siem/fields/agent.yml b/packages/akamai/data_stream/siem/fields/agent.yml index 4d9a6f7b362..d71780611d2 100644 --- a/packages/akamai/data_stream/siem/fields/agent.yml +++ b/packages/akamai/data_stream/siem/fields/agent.yml @@ -1,35 +1,26 @@ - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -38,58 +29,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -102,13 +78,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/akamai/data_stream/siem/fields/ecs.yml b/packages/akamai/data_stream/siem/fields/ecs.yml index 22e38558e07..98cd1733450 100644 --- a/packages/akamai/data_stream/siem/fields/ecs.yml +++ b/packages/akamai/data_stream/siem/fields/ecs.yml @@ -18,7 +18,6 @@ external: ecs - name: client.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: client.geo.region_name external: ecs @@ -74,7 +73,6 @@ external: ecs - name: source.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: source.geo.name external: ecs diff --git a/packages/akamai/data_stream/siem/fields/fields.yml b/packages/akamai/data_stream/siem/fields/fields.yml index faa4f435cbe..9dd1d47d3ab 100644 --- a/packages/akamai/data_stream/siem/fields/fields.yml +++ b/packages/akamai/data_stream/siem/fields/fields.yml @@ -1,7 +1,5 @@ - name: akamai.siem type: group - release: beta - default_field: false description: > Fields for Akamai SIEM Logs diff --git a/packages/akamai/manifest.yml b/packages/akamai/manifest.yml index a27c881a629..9cecde18b6d 100644 --- a/packages/akamai/manifest.yml +++ b/packages/akamai/manifest.yml @@ -1,6 +1,6 @@ name: akamai title: Akamai -version: 0.2.0 +version: "0.2.1" release: beta description: Akamai Integration type: integration diff --git a/packages/apache/changelog.yml b/packages/apache/changelog.yml index 983c07ea651..35e119ed1dc 100644 --- a/packages/apache/changelog.yml +++ b/packages/apache/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.7" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.6" changes: - description: Add documentation for multi-fields diff --git a/packages/apache/data_stream/access/fields/agent.yml b/packages/apache/data_stream/access/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/apache/data_stream/access/fields/agent.yml +++ b/packages/apache/data_stream/access/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/apache/data_stream/access/fields/ecs.yml b/packages/apache/data_stream/access/fields/ecs.yml index 12993b02683..0d6967a91ca 100644 --- a/packages/apache/data_stream/access/fields/ecs.yml +++ b/packages/apache/data_stream/access/fields/ecs.yml @@ -51,7 +51,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/apache/data_stream/error/fields/agent.yml b/packages/apache/data_stream/error/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/apache/data_stream/error/fields/agent.yml +++ b/packages/apache/data_stream/error/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/apache/data_stream/error/fields/base-fields.yml b/packages/apache/data_stream/error/fields/base-fields.yml index e134277b8e1..ad2efcc6187 100644 --- a/packages/apache/data_stream/error/fields/base-fields.yml +++ b/packages/apache/data_stream/error/fields/base-fields.yml @@ -12,7 +12,6 @@ description: Event timestamp. - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword - name: event.module diff --git a/packages/apache/data_stream/error/fields/ecs.yml b/packages/apache/data_stream/error/fields/ecs.yml index 0a88a11039a..b35f372f64b 100644 --- a/packages/apache/data_stream/error/fields/ecs.yml +++ b/packages/apache/data_stream/error/fields/ecs.yml @@ -47,7 +47,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/apache/data_stream/status/fields/agent.yml b/packages/apache/data_stream/status/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/apache/data_stream/status/fields/agent.yml +++ b/packages/apache/data_stream/status/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/apache/manifest.yml b/packages/apache/manifest.yml index 93064b72ce1..98656c12f1d 100644 --- a/packages/apache/manifest.yml +++ b/packages/apache/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: apache title: Apache HTTP Server -version: 1.3.6 +version: "1.3.7" license: basic description: Collect logs and metrics from Apache servers with Elastic Agent. type: integration diff --git a/packages/atlassian_bitbucket/changelog.yml b/packages/atlassian_bitbucket/changelog.yml index b19d60a2d96..a52f4e17588 100644 --- a/packages/atlassian_bitbucket/changelog.yml +++ b/packages/atlassian_bitbucket/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.2.1" changes: - description: Update Readme diff --git a/packages/atlassian_bitbucket/data_stream/audit/fields/agent.yml b/packages/atlassian_bitbucket/data_stream/audit/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/fields/agent.yml +++ b/packages/atlassian_bitbucket/data_stream/audit/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/atlassian_bitbucket/data_stream/audit/fields/ecs.yml b/packages/atlassian_bitbucket/data_stream/audit/fields/ecs.yml index 24fa8e21c73..8f0a3cc9d25 100644 --- a/packages/atlassian_bitbucket/data_stream/audit/fields/ecs.yml +++ b/packages/atlassian_bitbucket/data_stream/audit/fields/ecs.yml @@ -48,7 +48,6 @@ external: ecs - name: source.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: source.geo.name external: ecs diff --git a/packages/atlassian_bitbucket/manifest.yml b/packages/atlassian_bitbucket/manifest.yml index 5e743b0222b..adbac288ee0 100644 --- a/packages/atlassian_bitbucket/manifest.yml +++ b/packages/atlassian_bitbucket/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_bitbucket title: Atlassian Bitbucket -version: 1.2.1 +version: "1.2.2" license: basic description: Collect logs from Atlassian Bitbucket with Elastic Agent. type: integration diff --git a/packages/atlassian_confluence/changelog.yml b/packages/atlassian_confluence/changelog.yml index ba233dd023d..faea6395deb 100644 --- a/packages/atlassian_confluence/changelog.yml +++ b/packages/atlassian_confluence/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.0" changes: - description: Add support for Atlassian Confluence Cloud diff --git a/packages/atlassian_confluence/data_stream/audit/fields/agent.yml b/packages/atlassian_confluence/data_stream/audit/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/atlassian_confluence/data_stream/audit/fields/agent.yml +++ b/packages/atlassian_confluence/data_stream/audit/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml b/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml index d6ed36b3782..ad7092d2bdd 100644 --- a/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml +++ b/packages/atlassian_confluence/data_stream/audit/fields/ecs.yml @@ -47,7 +47,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' name: source.geo.location type: geo_point - external: ecs diff --git a/packages/atlassian_confluence/manifest.yml b/packages/atlassian_confluence/manifest.yml index 376a218f08e..689d9fa246d 100644 --- a/packages/atlassian_confluence/manifest.yml +++ b/packages/atlassian_confluence/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_confluence title: Atlassian Confluence -version: 1.3.0 +version: "1.3.1" license: basic description: Collect logs from Atlassian Confluence with Elastic Agent. type: integration diff --git a/packages/atlassian_jira/changelog.yml b/packages/atlassian_jira/changelog.yml index 395bf8bd937..8a72ff57479 100644 --- a/packages/atlassian_jira/changelog.yml +++ b/packages/atlassian_jira/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.0" changes: - description: Add support for Atlassian JIRA Cloud diff --git a/packages/atlassian_jira/data_stream/audit/fields/agent.yml b/packages/atlassian_jira/data_stream/audit/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/atlassian_jira/data_stream/audit/fields/agent.yml +++ b/packages/atlassian_jira/data_stream/audit/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/atlassian_jira/data_stream/audit/fields/ecs.yml b/packages/atlassian_jira/data_stream/audit/fields/ecs.yml index 090b9906d9a..247f94e7a4f 100644 --- a/packages/atlassian_jira/data_stream/audit/fields/ecs.yml +++ b/packages/atlassian_jira/data_stream/audit/fields/ecs.yml @@ -49,7 +49,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' name: source.geo.location type: geo_point - external: ecs diff --git a/packages/atlassian_jira/manifest.yml b/packages/atlassian_jira/manifest.yml index af448c32b26..5c71562e1b9 100644 --- a/packages/atlassian_jira/manifest.yml +++ b/packages/atlassian_jira/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: atlassian_jira title: Atlassian Jira -version: 1.3.0 +version: "1.3.1" license: basic description: Collect logs from Atlassian Jira with Elastic Agent. type: integration diff --git a/packages/auditd/changelog.yml b/packages/auditd/changelog.yml index 323c317ee68..bb37ee426ab 100644 --- a/packages/auditd/changelog.yml +++ b/packages/auditd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.0.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "3.0.0" changes: - description: Migrate map visualisation from tile_map to map object diff --git a/packages/auditd/data_stream/log/fields/agent.yml b/packages/auditd/data_stream/log/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/auditd/data_stream/log/fields/agent.yml +++ b/packages/auditd/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/auditd/data_stream/log/fields/base-fields.yml b/packages/auditd/data_stream/log/fields/base-fields.yml index 5e4ff67d8d5..c2869e96e61 100644 --- a/packages/auditd/data_stream/log/fields/base-fields.yml +++ b/packages/auditd/data_stream/log/fields/base-fields.yml @@ -20,6 +20,5 @@ description: Event timestamp. - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/auditd/data_stream/log/fields/ecs.yml b/packages/auditd/data_stream/log/fields/ecs.yml index 8337d204ca3..5e27fe86f59 100644 --- a/packages/auditd/data_stream/log/fields/ecs.yml +++ b/packages/auditd/data_stream/log/fields/ecs.yml @@ -57,7 +57,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/auditd/data_stream/log/fields/fields.yml b/packages/auditd/data_stream/log/fields/fields.yml index 90ad2435aea..4d3ec66ab0d 100644 --- a/packages/auditd/data_stream/log/fields/fields.yml +++ b/packages/auditd/data_stream/log/fields/fields.yml @@ -1,6 +1,5 @@ - name: auditd.log type: group - default_field: false fields: - name: old_auid type: keyword diff --git a/packages/auditd/manifest.yml b/packages/auditd/manifest.yml index 350a8b97f75..fd8f004971c 100644 --- a/packages/auditd/manifest.yml +++ b/packages/auditd/manifest.yml @@ -1,6 +1,6 @@ name: auditd title: Auditd -version: 3.0.0 +version: "3.0.1" release: ga description: Collect logs from Linux audit daemon with Elastic Agent. type: integration diff --git a/packages/auth0/changelog.yml b/packages/auth0/changelog.yml index ca8bbeb8d5e..07c552c5475 100644 --- a/packages/auth0/changelog.yml +++ b/packages/auth0/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.5" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.1.4" changes: - description: Update Readme diff --git a/packages/auth0/data_stream/logs/fields/ecs.yml b/packages/auth0/data_stream/logs/fields/ecs.yml index ecab2d6290e..ad61d183f56 100644 --- a/packages/auth0/data_stream/logs/fields/ecs.yml +++ b/packages/auth0/data_stream/logs/fields/ecs.yml @@ -95,7 +95,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/auth0/manifest.yml b/packages/auth0/manifest.yml index eaa580219cb..02721e04444 100644 --- a/packages/auth0/manifest.yml +++ b/packages/auth0/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: auth0 title: "Auth0 Log Streams Integration" -version: 0.1.4 +version: "0.1.5" license: basic description: Collect logs from Auth0 with Elastic Agent. type: integration diff --git a/packages/aws/changelog.yml b/packages/aws/changelog.yml index 6ebc84ac745..22e7fdb5c8c 100644 --- a/packages/aws/changelog.yml +++ b/packages/aws/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.14.7" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.14.6" changes: - description: Improve s3 integration tile title and description diff --git a/packages/aws/data_stream/billing/fields/agent.yml b/packages/aws/data_stream/billing/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/billing/fields/agent.yml +++ b/packages/aws/data_stream/billing/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/cloudfront_logs/fields/agent.yml b/packages/aws/data_stream/cloudfront_logs/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/cloudfront_logs/fields/agent.yml +++ b/packages/aws/data_stream/cloudfront_logs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/cloudfront_logs/fields/ecs.yml b/packages/aws/data_stream/cloudfront_logs/fields/ecs.yml index faaecc7f4ab..2680c9a8d0b 100644 --- a/packages/aws/data_stream/cloudfront_logs/fields/ecs.yml +++ b/packages/aws/data_stream/cloudfront_logs/fields/ecs.yml @@ -53,7 +53,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/aws/data_stream/cloudtrail/fields/agent.yml b/packages/aws/data_stream/cloudtrail/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/cloudtrail/fields/agent.yml +++ b/packages/aws/data_stream/cloudtrail/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/cloudtrail/fields/ecs.yml b/packages/aws/data_stream/cloudtrail/fields/ecs.yml index f420f22b6bf..7f637ad5069 100644 --- a/packages/aws/data_stream/cloudtrail/fields/ecs.yml +++ b/packages/aws/data_stream/cloudtrail/fields/ecs.yml @@ -53,7 +53,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/aws/data_stream/cloudtrail/fields/fields.yml b/packages/aws/data_stream/cloudtrail/fields/fields.yml index 5b59153c9bf..07e50e023fe 100644 --- a/packages/aws/data_stream/cloudtrail/fields/fields.yml +++ b/packages/aws/data_stream/cloudtrail/fields/fields.yml @@ -65,21 +65,18 @@ multi_fields: - name: text type: text - default_field: false - name: response_elements type: keyword description: The response element for actions that make changes (create, update, or delete actions). multi_fields: - name: text type: text - default_field: false - name: additional_eventdata type: keyword description: Additional data about the event that was not part of the request or response. multi_fields: - name: text type: text - default_field: false - name: request_id type: keyword description: The value that identifies the request. The service being called generates this value. @@ -116,7 +113,6 @@ multi_fields: - name: text type: text - default_field: false - name: shared_event_id type: keyword description: GUID generated by CloudTrail to uniquely identify CloudTrail events from the same AWS action that is sent to different AWS accounts. diff --git a/packages/aws/data_stream/cloudwatch_logs/fields/agent.yml b/packages/aws/data_stream/cloudwatch_logs/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/cloudwatch_logs/fields/agent.yml +++ b/packages/aws/data_stream/cloudwatch_logs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/cloudwatch_metrics/fields/agent.yml b/packages/aws/data_stream/cloudwatch_metrics/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/cloudwatch_metrics/fields/agent.yml +++ b/packages/aws/data_stream/cloudwatch_metrics/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/dynamodb/fields/agent.yml b/packages/aws/data_stream/dynamodb/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/dynamodb/fields/agent.yml +++ b/packages/aws/data_stream/dynamodb/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/ebs/fields/agent.yml b/packages/aws/data_stream/ebs/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/ebs/fields/agent.yml +++ b/packages/aws/data_stream/ebs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/ec2_logs/fields/agent.yml b/packages/aws/data_stream/ec2_logs/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/ec2_logs/fields/agent.yml +++ b/packages/aws/data_stream/ec2_logs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/ec2_metrics/fields/agent.yml b/packages/aws/data_stream/ec2_metrics/fields/agent.yml index 8603c3c91e2..9d98af3acaf 100644 --- a/packages/aws/data_stream/ec2_metrics/fields/agent.yml +++ b/packages/aws/data_stream/ec2_metrics/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/elb_logs/fields/agent.yml b/packages/aws/data_stream/elb_logs/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/elb_logs/fields/agent.yml +++ b/packages/aws/data_stream/elb_logs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/elb_metrics/fields/agent.yml b/packages/aws/data_stream/elb_metrics/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/elb_metrics/fields/agent.yml +++ b/packages/aws/data_stream/elb_metrics/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/firewall_logs/fields/agent.yml b/packages/aws/data_stream/firewall_logs/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/firewall_logs/fields/agent.yml +++ b/packages/aws/data_stream/firewall_logs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/firewall_logs/fields/ecs.yml b/packages/aws/data_stream/firewall_logs/fields/ecs.yml index 088aa25c03f..11d3029c99e 100644 --- a/packages/aws/data_stream/firewall_logs/fields/ecs.yml +++ b/packages/aws/data_stream/firewall_logs/fields/ecs.yml @@ -41,7 +41,6 @@ - external: ecs name: destination.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - external: ecs name: destination.geo.name @@ -106,7 +105,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/aws/data_stream/firewall_metrics/fields/agent.yml b/packages/aws/data_stream/firewall_metrics/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/firewall_metrics/fields/agent.yml +++ b/packages/aws/data_stream/firewall_metrics/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/lambda/fields/agent.yml b/packages/aws/data_stream/lambda/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/lambda/fields/agent.yml +++ b/packages/aws/data_stream/lambda/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/natgateway/fields/agent.yml b/packages/aws/data_stream/natgateway/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/natgateway/fields/agent.yml +++ b/packages/aws/data_stream/natgateway/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/rds/fields/agent.yml b/packages/aws/data_stream/rds/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/rds/fields/agent.yml +++ b/packages/aws/data_stream/rds/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/route53_public_logs/fields/agent.yml b/packages/aws/data_stream/route53_public_logs/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/route53_public_logs/fields/agent.yml +++ b/packages/aws/data_stream/route53_public_logs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/route53_resolver_logs/fields/agent.yml b/packages/aws/data_stream/route53_resolver_logs/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/route53_resolver_logs/fields/agent.yml +++ b/packages/aws/data_stream/route53_resolver_logs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/s3_daily_storage/fields/agent.yml b/packages/aws/data_stream/s3_daily_storage/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/s3_daily_storage/fields/agent.yml +++ b/packages/aws/data_stream/s3_daily_storage/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/s3_request/fields/agent.yml b/packages/aws/data_stream/s3_request/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/s3_request/fields/agent.yml +++ b/packages/aws/data_stream/s3_request/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/s3_storage_lens/fields/agent.yml b/packages/aws/data_stream/s3_storage_lens/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/s3_storage_lens/fields/agent.yml +++ b/packages/aws/data_stream/s3_storage_lens/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/s3_storage_lens/fields/fields.yml b/packages/aws/data_stream/s3_storage_lens/fields/fields.yml index d1230dcc540..d395b1c267b 100644 --- a/packages/aws/data_stream/s3_storage_lens/fields/fields.yml +++ b/packages/aws/data_stream/s3_storage_lens/fields/fields.yml @@ -1,6 +1,5 @@ - name: aws type: group - release: experimental fields: - name: s3_storage_lens type: group diff --git a/packages/aws/data_stream/s3access/fields/agent.yml b/packages/aws/data_stream/s3access/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/s3access/fields/agent.yml +++ b/packages/aws/data_stream/s3access/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/s3access/fields/ecs.yml b/packages/aws/data_stream/s3access/fields/ecs.yml index ce6a6aac98b..011964939e4 100644 --- a/packages/aws/data_stream/s3access/fields/ecs.yml +++ b/packages/aws/data_stream/s3access/fields/ecs.yml @@ -31,7 +31,6 @@ - external: ecs name: geo.country_name - description: Longitude and latitude. - level: core name: geo.location type: geo_point - external: ecs diff --git a/packages/aws/data_stream/sns/fields/agent.yml b/packages/aws/data_stream/sns/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/sns/fields/agent.yml +++ b/packages/aws/data_stream/sns/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/sqs/fields/agent.yml b/packages/aws/data_stream/sqs/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/sqs/fields/agent.yml +++ b/packages/aws/data_stream/sqs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/transitgateway/fields/agent.yml b/packages/aws/data_stream/transitgateway/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/transitgateway/fields/agent.yml +++ b/packages/aws/data_stream/transitgateway/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/usage/fields/agent.yml b/packages/aws/data_stream/usage/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/usage/fields/agent.yml +++ b/packages/aws/data_stream/usage/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/vpcflow/fields/agent.yml b/packages/aws/data_stream/vpcflow/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/vpcflow/fields/agent.yml +++ b/packages/aws/data_stream/vpcflow/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/vpn/fields/agent.yml b/packages/aws/data_stream/vpn/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/vpn/fields/agent.yml +++ b/packages/aws/data_stream/vpn/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/waf/fields/agent.yml b/packages/aws/data_stream/waf/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws/data_stream/waf/fields/agent.yml +++ b/packages/aws/data_stream/waf/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws/data_stream/waf/fields/ecs.yml b/packages/aws/data_stream/waf/fields/ecs.yml index cf3ab8d9b70..3a05f020ca5 100644 --- a/packages/aws/data_stream/waf/fields/ecs.yml +++ b/packages/aws/data_stream/waf/fields/ecs.yml @@ -43,7 +43,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index 2b2f0861fb2..7b9234bd485 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: aws title: AWS -version: 1.14.6 +version: "1.14.7" license: basic description: Collect logs and metrics from Amazon Web Services with Elastic Agent. type: integration diff --git a/packages/aws_logs/changelog.yml b/packages/aws_logs/changelog.yml index 91a6c39c852..88098ed9e5b 100644 --- a/packages/aws_logs/changelog.yml +++ b/packages/aws_logs/changelog.yml @@ -1,3 +1,8 @@ +- version: "0.2.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.2.1" changes: - description: Add kibana version constraint diff --git a/packages/aws_logs/data_stream/generic/fields/agent.yml b/packages/aws_logs/data_stream/generic/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/aws_logs/data_stream/generic/fields/agent.yml +++ b/packages/aws_logs/data_stream/generic/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/aws_logs/manifest.yml b/packages/aws_logs/manifest.yml index 19481c4507d..df13ae54baf 100644 --- a/packages/aws_logs/manifest.yml +++ b/packages/aws_logs/manifest.yml @@ -3,7 +3,7 @@ name: aws_logs title: Custom AWS Logs description: Collect raw logs from AWS S3 or CloudWatch with Elastic Agent. type: integration -version: 0.2.1 +version: "0.2.2" release: beta license: basic categories: diff --git a/packages/awsfargate/changelog.yml b/packages/awsfargate/changelog.yml index 9a85746c8d5..1e57c26bc35 100644 --- a/packages/awsfargate/changelog.yml +++ b/packages/awsfargate/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: 0.1.1 changes: - description: Improve description and screenshots diff --git a/packages/awsfargate/data_stream/task_stats/fields/fields.yml b/packages/awsfargate/data_stream/task_stats/fields/fields.yml index 2e9525eeadd..c7f2db0cd7d 100644 --- a/packages/awsfargate/data_stream/task_stats/fields/fields.yml +++ b/packages/awsfargate/data_stream/task_stats/fields/fields.yml @@ -1,6 +1,5 @@ - name: awsfargate.task_stats type: group - release: beta fields: - name: cluster_name type: keyword diff --git a/packages/awsfargate/manifest.yml b/packages/awsfargate/manifest.yml index 514057fa480..b13924156b6 100644 --- a/packages/awsfargate/manifest.yml +++ b/packages/awsfargate/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: awsfargate title: AWS Fargate -version: 0.1.1 +version: "0.1.2" license: basic description: Collects metrics from containers and tasks running on Amazon ECS clusters with Elastic Agent. type: integration diff --git a/packages/azure/changelog.yml b/packages/azure/changelog.yml index 7c168420baf..615704706d0 100644 --- a/packages/azure/changelog.yml +++ b/packages/azure/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.1.8" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.1.7" changes: - description: Add geo.name and result_description fields in platformlogs diff --git a/packages/azure/data_stream/auditlogs/fields/fields.yml b/packages/azure/data_stream/auditlogs/fields/fields.yml index 01ff78727da..2b7a11cc71e 100644 --- a/packages/azure/data_stream/auditlogs/fields/fields.yml +++ b/packages/azure/data_stream/auditlogs/fields/fields.yml @@ -148,7 +148,7 @@ ip Address - name: additional_details type: group - field: + fields: - name: user_agent type: keyword description: User agent name. diff --git a/packages/azure/docs/README.md b/packages/azure/docs/README.md index 081d67dc4d1..59220cae70d 100644 --- a/packages/azure/docs/README.md +++ b/packages/azure/docs/README.md @@ -544,6 +544,7 @@ An example event for `auditlogs` looks as following: | azure.auditlogs.operation_version | The operation version | keyword | | azure.auditlogs.properties.activity_datetime | Activity timestamp | date | | azure.auditlogs.properties.activity_display_name | Activity display name | keyword | +| azure.auditlogs.properties.additional_details.user_agent | User agent name. | keyword | | azure.auditlogs.properties.authentication_protocol | Authentication protocol type. | keyword | | azure.auditlogs.properties.category | category | keyword | | azure.auditlogs.properties.correlation_id | Correlation ID | keyword | diff --git a/packages/azure/docs/adlogs.md b/packages/azure/docs/adlogs.md index 55a0243b439..f65da43b3d3 100644 --- a/packages/azure/docs/adlogs.md +++ b/packages/azure/docs/adlogs.md @@ -121,6 +121,7 @@ An example event for `auditlogs` looks as following: | azure.auditlogs.operation_version | The operation version | keyword | | azure.auditlogs.properties.activity_datetime | Activity timestamp | date | | azure.auditlogs.properties.activity_display_name | Activity display name | keyword | +| azure.auditlogs.properties.additional_details.user_agent | User agent name. | keyword | | azure.auditlogs.properties.authentication_protocol | Authentication protocol type. | keyword | | azure.auditlogs.properties.category | category | keyword | | azure.auditlogs.properties.correlation_id | Correlation ID | keyword | diff --git a/packages/azure/manifest.yml b/packages/azure/manifest.yml index 63933a884a0..2a74b5e090d 100644 --- a/packages/azure/manifest.yml +++ b/packages/azure/manifest.yml @@ -1,6 +1,6 @@ name: azure title: Azure Logs -version: 1.1.7 +version: "1.1.8" release: ga description: This Elastic integration collects logs from Azure type: integration diff --git a/packages/azure_application_insights/changelog.yml b/packages/azure_application_insights/changelog.yml index ded5823991e..861b4ada2a9 100644 --- a/packages/azure_application_insights/changelog.yml +++ b/packages/azure_application_insights/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.0.3" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.0.2" changes: - description: Add documentation for multi-fields diff --git a/packages/azure_application_insights/data_stream/app_insights/fields/agent.yml b/packages/azure_application_insights/data_stream/app_insights/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/azure_application_insights/data_stream/app_insights/fields/agent.yml +++ b/packages/azure_application_insights/data_stream/app_insights/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/azure_application_insights/data_stream/app_state/fields/agent.yml b/packages/azure_application_insights/data_stream/app_state/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/azure_application_insights/data_stream/app_state/fields/agent.yml +++ b/packages/azure_application_insights/data_stream/app_state/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/azure_application_insights/manifest.yml b/packages/azure_application_insights/manifest.yml index ff1fd7c3a36..63fec674673 100644 --- a/packages/azure_application_insights/manifest.yml +++ b/packages/azure_application_insights/manifest.yml @@ -1,6 +1,6 @@ name: azure_application_insights title: Azure Application Insights Metrics Overview -version: 1.0.2 +version: "1.0.3" release: ga description: Collect application insights metrics from Azure Monitor with Elastic Agent. type: integration diff --git a/packages/azure_billing/changelog.yml b/packages/azure_billing/changelog.yml index cc853429fcc..2d4bc91d156 100644 --- a/packages/azure_billing/changelog.yml +++ b/packages/azure_billing/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.0.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.0.1" changes: - description: Remove beta release tag from data streams diff --git a/packages/azure_billing/data_stream/billing/fields/agent.yml b/packages/azure_billing/data_stream/billing/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/azure_billing/data_stream/billing/fields/agent.yml +++ b/packages/azure_billing/data_stream/billing/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/azure_billing/manifest.yml b/packages/azure_billing/manifest.yml index 84a725bf98c..20b4aa5d517 100644 --- a/packages/azure_billing/manifest.yml +++ b/packages/azure_billing/manifest.yml @@ -1,6 +1,6 @@ name: azure_billing title: Azure Billing Metrics -version: 1.0.1 +version: "1.0.2" release: ga description: Collect billing metrics with Elastic Agent. type: integration diff --git a/packages/azure_metrics/changelog.yml b/packages/azure_metrics/changelog.yml index 2bdd3883d1f..04c429c86af 100644 --- a/packages/azure_metrics/changelog.yml +++ b/packages/azure_metrics/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.0.4" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.0.3" changes: - description: Add documentation for multi-fields diff --git a/packages/azure_metrics/data_stream/compute_vm/fields/agent.yml b/packages/azure_metrics/data_stream/compute_vm/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/azure_metrics/data_stream/compute_vm/fields/agent.yml +++ b/packages/azure_metrics/data_stream/compute_vm/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/azure_metrics/data_stream/compute_vm_scaleset/fields/agent.yml b/packages/azure_metrics/data_stream/compute_vm_scaleset/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/azure_metrics/data_stream/compute_vm_scaleset/fields/agent.yml +++ b/packages/azure_metrics/data_stream/compute_vm_scaleset/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/azure_metrics/data_stream/container_instance/fields/agent.yml b/packages/azure_metrics/data_stream/container_instance/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/azure_metrics/data_stream/container_instance/fields/agent.yml +++ b/packages/azure_metrics/data_stream/container_instance/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/azure_metrics/data_stream/container_registry/fields/agent.yml b/packages/azure_metrics/data_stream/container_registry/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/azure_metrics/data_stream/container_registry/fields/agent.yml +++ b/packages/azure_metrics/data_stream/container_registry/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/azure_metrics/data_stream/container_service/fields/agent.yml b/packages/azure_metrics/data_stream/container_service/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/azure_metrics/data_stream/container_service/fields/agent.yml +++ b/packages/azure_metrics/data_stream/container_service/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/azure_metrics/data_stream/database_account/fields/agent.yml b/packages/azure_metrics/data_stream/database_account/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/azure_metrics/data_stream/database_account/fields/agent.yml +++ b/packages/azure_metrics/data_stream/database_account/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/azure_metrics/data_stream/monitor/fields/agent.yml b/packages/azure_metrics/data_stream/monitor/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/azure_metrics/data_stream/monitor/fields/agent.yml +++ b/packages/azure_metrics/data_stream/monitor/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/azure_metrics/data_stream/storage_account/fields/agent.yml b/packages/azure_metrics/data_stream/storage_account/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/azure_metrics/data_stream/storage_account/fields/agent.yml +++ b/packages/azure_metrics/data_stream/storage_account/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/azure_metrics/manifest.yml b/packages/azure_metrics/manifest.yml index 479d11dda6b..f468edbaf7b 100644 --- a/packages/azure_metrics/manifest.yml +++ b/packages/azure_metrics/manifest.yml @@ -1,6 +1,6 @@ name: azure_metrics title: Azure Resource Metrics -version: 1.0.3 +version: "1.0.4" release: ga description: Collect metrics from Azure resources with Elastic Agent. type: integration diff --git a/packages/barracuda/changelog.yml b/packages/barracuda/changelog.yml index 108d12d02cd..fdccb070a0a 100644 --- a/packages/barracuda/changelog.yml +++ b/packages/barracuda/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.9.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/barracuda/data_stream/spamfirewall/fields/base-fields.yml b/packages/barracuda/data_stream/spamfirewall/fields/base-fields.yml index ba1aef8ef59..27e286d1686 100644 --- a/packages/barracuda/data_stream/spamfirewall/fields/base-fields.yml +++ b/packages/barracuda/data_stream/spamfirewall/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/barracuda/data_stream/spamfirewall/fields/ecs.yml b/packages/barracuda/data_stream/spamfirewall/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/barracuda/data_stream/spamfirewall/fields/ecs.yml +++ b/packages/barracuda/data_stream/spamfirewall/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/barracuda/data_stream/waf/fields/base-fields.yml b/packages/barracuda/data_stream/waf/fields/base-fields.yml index 10f3201694a..c547814e9c0 100644 --- a/packages/barracuda/data_stream/waf/fields/base-fields.yml +++ b/packages/barracuda/data_stream/waf/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/barracuda/data_stream/waf/fields/ecs.yml b/packages/barracuda/data_stream/waf/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/barracuda/data_stream/waf/fields/ecs.yml +++ b/packages/barracuda/data_stream/waf/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/barracuda/manifest.yml b/packages/barracuda/manifest.yml index cd02944de3d..dcab2fef448 100644 --- a/packages/barracuda/manifest.yml +++ b/packages/barracuda/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: barracuda title: Barracuda Logs -version: 0.9.0 +version: "0.9.1" description: Collect spam and web application firewall logs from Barracuda devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/bluecoat/changelog.yml b/packages/bluecoat/changelog.yml index 5cffd4686b9..eb134c65419 100644 --- a/packages/bluecoat/changelog.yml +++ b/packages/bluecoat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/bluecoat/data_stream/director/fields/base-fields.yml b/packages/bluecoat/data_stream/director/fields/base-fields.yml index 6a87280d3db..82ac8d534c6 100644 --- a/packages/bluecoat/data_stream/director/fields/base-fields.yml +++ b/packages/bluecoat/data_stream/director/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/bluecoat/data_stream/director/fields/ecs.yml b/packages/bluecoat/data_stream/director/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/bluecoat/data_stream/director/fields/ecs.yml +++ b/packages/bluecoat/data_stream/director/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/bluecoat/manifest.yml b/packages/bluecoat/manifest.yml index 0b4d290b782..7cb06527a58 100644 --- a/packages/bluecoat/manifest.yml +++ b/packages/bluecoat/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: bluecoat title: Blue Coat Director Logs -version: 0.8.0 +version: "0.8.1" description: Collect director logs from Blue Coat devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/carbon_black_cloud/changelog.yml b/packages/carbon_black_cloud/changelog.yml index 09a13ff16f6..68dee479fed 100644 --- a/packages/carbon_black_cloud/changelog.yml +++ b/packages/carbon_black_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.3" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: 0.1.2 changes: - description: Add "VMware" to the title to make it "VMware Carbon Black Cloud". diff --git a/packages/carbon_black_cloud/data_stream/alert/fields/agent.yml b/packages/carbon_black_cloud/data_stream/alert/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/carbon_black_cloud/data_stream/alert/fields/agent.yml +++ b/packages/carbon_black_cloud/data_stream/alert/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/fields/agent.yml b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/fields/agent.yml +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/carbon_black_cloud/data_stream/audit/fields/agent.yml b/packages/carbon_black_cloud/data_stream/audit/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/carbon_black_cloud/data_stream/audit/fields/agent.yml +++ b/packages/carbon_black_cloud/data_stream/audit/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/fields/agent.yml b/packages/carbon_black_cloud/data_stream/endpoint_event/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/fields/agent.yml +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/fields/agent.yml b/packages/carbon_black_cloud/data_stream/watchlist_hit/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/fields/agent.yml +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/carbon_black_cloud/manifest.yml b/packages/carbon_black_cloud/manifest.yml index cf7b9caef6d..b12c7847f98 100644 --- a/packages/carbon_black_cloud/manifest.yml +++ b/packages/carbon_black_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: carbon_black_cloud title: VMware Carbon Black Cloud -version: 0.1.2 +version: "0.1.3" license: basic description: Collect logs from VMWare Carbon Black Cloud with Elastic Agent. type: integration diff --git a/packages/carbonblack_edr/changelog.yml b/packages/carbonblack_edr/changelog.yml index dd47def024a..585e4824f27 100644 --- a/packages/carbonblack_edr/changelog.yml +++ b/packages/carbonblack_edr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/carbonblack_edr/data_stream/log/fields/agent.yml b/packages/carbonblack_edr/data_stream/log/fields/agent.yml index 4d9a6f7b362..d71780611d2 100644 --- a/packages/carbonblack_edr/data_stream/log/fields/agent.yml +++ b/packages/carbonblack_edr/data_stream/log/fields/agent.yml @@ -1,35 +1,26 @@ - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -38,58 +29,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -102,13 +78,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/carbonblack_edr/data_stream/log/fields/fields.yml b/packages/carbonblack_edr/data_stream/log/fields/fields.yml index dfe35699bf3..776ded3f031 100644 --- a/packages/carbonblack_edr/data_stream/log/fields/fields.yml +++ b/packages/carbonblack_edr/data_stream/log/fields/fields.yml @@ -1,6 +1,5 @@ - name: carbonblack.edr type: group - release: experimental description: > Fields for VMware Carbon Black EDR Logs diff --git a/packages/carbonblack_edr/manifest.yml b/packages/carbonblack_edr/manifest.yml index 07261a6ae97..c1d1ddf6c1c 100644 --- a/packages/carbonblack_edr/manifest.yml +++ b/packages/carbonblack_edr/manifest.yml @@ -1,6 +1,6 @@ name: carbonblack_edr title: VMware Carbon Black EDR -version: 1.2.0 +version: "1.2.1" release: ga description: Collect logs from VMware Carbon Black EDR with Elastic Agent. type: integration diff --git a/packages/cassandra/changelog.yml b/packages/cassandra/changelog.yml index 439f7d6a778..e1d1ac037b8 100644 --- a/packages/cassandra/changelog.yml +++ b/packages/cassandra/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.2.3" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.2.2" changes: - description: Fix typo in config template for ignoring host enrichment diff --git a/packages/cassandra/data_stream/metrics/fields/ecs.yml b/packages/cassandra/data_stream/metrics/fields/ecs.yml index ada632fe019..e8337d47ac1 100644 --- a/packages/cassandra/data_stream/metrics/fields/ecs.yml +++ b/packages/cassandra/data_stream/metrics/fields/ecs.yml @@ -55,7 +55,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cassandra/data_stream/metrics/fields/fields.yml b/packages/cassandra/data_stream/metrics/fields/fields.yml index 9deb596f458..1180a73ecc1 100644 --- a/packages/cassandra/data_stream/metrics/fields/fields.yml +++ b/packages/cassandra/data_stream/metrics/fields/fields.yml @@ -1,6 +1,5 @@ - name: cassandra.metrics type: group - release: beta fields: - name: system type: group diff --git a/packages/cassandra/manifest.yml b/packages/cassandra/manifest.yml index 565a014c7c3..dcf947ba270 100644 --- a/packages/cassandra/manifest.yml +++ b/packages/cassandra/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cassandra title: "Cassandra" -version: 1.2.2 +version: "1.2.3" license: basic description: "This Elastic integration collects logs and metrics from cassandra." type: integration diff --git a/packages/cef/changelog.yml b/packages/cef/changelog.yml index 149937471db..42d33085584 100644 --- a/packages/cef/changelog.yml +++ b/packages/cef/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.5.0" changes: - description: Update to ECS 8.2 by modifying Check Point events to use the new email field set. diff --git a/packages/cef/data_stream/log/fields/agent.yml b/packages/cef/data_stream/log/fields/agent.yml index d03a5f0211b..3214b6d7b09 100644 --- a/packages/cef/data_stream/log/fields/agent.yml +++ b/packages/cef/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cef/data_stream/log/fields/ecs.yml b/packages/cef/data_stream/log/fields/ecs.yml index fdb241ae3b6..70a359c3ee2 100644 --- a/packages/cef/data_stream/log/fields/ecs.yml +++ b/packages/cef/data_stream/log/fields/ecs.yml @@ -15,7 +15,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -127,7 +126,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cef/manifest.yml b/packages/cef/manifest.yml index b1f905ebeb8..7581baebab0 100644 --- a/packages/cef/manifest.yml +++ b/packages/cef/manifest.yml @@ -1,6 +1,6 @@ name: cef title: CEF Logs -version: 1.5.0 +version: "1.5.1" release: ga description: Collect logs from CEF Logs with Elastic Agent. type: integration diff --git a/packages/checkpoint/changelog.yml b/packages/checkpoint/changelog.yml index 0fd3d7b88f8..ef458af4271 100644 --- a/packages/checkpoint/changelog.yml +++ b/packages/checkpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.4.0" changes: - description: Update to ECS 8.2 to use new email field set. diff --git a/packages/checkpoint/data_stream/firewall/fields/agent.yml b/packages/checkpoint/data_stream/firewall/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/checkpoint/data_stream/firewall/fields/agent.yml +++ b/packages/checkpoint/data_stream/firewall/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/checkpoint/data_stream/firewall/fields/ecs.yml b/packages/checkpoint/data_stream/firewall/fields/ecs.yml index e221630afd4..024e0683177 100644 --- a/packages/checkpoint/data_stream/firewall/fields/ecs.yml +++ b/packages/checkpoint/data_stream/firewall/fields/ecs.yml @@ -17,7 +17,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -209,7 +208,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/checkpoint/data_stream/firewall/fields/fields.yml b/packages/checkpoint/data_stream/firewall/fields/fields.yml index a389420a0c4..b393f1743fb 100644 --- a/packages/checkpoint/data_stream/firewall/fields/fields.yml +++ b/packages/checkpoint/data_stream/firewall/fields/fields.yml @@ -1,6 +1,5 @@ - name: checkpoint type: group - release: beta fields: - name: action_reason type: integer @@ -8,7 +7,6 @@ Connection drop reason. - name: action_reason_msg type: keyword - overwrite: true description: | Connection drop reason message. - name: additional_info diff --git a/packages/checkpoint/manifest.yml b/packages/checkpoint/manifest.yml index 766e415b698..d6c67e4eb06 100644 --- a/packages/checkpoint/manifest.yml +++ b/packages/checkpoint/manifest.yml @@ -1,6 +1,6 @@ name: checkpoint title: Check Point -version: 1.4.0 +version: "1.4.1" release: ga description: Collect logs from Check Point with Elastic Agent. type: integration diff --git a/packages/cisco/changelog.yml b/packages/cisco/changelog.yml index 25aa36491a9..e098a78b4e3 100644 --- a/packages/cisco/changelog.yml +++ b/packages/cisco/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.13.3" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.13.2" changes: - description: Make fields agree with ECS diff --git a/packages/cisco/data_stream/asa/fields/agent.yml b/packages/cisco/data_stream/asa/fields/agent.yml index d38a70bd6b3..efcdeb30806 100644 --- a/packages/cisco/data_stream/asa/fields/agent.yml +++ b/packages/cisco/data_stream/asa/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco/data_stream/asa/fields/ecs.yml b/packages/cisco/data_stream/asa/fields/ecs.yml index 26c8e662c42..a040a2b562f 100644 --- a/packages/cisco/data_stream/asa/fields/ecs.yml +++ b/packages/cisco/data_stream/asa/fields/ecs.yml @@ -21,7 +21,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -149,7 +148,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cisco/data_stream/asa/fields/fields.yml b/packages/cisco/data_stream/asa/fields/fields.yml index 232f2e3f45d..15f2735bf63 100644 --- a/packages/cisco/data_stream/asa/fields/fields.yml +++ b/packages/cisco/data_stream/asa/fields/fields.yml @@ -98,67 +98,56 @@ - name: mapped_source_host type: keyword - name: command_line_arguments - default_field: false type: keyword description: > The command line arguments logged by the local audit log - name: assigned_ip - default_field: false type: ip description: > The IP address assigned to a VPN client successfully connecting - name: privilege.old - default_field: false type: keyword description: > When a users privilege is changed this is the old value - name: privilege.new - default_field: false type: keyword description: > When a users privilege is changed this is the new value - name: burst.object - default_field: false type: keyword description: > The related object for burst warnings - name: burst.id - default_field: false type: keyword description: > The related rate ID for burst warnings - name: burst.current_rate - default_field: false type: keyword description: > The current burst rate seen - name: burst.configured_rate - default_field: false type: keyword description: > The current configured burst rate - name: burst.avg_rate - default_field: false type: keyword description: > The current average burst rate seen - name: burst.configured_avg_rate - default_field: false type: keyword description: > The current configured average burst rate allowed - name: burst.cumulative_count - default_field: false type: keyword description: > The total count of burst rate hits since the object was created or cleared @@ -168,12 +157,10 @@ description: Cisco FTD security event fields. - name: webvpn.group_name type: keyword - default_field: false description: > The WebVPN group name the user belongs to - name: termination_user - default_field: false type: keyword description: >- AAA name of user requesting termination diff --git a/packages/cisco/data_stream/ftd/fields/agent.yml b/packages/cisco/data_stream/ftd/fields/agent.yml index d38a70bd6b3..efcdeb30806 100644 --- a/packages/cisco/data_stream/ftd/fields/agent.yml +++ b/packages/cisco/data_stream/ftd/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco/data_stream/ftd/fields/ecs.yml b/packages/cisco/data_stream/ftd/fields/ecs.yml index 1e4950c9bfe..aa3063af4d1 100644 --- a/packages/cisco/data_stream/ftd/fields/ecs.yml +++ b/packages/cisco/data_stream/ftd/fields/ecs.yml @@ -21,7 +21,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -173,7 +172,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cisco/data_stream/ftd/fields/fields.yml b/packages/cisco/data_stream/ftd/fields/fields.yml index cd3a6b2e3ab..fdd39973c74 100644 --- a/packages/cisco/data_stream/ftd/fields/fields.yml +++ b/packages/cisco/data_stream/ftd/fields/fields.yml @@ -80,57 +80,46 @@ - name: mapped_source_host type: keyword - name: command_line_arguments - default_field: false type: keyword description: | The command line arguments logged by the local audit log - name: assigned_ip - default_field: false type: ip description: | The IP address assigned to a VPN client successfully connecting - name: privilege.old - default_field: false type: keyword description: | When a users privilege is changed this is the old value - name: privilege.new - default_field: false type: keyword description: | When a users privilege is changed this is the new value - name: burst.object - default_field: false type: keyword description: | The related object for burst warnings - name: burst.id - default_field: false type: keyword description: | The related rate ID for burst warnings - name: burst.current_rate - default_field: false type: keyword description: | The current burst rate seen - name: burst.configured_rate - default_field: false type: keyword description: | The current configured burst rate - name: burst.avg_rate - default_field: false type: keyword description: | The current average burst rate seen - name: burst.configured_avg_rate - default_field: false type: keyword description: | The current configured average burst rate allowed - name: burst.cumulative_count - default_field: false type: keyword description: | The total count of burst rate hits since the object was created or cleared @@ -139,11 +128,9 @@ description: Cisco FTD security event fields. - name: webvpn.group_name type: keyword - default_field: false description: | The WebVPN group name the user belongs to - name: termination_user - default_field: false type: keyword description: |- AAA name of user requesting termination diff --git a/packages/cisco/data_stream/ios/fields/agent.yml b/packages/cisco/data_stream/ios/fields/agent.yml index 32d10234f92..29df6198c40 100644 --- a/packages/cisco/data_stream/ios/fields/agent.yml +++ b/packages/cisco/data_stream/ios/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco/data_stream/ios/fields/ecs.yml b/packages/cisco/data_stream/ios/fields/ecs.yml index f1b640bd5ec..7cca6357224 100644 --- a/packages/cisco/data_stream/ios/fields/ecs.yml +++ b/packages/cisco/data_stream/ios/fields/ecs.yml @@ -19,7 +19,6 @@ - external: ecs name: destination.geo.region_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -107,7 +106,6 @@ - external: ecs name: source.geo.region_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cisco/data_stream/ios/fields/fields.yml b/packages/cisco/data_stream/ios/fields/fields.yml index 526f201e808..74638b248ae 100644 --- a/packages/cisco/data_stream/ios/fields/fields.yml +++ b/packages/cisco/data_stream/ios/fields/fields.yml @@ -40,7 +40,6 @@ description: Session ID - name: type type: keyword - example: tty description: Session type - name: icmp.code type: keyword diff --git a/packages/cisco/data_stream/meraki/fields/agent.yml b/packages/cisco/data_stream/meraki/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/cisco/data_stream/meraki/fields/agent.yml +++ b/packages/cisco/data_stream/meraki/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco/data_stream/meraki/fields/base-fields.yml b/packages/cisco/data_stream/meraki/fields/base-fields.yml index 774b6eba7f9..058eee48a76 100644 --- a/packages/cisco/data_stream/meraki/fields/base-fields.yml +++ b/packages/cisco/data_stream/meraki/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/cisco/data_stream/meraki/fields/ecs.yml b/packages/cisco/data_stream/meraki/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/cisco/data_stream/meraki/fields/ecs.yml +++ b/packages/cisco/data_stream/meraki/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cisco/data_stream/nexus/fields/agent.yml b/packages/cisco/data_stream/nexus/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/cisco/data_stream/nexus/fields/agent.yml +++ b/packages/cisco/data_stream/nexus/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco/data_stream/nexus/fields/base-fields.yml b/packages/cisco/data_stream/nexus/fields/base-fields.yml index b676b8221c0..576ee3008e8 100644 --- a/packages/cisco/data_stream/nexus/fields/base-fields.yml +++ b/packages/cisco/data_stream/nexus/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/cisco/data_stream/nexus/fields/ecs.yml b/packages/cisco/data_stream/nexus/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/cisco/data_stream/nexus/fields/ecs.yml +++ b/packages/cisco/data_stream/nexus/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cisco/manifest.yml b/packages/cisco/manifest.yml index 97ab3fcce30..2f9ddaf874f 100644 --- a/packages/cisco/manifest.yml +++ b/packages/cisco/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco title: Cisco -version: 0.13.2 +version: "0.13.3" license: basic description: Deprecated. Use a specific Cisco package instead. type: integration diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index 2485d312543..eda31b6abf8 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "2.3.0" changes: - description: Update to ECS 8.2 diff --git a/packages/cisco_asa/data_stream/log/fields/agent.yml b/packages/cisco_asa/data_stream/log/fields/agent.yml index d38a70bd6b3..efcdeb30806 100644 --- a/packages/cisco_asa/data_stream/log/fields/agent.yml +++ b/packages/cisco_asa/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_asa/data_stream/log/fields/ecs.yml b/packages/cisco_asa/data_stream/log/fields/ecs.yml index 71143f2c0c2..50875c97bbb 100644 --- a/packages/cisco_asa/data_stream/log/fields/ecs.yml +++ b/packages/cisco_asa/data_stream/log/fields/ecs.yml @@ -21,7 +21,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -153,7 +152,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cisco_asa/data_stream/log/fields/fields.yml b/packages/cisco_asa/data_stream/log/fields/fields.yml index a1e912f401f..68c21d63b0a 100644 --- a/packages/cisco_asa/data_stream/log/fields/fields.yml +++ b/packages/cisco_asa/data_stream/log/fields/fields.yml @@ -88,7 +88,6 @@ - name: session_type type: keyword - default_field: false description: > Session type (for example, IPsec or UDP). @@ -104,67 +103,56 @@ - name: mapped_source_host type: keyword - name: command_line_arguments - default_field: false type: keyword description: > The command line arguments logged by the local audit log - name: assigned_ip - default_field: false type: ip description: > The IP address assigned to a VPN client successfully connecting - name: privilege.old - default_field: false type: keyword description: > When a users privilege is changed this is the old value - name: privilege.new - default_field: false type: keyword description: > When a users privilege is changed this is the new value - name: burst.object - default_field: false type: keyword description: > The related object for burst warnings - name: burst.id - default_field: false type: keyword description: > The related rate ID for burst warnings - name: burst.current_rate - default_field: false type: keyword description: > The current burst rate seen - name: burst.configured_rate - default_field: false type: keyword description: > The current configured burst rate - name: burst.avg_rate - default_field: false type: keyword description: > The current average burst rate seen - name: burst.configured_avg_rate - default_field: false type: keyword description: > The current configured average burst rate allowed - name: burst.cumulative_count - default_field: false type: keyword description: > The total count of burst rate hits since the object was created or cleared @@ -174,30 +162,25 @@ description: Cisco FTD security event fields. - name: webvpn.group_name type: keyword - default_field: false description: > The WebVPN group name the user belongs to - name: termination_initiator type: keyword - default_field: false description: > Interface name of the side that initiated the teardown - name: tunnel_type type: keyword - default_field: false description: > SA type (remote access or L2L) - name: termination_user - default_field: false type: keyword description: > AAA name of user requesting termination - name: message - default_field: false type: keyword description: >- The message associated with SIP and Skinny VoIP events diff --git a/packages/cisco_asa/manifest.yml b/packages/cisco_asa/manifest.yml index 8975cc48ddd..f0673c81b21 100644 --- a/packages/cisco_asa/manifest.yml +++ b/packages/cisco_asa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_asa title: Cisco ASA -version: 2.3.0 +version: "2.3.1" license: basic description: Collect logs from Cisco ASA with Elastic Agent. type: integration diff --git a/packages/cisco_duo/changelog.yml b/packages/cisco_duo/changelog.yml index 033bc9f96ed..590fae02b8d 100644 --- a/packages/cisco_duo/changelog.yml +++ b/packages/cisco_duo/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.2.1" changes: - description: Added link to Duo documentation diff --git a/packages/cisco_duo/data_stream/admin/fields/agent.yml b/packages/cisco_duo/data_stream/admin/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/cisco_duo/data_stream/admin/fields/agent.yml +++ b/packages/cisco_duo/data_stream/admin/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_duo/data_stream/auth/fields/agent.yml b/packages/cisco_duo/data_stream/auth/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/cisco_duo/data_stream/auth/fields/agent.yml +++ b/packages/cisco_duo/data_stream/auth/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_duo/data_stream/auth/fields/ecs.yml b/packages/cisco_duo/data_stream/auth/fields/ecs.yml index c5b4991d883..0115758993c 100644 --- a/packages/cisco_duo/data_stream/auth/fields/ecs.yml +++ b/packages/cisco_duo/data_stream/auth/fields/ecs.yml @@ -45,7 +45,6 @@ - external: ecs name: source.geo.country_name - name: source.geo.location - level: core type: geo_point description: Longitude and latitude. - external: ecs diff --git a/packages/cisco_duo/data_stream/auth/fields/fields.yml b/packages/cisco_duo/data_stream/auth/fields/fields.yml index 7b0d5b6786d..84296eecfbd 100644 --- a/packages/cisco_duo/data_stream/auth/fields/fields.yml +++ b/packages/cisco_duo/data_stream/auth/fields/fields.yml @@ -148,7 +148,6 @@ description: Country name. - name: geo.location type: geo_point - level: core description: Longitude and latitude. - name: geo.region_iso_code type: keyword diff --git a/packages/cisco_duo/data_stream/offline_enrollment/fields/agent.yml b/packages/cisco_duo/data_stream/offline_enrollment/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/fields/agent.yml +++ b/packages/cisco_duo/data_stream/offline_enrollment/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_duo/data_stream/summary/fields/agent.yml b/packages/cisco_duo/data_stream/summary/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/cisco_duo/data_stream/summary/fields/agent.yml +++ b/packages/cisco_duo/data_stream/summary/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_duo/data_stream/telephony/fields/agent.yml b/packages/cisco_duo/data_stream/telephony/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/cisco_duo/data_stream/telephony/fields/agent.yml +++ b/packages/cisco_duo/data_stream/telephony/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_duo/manifest.yml b/packages/cisco_duo/manifest.yml index 9ee32fff423..f7b93c36383 100644 --- a/packages/cisco_duo/manifest.yml +++ b/packages/cisco_duo/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_duo title: Cisco Duo -version: 1.2.1 +version: "1.2.2" license: basic description: Collect logs from Cisco Duo with Elastic Agent. type: integration diff --git a/packages/cisco_ftd/changelog.yml b/packages/cisco_ftd/changelog.yml index 0bd31f366a1..4448b906936 100644 --- a/packages/cisco_ftd/changelog.yml +++ b/packages/cisco_ftd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "2.1.1" changes: - description: Added link to Cisco's FTD documentation in readme diff --git a/packages/cisco_ftd/data_stream/log/fields/agent.yml b/packages/cisco_ftd/data_stream/log/fields/agent.yml index d38a70bd6b3..efcdeb30806 100644 --- a/packages/cisco_ftd/data_stream/log/fields/agent.yml +++ b/packages/cisco_ftd/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_ftd/data_stream/log/fields/ecs.yml b/packages/cisco_ftd/data_stream/log/fields/ecs.yml index 63bbe0f7fa4..50c843ded28 100644 --- a/packages/cisco_ftd/data_stream/log/fields/ecs.yml +++ b/packages/cisco_ftd/data_stream/log/fields/ecs.yml @@ -21,7 +21,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -181,7 +180,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cisco_ftd/data_stream/log/fields/fields.yml b/packages/cisco_ftd/data_stream/log/fields/fields.yml index cd3a6b2e3ab..fdd39973c74 100644 --- a/packages/cisco_ftd/data_stream/log/fields/fields.yml +++ b/packages/cisco_ftd/data_stream/log/fields/fields.yml @@ -80,57 +80,46 @@ - name: mapped_source_host type: keyword - name: command_line_arguments - default_field: false type: keyword description: | The command line arguments logged by the local audit log - name: assigned_ip - default_field: false type: ip description: | The IP address assigned to a VPN client successfully connecting - name: privilege.old - default_field: false type: keyword description: | When a users privilege is changed this is the old value - name: privilege.new - default_field: false type: keyword description: | When a users privilege is changed this is the new value - name: burst.object - default_field: false type: keyword description: | The related object for burst warnings - name: burst.id - default_field: false type: keyword description: | The related rate ID for burst warnings - name: burst.current_rate - default_field: false type: keyword description: | The current burst rate seen - name: burst.configured_rate - default_field: false type: keyword description: | The current configured burst rate - name: burst.avg_rate - default_field: false type: keyword description: | The current average burst rate seen - name: burst.configured_avg_rate - default_field: false type: keyword description: | The current configured average burst rate allowed - name: burst.cumulative_count - default_field: false type: keyword description: | The total count of burst rate hits since the object was created or cleared @@ -139,11 +128,9 @@ description: Cisco FTD security event fields. - name: webvpn.group_name type: keyword - default_field: false description: | The WebVPN group name the user belongs to - name: termination_user - default_field: false type: keyword description: |- AAA name of user requesting termination diff --git a/packages/cisco_ftd/manifest.yml b/packages/cisco_ftd/manifest.yml index 28c3d47f682..d617c636b1e 100644 --- a/packages/cisco_ftd/manifest.yml +++ b/packages/cisco_ftd/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ftd title: Cisco FTD -version: 2.1.1 +version: "2.1.2" license: basic description: Collect logs from Cisco FTD with Elastic Agent. type: integration diff --git a/packages/cisco_ios/changelog.yml b/packages/cisco_ios/changelog.yml index 9e729b8404d..c1e841f01e2 100644 --- a/packages/cisco_ios/changelog.yml +++ b/packages/cisco_ios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.5.0" changes: - description: Update to ECS 8.2 diff --git a/packages/cisco_ios/data_stream/log/fields/agent.yml b/packages/cisco_ios/data_stream/log/fields/agent.yml index 32d10234f92..29df6198c40 100644 --- a/packages/cisco_ios/data_stream/log/fields/agent.yml +++ b/packages/cisco_ios/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_ios/data_stream/log/fields/ecs.yml b/packages/cisco_ios/data_stream/log/fields/ecs.yml index aa2cf73fd85..f51da502f12 100644 --- a/packages/cisco_ios/data_stream/log/fields/ecs.yml +++ b/packages/cisco_ios/data_stream/log/fields/ecs.yml @@ -19,7 +19,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -107,7 +106,6 @@ - external: ecs name: source.geo.region_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cisco_ios/data_stream/log/fields/fields.yml b/packages/cisco_ios/data_stream/log/fields/fields.yml index 5342402f700..b41d4b0f129 100644 --- a/packages/cisco_ios/data_stream/log/fields/fields.yml +++ b/packages/cisco_ios/data_stream/log/fields/fields.yml @@ -40,7 +40,6 @@ description: Session ID - name: type type: keyword - example: tty description: Session type - name: icmp.code type: keyword diff --git a/packages/cisco_ios/manifest.yml b/packages/cisco_ios/manifest.yml index 29446657265..42a1822ebf3 100644 --- a/packages/cisco_ios/manifest.yml +++ b/packages/cisco_ios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ios title: Cisco IOS -version: 1.5.0 +version: "1.5.1" license: basic description: Collect logs from Cisco IOS with Elastic Agent. type: integration diff --git a/packages/cisco_ise/changelog.yml b/packages/cisco_ise/changelog.yml index f5b286a4da3..1a426c14761 100644 --- a/packages/cisco_ise/changelog.yml +++ b/packages/cisco_ise/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.1.0" changes: - description: Initial draft of the package diff --git a/packages/cisco_ise/data_stream/log/fields/agent.yml b/packages/cisco_ise/data_stream/log/fields/agent.yml index 6e1bac042bc..d1046d4a6a0 100644 --- a/packages/cisco_ise/data_stream/log/fields/agent.yml +++ b/packages/cisco_ise/data_stream/log/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_ise/manifest.yml b/packages/cisco_ise/manifest.yml index 17b83743aae..5c301767e00 100644 --- a/packages/cisco_ise/manifest.yml +++ b/packages/cisco_ise/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ise title: Cisco ISE -version: 0.1.0 +version: "0.1.1" license: basic description: Collect logs from Cisco ISE with Elastic Agent. type: integration diff --git a/packages/cisco_meraki/changelog.yml b/packages/cisco_meraki/changelog.yml index cf4226f784a..89cb098a325 100644 --- a/packages/cisco_meraki/changelog.yml +++ b/packages/cisco_meraki/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on topA +- version: "0.5.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.5.0" changes: - description: Replace RSA2ELK with Syslog and Webhook integration diff --git a/packages/cisco_meraki/data_stream/events/fields/agent.yml b/packages/cisco_meraki/data_stream/events/fields/agent.yml index 162c9f3aa38..34eef5f9752 100644 --- a/packages/cisco_meraki/data_stream/events/fields/agent.yml +++ b/packages/cisco_meraki/data_stream/events/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_meraki/data_stream/events/fields/base-fields.yml b/packages/cisco_meraki/data_stream/events/fields/base-fields.yml index ebba8d4244b..95452d99477 100644 --- a/packages/cisco_meraki/data_stream/events/fields/base-fields.yml +++ b/packages/cisco_meraki/data_stream/events/fields/base-fields.yml @@ -27,6 +27,5 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword diff --git a/packages/cisco_meraki/data_stream/events/fields/ecs.yml b/packages/cisco_meraki/data_stream/events/fields/ecs.yml index 1689c91fbc3..083baa7d802 100644 --- a/packages/cisco_meraki/data_stream/events/fields/ecs.yml +++ b/packages/cisco_meraki/data_stream/events/fields/ecs.yml @@ -27,7 +27,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -207,7 +206,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cisco_meraki/data_stream/log/fields/agent.yml b/packages/cisco_meraki/data_stream/log/fields/agent.yml index 162c9f3aa38..34eef5f9752 100644 --- a/packages/cisco_meraki/data_stream/log/fields/agent.yml +++ b/packages/cisco_meraki/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_meraki/data_stream/log/fields/ecs.yml b/packages/cisco_meraki/data_stream/log/fields/ecs.yml index d0f1e65d677..72fd210006d 100644 --- a/packages/cisco_meraki/data_stream/log/fields/ecs.yml +++ b/packages/cisco_meraki/data_stream/log/fields/ecs.yml @@ -27,7 +27,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -207,7 +206,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cisco_meraki/manifest.yml b/packages/cisco_meraki/manifest.yml index 82b34c4a6e3..4f25b67c462 100644 --- a/packages/cisco_meraki/manifest.yml +++ b/packages/cisco_meraki/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_meraki title: Cisco Meraki Integration -version: 0.5.0 +version: "0.5.1" license: basic description: Collect events from Cisco Meraki. type: integration diff --git a/packages/cisco_nexus/changelog.yml b/packages/cisco_nexus/changelog.yml index 8f64cd4c1e7..dd49fc91d2f 100644 --- a/packages/cisco_nexus/changelog.yml +++ b/packages/cisco_nexus/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.5.1" changes: - description: Updated readme file diff --git a/packages/cisco_nexus/data_stream/log/fields/agent.yml b/packages/cisco_nexus/data_stream/log/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/cisco_nexus/data_stream/log/fields/agent.yml +++ b/packages/cisco_nexus/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_nexus/data_stream/log/fields/base-fields.yml b/packages/cisco_nexus/data_stream/log/fields/base-fields.yml index 40f5ce6158c..98398f5d257 100644 --- a/packages/cisco_nexus/data_stream/log/fields/base-fields.yml +++ b/packages/cisco_nexus/data_stream/log/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/cisco_nexus/data_stream/log/fields/ecs.yml b/packages/cisco_nexus/data_stream/log/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/cisco_nexus/data_stream/log/fields/ecs.yml +++ b/packages/cisco_nexus/data_stream/log/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cisco_nexus/manifest.yml b/packages/cisco_nexus/manifest.yml index 07ba21375a0..44370558f50 100644 --- a/packages/cisco_nexus/manifest.yml +++ b/packages/cisco_nexus/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_nexus title: Cisco Nexus -version: 0.5.1 +version: "0.5.2" license: basic description: Collect logs from Cisco Nexus with Elastic Agent. type: integration diff --git a/packages/cisco_secure_email_gateway/changelog.yml b/packages/cisco_secure_email_gateway/changelog.yml index 2647aa64d82..207baf6e241 100644 --- a/packages/cisco_secure_email_gateway/changelog.yml +++ b/packages/cisco_secure_email_gateway/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.1.0" changes: - description: Initial draft of the package diff --git a/packages/cisco_secure_email_gateway/data_stream/log/fields/agent.yml b/packages/cisco_secure_email_gateway/data_stream/log/fields/agent.yml index 6e1bac042bc..d1046d4a6a0 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/fields/agent.yml +++ b/packages/cisco_secure_email_gateway/data_stream/log/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_secure_email_gateway/manifest.yml b/packages/cisco_secure_email_gateway/manifest.yml index 613e1e10bc4..48a490e33d5 100644 --- a/packages/cisco_secure_email_gateway/manifest.yml +++ b/packages/cisco_secure_email_gateway/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_email_gateway title: Cisco Secure Email Gateway -version: 0.1.0 +version: "0.1.1" license: basic description: Collect logs from Cisco Secure Email Gateway with Elastic Agent. type: integration diff --git a/packages/cisco_secure_endpoint/changelog.yml b/packages/cisco_secure_endpoint/changelog.yml index 5b895cf5aa5..6816c8f1756 100644 --- a/packages/cisco_secure_endpoint/changelog.yml +++ b/packages/cisco_secure_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "2.4.0" changes: - description: Update to ECS 8.2 diff --git a/packages/cisco_secure_endpoint/data_stream/event/fields/agent.yml b/packages/cisco_secure_endpoint/data_stream/event/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/fields/agent.yml +++ b/packages/cisco_secure_endpoint/data_stream/event/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_secure_endpoint/data_stream/event/fields/ecs.yml b/packages/cisco_secure_endpoint/data_stream/event/fields/ecs.yml index e6934866f97..96fd2da6592 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/fields/ecs.yml +++ b/packages/cisco_secure_endpoint/data_stream/event/fields/ecs.yml @@ -87,7 +87,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs diff --git a/packages/cisco_secure_endpoint/data_stream/event/fields/fields.yml b/packages/cisco_secure_endpoint/data_stream/event/fields/fields.yml index 68cdf7aad9d..ef2e41fab93 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/fields/fields.yml +++ b/packages/cisco_secure_endpoint/data_stream/event/fields/fields.yml @@ -1,7 +1,5 @@ - name: cisco.secure_endpoint type: group - release: beta - default_field: false description: > Module for parsing Cisco Secure Endpoint logs. diff --git a/packages/cisco_secure_endpoint/manifest.yml b/packages/cisco_secure_endpoint/manifest.yml index 90e6bfe9ab0..96b9c0589c5 100644 --- a/packages/cisco_secure_endpoint/manifest.yml +++ b/packages/cisco_secure_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_endpoint title: Cisco Secure Endpoint (AMP) -version: 2.4.0 +version: "2.4.1" license: basic description: Collect logs from Cisco Secure Endpoint (AMP) with Elastic Agent. type: integration diff --git a/packages/cisco_umbrella/changelog.yml b/packages/cisco_umbrella/changelog.yml index 38accf045ab..a9e89ee94bd 100644 --- a/packages/cisco_umbrella/changelog.yml +++ b/packages/cisco_umbrella/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.6.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.6.1" changes: - description: Fix use of destination.ip instead of source.nat.ip in DNS logs diff --git a/packages/cisco_umbrella/data_stream/log/fields/agent.yml b/packages/cisco_umbrella/data_stream/log/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/cisco_umbrella/data_stream/log/fields/agent.yml +++ b/packages/cisco_umbrella/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cisco_umbrella/data_stream/log/fields/ecs.yml b/packages/cisco_umbrella/data_stream/log/fields/ecs.yml index cac2ed3f9fb..ad746c333c7 100644 --- a/packages/cisco_umbrella/data_stream/log/fields/ecs.yml +++ b/packages/cisco_umbrella/data_stream/log/fields/ecs.yml @@ -31,7 +31,6 @@ - external: ecs name: destination.geo.country_iso_code - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -127,7 +126,6 @@ - external: ecs name: source.geo.country_iso_code - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cisco_umbrella/manifest.yml b/packages/cisco_umbrella/manifest.yml index 747188e1a6f..5f63d2d3983 100644 --- a/packages/cisco_umbrella/manifest.yml +++ b/packages/cisco_umbrella/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_umbrella title: Cisco Umbrella -version: 0.6.1 +version: "0.6.2" license: basic description: Collect logs from Cisco Umbrella with Elastic Agent. type: integration diff --git a/packages/cloudflare/changelog.yml b/packages/cloudflare/changelog.yml index d6c4b92afd2..d177a0c35e6 100644 --- a/packages/cloudflare/changelog.yml +++ b/packages/cloudflare/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.3" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.4.2" changes: - description: Update documentation diff --git a/packages/cloudflare/data_stream/audit/fields/ecs.yml b/packages/cloudflare/data_stream/audit/fields/ecs.yml index f80e416704b..71630db1309 100644 --- a/packages/cloudflare/data_stream/audit/fields/ecs.yml +++ b/packages/cloudflare/data_stream/audit/fields/ecs.yml @@ -34,7 +34,6 @@ external: ecs - name: source.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: source.geo.name external: ecs diff --git a/packages/cloudflare/data_stream/logpull/fields/agent.yml b/packages/cloudflare/data_stream/logpull/fields/agent.yml index 4d9a6f7b362..d71780611d2 100644 --- a/packages/cloudflare/data_stream/logpull/fields/agent.yml +++ b/packages/cloudflare/data_stream/logpull/fields/agent.yml @@ -1,35 +1,26 @@ - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -38,58 +29,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -102,13 +78,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cloudflare/data_stream/logpull/fields/ecs.yml b/packages/cloudflare/data_stream/logpull/fields/ecs.yml index 9a9a6402b06..c49628d131a 100644 --- a/packages/cloudflare/data_stream/logpull/fields/ecs.yml +++ b/packages/cloudflare/data_stream/logpull/fields/ecs.yml @@ -18,7 +18,6 @@ external: ecs - name: client.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: client.geo.region_name external: ecs @@ -46,7 +45,6 @@ external: ecs - name: destination.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: destination.geo.name external: ecs @@ -112,7 +110,6 @@ external: ecs - name: source.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: source.geo.name external: ecs @@ -218,7 +215,6 @@ external: ecs - name: observer.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: observer.geo.region_name external: ecs diff --git a/packages/cloudflare/data_stream/logpull/fields/fields.yml b/packages/cloudflare/data_stream/logpull/fields/fields.yml index 0712d73ccbc..6edf447ace6 100644 --- a/packages/cloudflare/data_stream/logpull/fields/fields.yml +++ b/packages/cloudflare/data_stream/logpull/fields/fields.yml @@ -1,7 +1,5 @@ - name: cloudflare type: group - release: beta - default_field: false description: > Fields for Cloudflare Logs diff --git a/packages/cloudflare/manifest.yml b/packages/cloudflare/manifest.yml index 703ea7e8912..4313f307228 100644 --- a/packages/cloudflare/manifest.yml +++ b/packages/cloudflare/manifest.yml @@ -1,6 +1,6 @@ name: cloudflare title: Cloudflare -version: 1.4.2 +version: "1.4.3" release: ga description: Collect and parse logs from Cloudflare API with Elastic Agent. type: integration diff --git a/packages/cockroachdb/changelog.yml b/packages/cockroachdb/changelog.yml index e30a931c212..deaa12e255c 100644 --- a/packages/cockroachdb/changelog.yml +++ b/packages/cockroachdb/changelog.yml @@ -1,3 +1,8 @@ +- version: "0.2.4" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.2.3" changes: - description: Add link to vendor documentation in readme diff --git a/packages/cockroachdb/data_stream/status/fields/agent.yml b/packages/cockroachdb/data_stream/status/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/cockroachdb/data_stream/status/fields/agent.yml +++ b/packages/cockroachdb/data_stream/status/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/cockroachdb/data_stream/status/fields/fields.yml b/packages/cockroachdb/data_stream/status/fields/fields.yml index d549bb4918d..c125388f298 100644 --- a/packages/cockroachdb/data_stream/status/fields/fields.yml +++ b/packages/cockroachdb/data_stream/status/fields/fields.yml @@ -1,6 +1,5 @@ - name: cockroachdb.status type: group - release: beta fields: - name: labels.* type: object diff --git a/packages/cockroachdb/manifest.yml b/packages/cockroachdb/manifest.yml index 52f1a82201d..5df749efed1 100644 --- a/packages/cockroachdb/manifest.yml +++ b/packages/cockroachdb/manifest.yml @@ -1,6 +1,6 @@ name: cockroachdb title: CockroachDB Metrics -version: 0.2.3 +version: "0.2.4" release: beta description: Collect metrics from CockroachDB servers with Elastic Agent. type: integration diff --git a/packages/containerd/changelog.yml b/packages/containerd/changelog.yml index d19800929c6..8308e840cde 100644 --- a/packages/containerd/changelog.yml +++ b/packages/containerd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.2.1" changes: - description: Tidy up markdown in readme.md diff --git a/packages/containerd/data_stream/blkio/fields/fields.yml b/packages/containerd/data_stream/blkio/fields/fields.yml index 8ec25015353..f747b4ab5cd 100644 --- a/packages/containerd/data_stream/blkio/fields/fields.yml +++ b/packages/containerd/data_stream/blkio/fields/fields.yml @@ -1,6 +1,5 @@ - name: containerd.blkio type: group - release: beta description: > Containerd Runtime block I/O metrics. diff --git a/packages/containerd/data_stream/cpu/fields/fields.yml b/packages/containerd/data_stream/cpu/fields/fields.yml index be85a5c1330..9d2e4056fd2 100644 --- a/packages/containerd/data_stream/cpu/fields/fields.yml +++ b/packages/containerd/data_stream/cpu/fields/fields.yml @@ -3,7 +3,6 @@ description: > Containerd Runtime CPU metrics. - release: beta fields: - name: system.total type: double diff --git a/packages/containerd/data_stream/memory/fields/fields.yml b/packages/containerd/data_stream/memory/fields/fields.yml index fe1285bb3d5..40adf112f11 100644 --- a/packages/containerd/data_stream/memory/fields/fields.yml +++ b/packages/containerd/data_stream/memory/fields/fields.yml @@ -1,6 +1,5 @@ - name: containerd.memory type: group - release: beta description: > Containerd Runtime memory metrics. diff --git a/packages/containerd/manifest.yml b/packages/containerd/manifest.yml index d24eb5826a1..152f52034b3 100644 --- a/packages/containerd/manifest.yml +++ b/packages/containerd/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: containerd title: "Containerd" -version: 0.2.1 +version: "0.2.2" license: basic description: "Collect metrics from containerd containers." type: integration diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml index ecb767fe730..c12239ff0db 100644 --- a/packages/crowdstrike/changelog.yml +++ b/packages/crowdstrike/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.1" changes: - description: Update readme file. Added link to CrowdStrike docs diff --git a/packages/crowdstrike/data_stream/falcon/fields/agent.yml b/packages/crowdstrike/data_stream/falcon/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/crowdstrike/data_stream/falcon/fields/agent.yml +++ b/packages/crowdstrike/data_stream/falcon/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/crowdstrike/data_stream/falcon/fields/fields.yml b/packages/crowdstrike/data_stream/falcon/fields/fields.yml index f8b93a2aaf8..bd7f782e134 100644 --- a/packages/crowdstrike/data_stream/falcon/fields/fields.yml +++ b/packages/crowdstrike/data_stream/falcon/fields/fields.yml @@ -1,5 +1,4 @@ - name: crowdstrike.metadata - title: Metadata fields type: group fields: - name: eventType @@ -23,7 +22,6 @@ description: | Schema version - name: crowdstrike.event - title: Event fields type: group fields: - name: ProcessStartTime diff --git a/packages/crowdstrike/data_stream/fdr/fields/ecs.yml b/packages/crowdstrike/data_stream/fdr/fields/ecs.yml index f6a5b721c4d..0b2f6ea04e5 100644 --- a/packages/crowdstrike/data_stream/fdr/fields/ecs.yml +++ b/packages/crowdstrike/data_stream/fdr/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -105,7 +104,6 @@ - external: ecs name: observer.geo.country_name - description: Longitude and latitude. - level: core name: observer.geo.location type: geo_point - external: ecs @@ -191,7 +189,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/crowdstrike/manifest.yml b/packages/crowdstrike/manifest.yml index e347fc2b4f5..736dfdaf45e 100644 --- a/packages/crowdstrike/manifest.yml +++ b/packages/crowdstrike/manifest.yml @@ -1,6 +1,6 @@ name: crowdstrike title: CrowdStrike Logs -version: 1.3.1 +version: "1.3.2" description: Collect and parse falcon logs from Crowdstrike products with Elastic Agent. type: integration format_version: 1.0.0 diff --git a/packages/cyberark/changelog.yml b/packages/cyberark/changelog.yml index 85003444b86..bd1a90fa313 100644 --- a/packages/cyberark/changelog.yml +++ b/packages/cyberark/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.5.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/cyberark/data_stream/corepas/fields/base-fields.yml b/packages/cyberark/data_stream/corepas/fields/base-fields.yml index 21c3c25647b..33163e2d047 100644 --- a/packages/cyberark/data_stream/corepas/fields/base-fields.yml +++ b/packages/cyberark/data_stream/corepas/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/cyberark/data_stream/corepas/fields/ecs.yml b/packages/cyberark/data_stream/corepas/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/cyberark/data_stream/corepas/fields/ecs.yml +++ b/packages/cyberark/data_stream/corepas/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cyberark/manifest.yml b/packages/cyberark/manifest.yml index 32ede926a24..727865a92e8 100644 --- a/packages/cyberark/manifest.yml +++ b/packages/cyberark/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cyberark title: CyberArk -version: 0.5.0 +version: "0.5.1" description: Deprecated. Use CyberArk Privileged Access Security instead. categories: ["security"] release: experimental diff --git a/packages/cyberarkpas/changelog.yml b/packages/cyberarkpas/changelog.yml index 62b5602470c..655f6ef68cf 100644 --- a/packages/cyberarkpas/changelog.yml +++ b/packages/cyberarkpas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "2.4.0" changes: - description: Update to ECS 8.2 diff --git a/packages/cyberarkpas/data_stream/audit/fields/ecs.yml b/packages/cyberarkpas/data_stream/audit/fields/ecs.yml index 52bc05f570c..9e093b17088 100644 --- a/packages/cyberarkpas/data_stream/audit/fields/ecs.yml +++ b/packages/cyberarkpas/data_stream/audit/fields/ecs.yml @@ -15,7 +15,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -101,7 +100,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cyberarkpas/manifest.yml b/packages/cyberarkpas/manifest.yml index 5ad51e71e92..e7fa746fe6d 100644 --- a/packages/cyberarkpas/manifest.yml +++ b/packages/cyberarkpas/manifest.yml @@ -1,6 +1,6 @@ name: cyberarkpas title: CyberArk Privileged Access Security Logs -version: 2.4.0 +version: "2.4.1" release: ga description: Collect audit logs from Cyberark Vault servers with Elastic Agent. type: integration diff --git a/packages/cylance/changelog.yml b/packages/cylance/changelog.yml index b25716532da..efb93b140ac 100644 --- a/packages/cylance/changelog.yml +++ b/packages/cylance/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/cylance/data_stream/protect/fields/base-fields.yml b/packages/cylance/data_stream/protect/fields/base-fields.yml index f7a828b7532..1fef18d21a0 100644 --- a/packages/cylance/data_stream/protect/fields/base-fields.yml +++ b/packages/cylance/data_stream/protect/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/cylance/data_stream/protect/fields/ecs.yml b/packages/cylance/data_stream/protect/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/cylance/data_stream/protect/fields/ecs.yml +++ b/packages/cylance/data_stream/protect/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/cylance/manifest.yml b/packages/cylance/manifest.yml index 9fb7f09ff4d..ecc403f9e80 100644 --- a/packages/cylance/manifest.yml +++ b/packages/cylance/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cylance title: CylanceProtect Logs -version: 0.8.0 +version: "0.8.1" description: Collect logs from CylanceProtect devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/docker/changelog.yml b/packages/docker/changelog.yml index b21cd2b45ec..b0359c90ca1 100644 --- a/packages/docker/changelog.yml +++ b/packages/docker/changelog.yml @@ -1,5 +1,8 @@ -# newer versions go on top - +- version: "2.1.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "2.1.1" changes: - description: Fix missing dedot options diff --git a/packages/docker/data_stream/container/fields/fields.yml b/packages/docker/data_stream/container/fields/fields.yml index 731024bef90..d9387882110 100644 --- a/packages/docker/data_stream/container/fields/fields.yml +++ b/packages/docker/data_stream/container/fields/fields.yml @@ -1,11 +1,9 @@ - name: docker.container.labels.* type: object - release: ga description: | Container labels - name: docker.container type: group - release: ga fields: - name: command type: keyword diff --git a/packages/docker/data_stream/cpu/fields/fields.yml b/packages/docker/data_stream/cpu/fields/fields.yml index 7e84b680413..84ca73a4207 100644 --- a/packages/docker/data_stream/cpu/fields/fields.yml +++ b/packages/docker/data_stream/cpu/fields/fields.yml @@ -1,11 +1,9 @@ - name: docker.container.labels.* type: object - release: ga description: | Container labels - name: docker.cpu type: group - release: ga fields: - name: kernel.pct type: scaled_float diff --git a/packages/docker/data_stream/diskio/fields/fields.yml b/packages/docker/data_stream/diskio/fields/fields.yml index 0868e78700f..77a67b06bcb 100644 --- a/packages/docker/data_stream/diskio/fields/fields.yml +++ b/packages/docker/data_stream/diskio/fields/fields.yml @@ -1,11 +1,9 @@ - name: docker.container.labels.* type: object - release: ga description: | Container labels - name: docker.diskio type: group - release: ga fields: - name: read type: group diff --git a/packages/docker/data_stream/event/fields/fields.yml b/packages/docker/data_stream/event/fields/fields.yml index bbc93c09b85..90dd47c6904 100644 --- a/packages/docker/data_stream/event/fields/fields.yml +++ b/packages/docker/data_stream/event/fields/fields.yml @@ -1,11 +1,9 @@ - name: docker.container.labels.* type: object - release: ga description: | Container labels - name: docker.event type: group - release: ga fields: - name: status type: keyword diff --git a/packages/docker/data_stream/healthcheck/fields/fields.yml b/packages/docker/data_stream/healthcheck/fields/fields.yml index f6cab259d63..50043627092 100644 --- a/packages/docker/data_stream/healthcheck/fields/fields.yml +++ b/packages/docker/data_stream/healthcheck/fields/fields.yml @@ -1,11 +1,9 @@ - name: docker.container.labels.* type: object - release: ga description: | Container labels - name: docker.healthcheck type: group - release: ga fields: - name: failingstreak type: integer diff --git a/packages/docker/data_stream/image/fields/fields.yml b/packages/docker/data_stream/image/fields/fields.yml index c104c8e9056..a80244dd88f 100644 --- a/packages/docker/data_stream/image/fields/fields.yml +++ b/packages/docker/data_stream/image/fields/fields.yml @@ -1,6 +1,5 @@ - name: docker.image type: group - release: ga fields: - name: id type: group diff --git a/packages/docker/data_stream/info/fields/fields.yml b/packages/docker/data_stream/info/fields/fields.yml index fb367a14ccb..d55b02b2704 100644 --- a/packages/docker/data_stream/info/fields/fields.yml +++ b/packages/docker/data_stream/info/fields/fields.yml @@ -1,6 +1,5 @@ - name: docker.info type: group - release: ga fields: - name: containers type: group diff --git a/packages/docker/data_stream/memory/fields/fields.yml b/packages/docker/data_stream/memory/fields/fields.yml index 7293ddf574c..e6eb416533a 100644 --- a/packages/docker/data_stream/memory/fields/fields.yml +++ b/packages/docker/data_stream/memory/fields/fields.yml @@ -1,11 +1,9 @@ - name: docker.container.labels.* type: object - release: ga description: | Container labels - name: docker.memory type: group - release: ga fields: - name: stats.* type: object diff --git a/packages/docker/data_stream/network/fields/fields.yml b/packages/docker/data_stream/network/fields/fields.yml index a6c4cdc4e82..a24a60e21fa 100644 --- a/packages/docker/data_stream/network/fields/fields.yml +++ b/packages/docker/data_stream/network/fields/fields.yml @@ -1,11 +1,9 @@ - name: docker.container.labels.* type: object - release: ga description: | Container labels - name: docker.network type: group - release: ga fields: - name: interface type: keyword diff --git a/packages/docker/manifest.yml b/packages/docker/manifest.yml index b00349d10bd..b0daa5915f9 100644 --- a/packages/docker/manifest.yml +++ b/packages/docker/manifest.yml @@ -1,6 +1,6 @@ name: docker title: Docker Metrics -version: 2.1.1 +version: "2.1.2" release: ga description: Collect metrics from Docker instances with Elastic Agent. type: integration diff --git a/packages/elastic_agent/changelog.yml b/packages/elastic_agent/changelog.yml index b859ec2b3af..13690c64df1 100644 --- a/packages/elastic_agent/changelog.yml +++ b/packages/elastic_agent/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.1" changes: - description: Fix missing ecs.version mapping diff --git a/packages/elastic_agent/data_stream/apm_server_logs/fields/agent.yml b/packages/elastic_agent/data_stream/apm_server_logs/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/apm_server_logs/fields/agent.yml +++ b/packages/elastic_agent/data_stream/apm_server_logs/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/apm_server_logs/fields/ecs.yml b/packages/elastic_agent/data_stream/apm_server_logs/fields/ecs.yml index fcdde864586..60c9580ee7a 100644 --- a/packages/elastic_agent/data_stream/apm_server_logs/fields/ecs.yml +++ b/packages/elastic_agent/data_stream/apm_server_logs/fields/ecs.yml @@ -1,14 +1,10 @@ - external: ecs name: ecs.version - name: log - title: Log - group: 2 description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." type: group fields: - name: level - level: core type: keyword ignore_above: 1024 description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/data_stream/apm_server_logs/fields/fields.yml b/packages/elastic_agent/data_stream/apm_server_logs/fields/fields.yml index 24771ec5046..e09a459ee5c 100644 --- a/packages/elastic_agent/data_stream/apm_server_logs/fields/fields.yml +++ b/packages/elastic_agent/data_stream/apm_server_logs/fields/fields.yml @@ -1,8 +1,6 @@ - name: message type: text - title: Log Message - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -11,18 +9,13 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/data_stream/apm_server_metrics/fields/agent.yml b/packages/elastic_agent/data_stream/apm_server_metrics/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/apm_server_metrics/fields/agent.yml +++ b/packages/elastic_agent/data_stream/apm_server_metrics/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/apm_server_metrics/fields/beat-fields.yml b/packages/elastic_agent/data_stream/apm_server_metrics/fields/beat-fields.yml index 0c063d19aee..408ab9d9b25 100644 --- a/packages/elastic_agent/data_stream/apm_server_metrics/fields/beat-fields.yml +++ b/packages/elastic_agent/data_stream/apm_server_metrics/fields/beat-fields.yml @@ -1,5 +1,5 @@ - name: beat.type - descripion: Beat type. + description: Beat type. type: keyword - name: beat.stats description: Beat stats diff --git a/packages/elastic_agent/data_stream/apm_server_metrics/fields/fields.yml b/packages/elastic_agent/data_stream/apm_server_metrics/fields/fields.yml index a516126a23b..15a4c17b5e1 100644 --- a/packages/elastic_agent/data_stream/apm_server_metrics/fields/fields.yml +++ b/packages/elastic_agent/data_stream/apm_server_metrics/fields/fields.yml @@ -1,5 +1,4 @@ - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -8,21 +7,16 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 - name: system.process type: group fields: diff --git a/packages/elastic_agent/data_stream/auditbeat_logs/fields/agent.yml b/packages/elastic_agent/data_stream/auditbeat_logs/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/auditbeat_logs/fields/agent.yml +++ b/packages/elastic_agent/data_stream/auditbeat_logs/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/auditbeat_logs/fields/ecs.yml b/packages/elastic_agent/data_stream/auditbeat_logs/fields/ecs.yml index fcdde864586..60c9580ee7a 100644 --- a/packages/elastic_agent/data_stream/auditbeat_logs/fields/ecs.yml +++ b/packages/elastic_agent/data_stream/auditbeat_logs/fields/ecs.yml @@ -1,14 +1,10 @@ - external: ecs name: ecs.version - name: log - title: Log - group: 2 description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." type: group fields: - name: level - level: core type: keyword ignore_above: 1024 description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/data_stream/auditbeat_logs/fields/fields.yml b/packages/elastic_agent/data_stream/auditbeat_logs/fields/fields.yml index 24771ec5046..e09a459ee5c 100644 --- a/packages/elastic_agent/data_stream/auditbeat_logs/fields/fields.yml +++ b/packages/elastic_agent/data_stream/auditbeat_logs/fields/fields.yml @@ -1,8 +1,6 @@ - name: message type: text - title: Log Message - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -11,18 +9,13 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/data_stream/auditbeat_metrics/fields/agent.yml b/packages/elastic_agent/data_stream/auditbeat_metrics/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/auditbeat_metrics/fields/agent.yml +++ b/packages/elastic_agent/data_stream/auditbeat_metrics/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/auditbeat_metrics/fields/beat-fields.yml b/packages/elastic_agent/data_stream/auditbeat_metrics/fields/beat-fields.yml index 0c063d19aee..408ab9d9b25 100644 --- a/packages/elastic_agent/data_stream/auditbeat_metrics/fields/beat-fields.yml +++ b/packages/elastic_agent/data_stream/auditbeat_metrics/fields/beat-fields.yml @@ -1,5 +1,5 @@ - name: beat.type - descripion: Beat type. + description: Beat type. type: keyword - name: beat.stats description: Beat stats diff --git a/packages/elastic_agent/data_stream/auditbeat_metrics/fields/fields.yml b/packages/elastic_agent/data_stream/auditbeat_metrics/fields/fields.yml index a516126a23b..15a4c17b5e1 100644 --- a/packages/elastic_agent/data_stream/auditbeat_metrics/fields/fields.yml +++ b/packages/elastic_agent/data_stream/auditbeat_metrics/fields/fields.yml @@ -1,5 +1,4 @@ - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -8,21 +7,16 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 - name: system.process type: group fields: diff --git a/packages/elastic_agent/data_stream/elastic_agent_logs/fields/agent.yml b/packages/elastic_agent/data_stream/elastic_agent_logs/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/elastic_agent_logs/fields/agent.yml +++ b/packages/elastic_agent/data_stream/elastic_agent_logs/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/elastic_agent_logs/fields/ecs.yml b/packages/elastic_agent/data_stream/elastic_agent_logs/fields/ecs.yml index fcdde864586..60c9580ee7a 100644 --- a/packages/elastic_agent/data_stream/elastic_agent_logs/fields/ecs.yml +++ b/packages/elastic_agent/data_stream/elastic_agent_logs/fields/ecs.yml @@ -1,14 +1,10 @@ - external: ecs name: ecs.version - name: log - title: Log - group: 2 description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." type: group fields: - name: level - level: core type: keyword ignore_above: 1024 description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/data_stream/elastic_agent_logs/fields/fields.yml b/packages/elastic_agent/data_stream/elastic_agent_logs/fields/fields.yml index 24771ec5046..e09a459ee5c 100644 --- a/packages/elastic_agent/data_stream/elastic_agent_logs/fields/fields.yml +++ b/packages/elastic_agent/data_stream/elastic_agent_logs/fields/fields.yml @@ -1,8 +1,6 @@ - name: message type: text - title: Log Message - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -11,18 +9,13 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/agent.yml b/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/agent.yml +++ b/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/beat-fields.yml b/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/beat-fields.yml index 0c063d19aee..408ab9d9b25 100644 --- a/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/beat-fields.yml +++ b/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/beat-fields.yml @@ -1,5 +1,5 @@ - name: beat.type - descripion: Beat type. + description: Beat type. type: keyword - name: beat.stats description: Beat stats diff --git a/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/fields.yml b/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/fields.yml index a516126a23b..15a4c17b5e1 100644 --- a/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/fields.yml +++ b/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/fields.yml @@ -1,5 +1,4 @@ - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -8,21 +7,16 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 - name: system.process type: group fields: diff --git a/packages/elastic_agent/data_stream/endpoint_security_metrics/fields/agent.yml b/packages/elastic_agent/data_stream/endpoint_security_metrics/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/endpoint_security_metrics/fields/agent.yml +++ b/packages/elastic_agent/data_stream/endpoint_security_metrics/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/endpoint_security_metrics/fields/beat-fields.yml b/packages/elastic_agent/data_stream/endpoint_security_metrics/fields/beat-fields.yml index 0c063d19aee..408ab9d9b25 100644 --- a/packages/elastic_agent/data_stream/endpoint_security_metrics/fields/beat-fields.yml +++ b/packages/elastic_agent/data_stream/endpoint_security_metrics/fields/beat-fields.yml @@ -1,5 +1,5 @@ - name: beat.type - descripion: Beat type. + description: Beat type. type: keyword - name: beat.stats description: Beat stats diff --git a/packages/elastic_agent/data_stream/endpoint_security_metrics/fields/fields.yml b/packages/elastic_agent/data_stream/endpoint_security_metrics/fields/fields.yml index f151c61ee25..625acd6eb39 100644 --- a/packages/elastic_agent/data_stream/endpoint_security_metrics/fields/fields.yml +++ b/packages/elastic_agent/data_stream/endpoint_security_metrics/fields/fields.yml @@ -1,5 +1,4 @@ - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -8,18 +7,13 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/data_stream/endpoint_sercurity_logs/fields/agent.yml b/packages/elastic_agent/data_stream/endpoint_sercurity_logs/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/endpoint_sercurity_logs/fields/agent.yml +++ b/packages/elastic_agent/data_stream/endpoint_sercurity_logs/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/endpoint_sercurity_logs/fields/ecs.yml b/packages/elastic_agent/data_stream/endpoint_sercurity_logs/fields/ecs.yml index fcdde864586..60c9580ee7a 100644 --- a/packages/elastic_agent/data_stream/endpoint_sercurity_logs/fields/ecs.yml +++ b/packages/elastic_agent/data_stream/endpoint_sercurity_logs/fields/ecs.yml @@ -1,14 +1,10 @@ - external: ecs name: ecs.version - name: log - title: Log - group: 2 description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." type: group fields: - name: level - level: core type: keyword ignore_above: 1024 description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/data_stream/endpoint_sercurity_logs/fields/fields.yml b/packages/elastic_agent/data_stream/endpoint_sercurity_logs/fields/fields.yml index 24771ec5046..e09a459ee5c 100644 --- a/packages/elastic_agent/data_stream/endpoint_sercurity_logs/fields/fields.yml +++ b/packages/elastic_agent/data_stream/endpoint_sercurity_logs/fields/fields.yml @@ -1,8 +1,6 @@ - name: message type: text - title: Log Message - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -11,18 +9,13 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/data_stream/filebeat_logs/fields/agent.yml b/packages/elastic_agent/data_stream/filebeat_logs/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/filebeat_logs/fields/agent.yml +++ b/packages/elastic_agent/data_stream/filebeat_logs/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/filebeat_logs/fields/ecs.yml b/packages/elastic_agent/data_stream/filebeat_logs/fields/ecs.yml index fcdde864586..60c9580ee7a 100644 --- a/packages/elastic_agent/data_stream/filebeat_logs/fields/ecs.yml +++ b/packages/elastic_agent/data_stream/filebeat_logs/fields/ecs.yml @@ -1,14 +1,10 @@ - external: ecs name: ecs.version - name: log - title: Log - group: 2 description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." type: group fields: - name: level - level: core type: keyword ignore_above: 1024 description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/data_stream/filebeat_logs/fields/fields.yml b/packages/elastic_agent/data_stream/filebeat_logs/fields/fields.yml index 24771ec5046..e09a459ee5c 100644 --- a/packages/elastic_agent/data_stream/filebeat_logs/fields/fields.yml +++ b/packages/elastic_agent/data_stream/filebeat_logs/fields/fields.yml @@ -1,8 +1,6 @@ - name: message type: text - title: Log Message - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -11,18 +9,13 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/data_stream/filebeat_metrics/fields/agent.yml b/packages/elastic_agent/data_stream/filebeat_metrics/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/filebeat_metrics/fields/agent.yml +++ b/packages/elastic_agent/data_stream/filebeat_metrics/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/filebeat_metrics/fields/beat-fields.yml b/packages/elastic_agent/data_stream/filebeat_metrics/fields/beat-fields.yml index 0c063d19aee..408ab9d9b25 100644 --- a/packages/elastic_agent/data_stream/filebeat_metrics/fields/beat-fields.yml +++ b/packages/elastic_agent/data_stream/filebeat_metrics/fields/beat-fields.yml @@ -1,5 +1,5 @@ - name: beat.type - descripion: Beat type. + description: Beat type. type: keyword - name: beat.stats description: Beat stats diff --git a/packages/elastic_agent/data_stream/filebeat_metrics/fields/fields.yml b/packages/elastic_agent/data_stream/filebeat_metrics/fields/fields.yml index a516126a23b..15a4c17b5e1 100644 --- a/packages/elastic_agent/data_stream/filebeat_metrics/fields/fields.yml +++ b/packages/elastic_agent/data_stream/filebeat_metrics/fields/fields.yml @@ -1,5 +1,4 @@ - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -8,21 +7,16 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 - name: system.process type: group fields: diff --git a/packages/elastic_agent/data_stream/fleet_server_logs/fields/agent.yml b/packages/elastic_agent/data_stream/fleet_server_logs/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/fleet_server_logs/fields/agent.yml +++ b/packages/elastic_agent/data_stream/fleet_server_logs/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/fleet_server_logs/fields/ecs.yml b/packages/elastic_agent/data_stream/fleet_server_logs/fields/ecs.yml index fcdde864586..60c9580ee7a 100644 --- a/packages/elastic_agent/data_stream/fleet_server_logs/fields/ecs.yml +++ b/packages/elastic_agent/data_stream/fleet_server_logs/fields/ecs.yml @@ -1,14 +1,10 @@ - external: ecs name: ecs.version - name: log - title: Log - group: 2 description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." type: group fields: - name: level - level: core type: keyword ignore_above: 1024 description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/data_stream/fleet_server_logs/fields/fields.yml b/packages/elastic_agent/data_stream/fleet_server_logs/fields/fields.yml index 24771ec5046..e09a459ee5c 100644 --- a/packages/elastic_agent/data_stream/fleet_server_logs/fields/fields.yml +++ b/packages/elastic_agent/data_stream/fleet_server_logs/fields/fields.yml @@ -1,8 +1,6 @@ - name: message type: text - title: Log Message - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -11,18 +9,13 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/data_stream/fleet_server_metrics/fields/agent.yml b/packages/elastic_agent/data_stream/fleet_server_metrics/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/fleet_server_metrics/fields/agent.yml +++ b/packages/elastic_agent/data_stream/fleet_server_metrics/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/fleet_server_metrics/fields/beat-fields.yml b/packages/elastic_agent/data_stream/fleet_server_metrics/fields/beat-fields.yml index 0c063d19aee..408ab9d9b25 100644 --- a/packages/elastic_agent/data_stream/fleet_server_metrics/fields/beat-fields.yml +++ b/packages/elastic_agent/data_stream/fleet_server_metrics/fields/beat-fields.yml @@ -1,5 +1,5 @@ - name: beat.type - descripion: Beat type. + description: Beat type. type: keyword - name: beat.stats description: Beat stats diff --git a/packages/elastic_agent/data_stream/fleet_server_metrics/fields/fields.yml b/packages/elastic_agent/data_stream/fleet_server_metrics/fields/fields.yml index a516126a23b..15a4c17b5e1 100644 --- a/packages/elastic_agent/data_stream/fleet_server_metrics/fields/fields.yml +++ b/packages/elastic_agent/data_stream/fleet_server_metrics/fields/fields.yml @@ -1,5 +1,4 @@ - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -8,21 +7,16 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 - name: system.process type: group fields: diff --git a/packages/elastic_agent/data_stream/heartbeat_logs/fields/agent.yml b/packages/elastic_agent/data_stream/heartbeat_logs/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/heartbeat_logs/fields/agent.yml +++ b/packages/elastic_agent/data_stream/heartbeat_logs/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/heartbeat_logs/fields/ecs.yml b/packages/elastic_agent/data_stream/heartbeat_logs/fields/ecs.yml index fcdde864586..60c9580ee7a 100644 --- a/packages/elastic_agent/data_stream/heartbeat_logs/fields/ecs.yml +++ b/packages/elastic_agent/data_stream/heartbeat_logs/fields/ecs.yml @@ -1,14 +1,10 @@ - external: ecs name: ecs.version - name: log - title: Log - group: 2 description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." type: group fields: - name: level - level: core type: keyword ignore_above: 1024 description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/data_stream/heartbeat_logs/fields/fields.yml b/packages/elastic_agent/data_stream/heartbeat_logs/fields/fields.yml index 371ed822a54..7621b2bbf96 100644 --- a/packages/elastic_agent/data_stream/heartbeat_logs/fields/fields.yml +++ b/packages/elastic_agent/data_stream/heartbeat_logs/fields/fields.yml @@ -1,8 +1,6 @@ - name: message type: text - title: Log Message - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -11,21 +9,16 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 - name: event.dataset type: constant_keyword description: Event dataset diff --git a/packages/elastic_agent/data_stream/heartbeat_metrics/fields/agent.yml b/packages/elastic_agent/data_stream/heartbeat_metrics/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/heartbeat_metrics/fields/agent.yml +++ b/packages/elastic_agent/data_stream/heartbeat_metrics/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/heartbeat_metrics/fields/beat-fields.yml b/packages/elastic_agent/data_stream/heartbeat_metrics/fields/beat-fields.yml index 0c063d19aee..408ab9d9b25 100644 --- a/packages/elastic_agent/data_stream/heartbeat_metrics/fields/beat-fields.yml +++ b/packages/elastic_agent/data_stream/heartbeat_metrics/fields/beat-fields.yml @@ -1,5 +1,5 @@ - name: beat.type - descripion: Beat type. + description: Beat type. type: keyword - name: beat.stats description: Beat stats diff --git a/packages/elastic_agent/data_stream/heartbeat_metrics/fields/fields.yml b/packages/elastic_agent/data_stream/heartbeat_metrics/fields/fields.yml index a516126a23b..15a4c17b5e1 100644 --- a/packages/elastic_agent/data_stream/heartbeat_metrics/fields/fields.yml +++ b/packages/elastic_agent/data_stream/heartbeat_metrics/fields/fields.yml @@ -1,5 +1,4 @@ - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -8,21 +7,16 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 - name: system.process type: group fields: diff --git a/packages/elastic_agent/data_stream/metricbeat_logs/fields/agent.yml b/packages/elastic_agent/data_stream/metricbeat_logs/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/metricbeat_logs/fields/agent.yml +++ b/packages/elastic_agent/data_stream/metricbeat_logs/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/metricbeat_logs/fields/ecs.yml b/packages/elastic_agent/data_stream/metricbeat_logs/fields/ecs.yml index fcdde864586..60c9580ee7a 100644 --- a/packages/elastic_agent/data_stream/metricbeat_logs/fields/ecs.yml +++ b/packages/elastic_agent/data_stream/metricbeat_logs/fields/ecs.yml @@ -1,14 +1,10 @@ - external: ecs name: ecs.version - name: log - title: Log - group: 2 description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." type: group fields: - name: level - level: core type: keyword ignore_above: 1024 description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/data_stream/metricbeat_logs/fields/fields.yml b/packages/elastic_agent/data_stream/metricbeat_logs/fields/fields.yml index 24771ec5046..e09a459ee5c 100644 --- a/packages/elastic_agent/data_stream/metricbeat_logs/fields/fields.yml +++ b/packages/elastic_agent/data_stream/metricbeat_logs/fields/fields.yml @@ -1,8 +1,6 @@ - name: message type: text - title: Log Message - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -11,18 +9,13 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/data_stream/metricbeat_metrics/fields/agent.yml b/packages/elastic_agent/data_stream/metricbeat_metrics/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/metricbeat_metrics/fields/agent.yml +++ b/packages/elastic_agent/data_stream/metricbeat_metrics/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/metricbeat_metrics/fields/beat-fields.yml b/packages/elastic_agent/data_stream/metricbeat_metrics/fields/beat-fields.yml index 0c063d19aee..408ab9d9b25 100644 --- a/packages/elastic_agent/data_stream/metricbeat_metrics/fields/beat-fields.yml +++ b/packages/elastic_agent/data_stream/metricbeat_metrics/fields/beat-fields.yml @@ -1,5 +1,5 @@ - name: beat.type - descripion: Beat type. + description: Beat type. type: keyword - name: beat.stats description: Beat stats diff --git a/packages/elastic_agent/data_stream/metricbeat_metrics/fields/fields.yml b/packages/elastic_agent/data_stream/metricbeat_metrics/fields/fields.yml index a516126a23b..15a4c17b5e1 100644 --- a/packages/elastic_agent/data_stream/metricbeat_metrics/fields/fields.yml +++ b/packages/elastic_agent/data_stream/metricbeat_metrics/fields/fields.yml @@ -1,5 +1,4 @@ - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -8,21 +7,16 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 - name: system.process type: group fields: diff --git a/packages/elastic_agent/data_stream/osquerybeat_logs/fields/agent.yml b/packages/elastic_agent/data_stream/osquerybeat_logs/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/osquerybeat_logs/fields/agent.yml +++ b/packages/elastic_agent/data_stream/osquerybeat_logs/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/osquerybeat_logs/fields/ecs.yml b/packages/elastic_agent/data_stream/osquerybeat_logs/fields/ecs.yml index fcdde864586..60c9580ee7a 100644 --- a/packages/elastic_agent/data_stream/osquerybeat_logs/fields/ecs.yml +++ b/packages/elastic_agent/data_stream/osquerybeat_logs/fields/ecs.yml @@ -1,14 +1,10 @@ - external: ecs name: ecs.version - name: log - title: Log - group: 2 description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." type: group fields: - name: level - level: core type: keyword ignore_above: 1024 description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/data_stream/osquerybeat_logs/fields/fields.yml b/packages/elastic_agent/data_stream/osquerybeat_logs/fields/fields.yml index 24771ec5046..e09a459ee5c 100644 --- a/packages/elastic_agent/data_stream/osquerybeat_logs/fields/fields.yml +++ b/packages/elastic_agent/data_stream/osquerybeat_logs/fields/fields.yml @@ -1,8 +1,6 @@ - name: message type: text - title: Log Message - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -11,18 +9,13 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/data_stream/osquerybeat_metrics/fields/agent.yml b/packages/elastic_agent/data_stream/osquerybeat_metrics/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/osquerybeat_metrics/fields/agent.yml +++ b/packages/elastic_agent/data_stream/osquerybeat_metrics/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/osquerybeat_metrics/fields/beat-fields.yml b/packages/elastic_agent/data_stream/osquerybeat_metrics/fields/beat-fields.yml index 0c063d19aee..408ab9d9b25 100644 --- a/packages/elastic_agent/data_stream/osquerybeat_metrics/fields/beat-fields.yml +++ b/packages/elastic_agent/data_stream/osquerybeat_metrics/fields/beat-fields.yml @@ -1,5 +1,5 @@ - name: beat.type - descripion: Beat type. + description: Beat type. type: keyword - name: beat.stats description: Beat stats diff --git a/packages/elastic_agent/data_stream/osquerybeat_metrics/fields/fields.yml b/packages/elastic_agent/data_stream/osquerybeat_metrics/fields/fields.yml index a516126a23b..15a4c17b5e1 100644 --- a/packages/elastic_agent/data_stream/osquerybeat_metrics/fields/fields.yml +++ b/packages/elastic_agent/data_stream/osquerybeat_metrics/fields/fields.yml @@ -1,5 +1,4 @@ - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -8,21 +7,16 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 - name: system.process type: group fields: diff --git a/packages/elastic_agent/data_stream/packetbeat_logs/fields/agent.yml b/packages/elastic_agent/data_stream/packetbeat_logs/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/packetbeat_logs/fields/agent.yml +++ b/packages/elastic_agent/data_stream/packetbeat_logs/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/packetbeat_logs/fields/ecs.yml b/packages/elastic_agent/data_stream/packetbeat_logs/fields/ecs.yml index fcdde864586..60c9580ee7a 100644 --- a/packages/elastic_agent/data_stream/packetbeat_logs/fields/ecs.yml +++ b/packages/elastic_agent/data_stream/packetbeat_logs/fields/ecs.yml @@ -1,14 +1,10 @@ - external: ecs name: ecs.version - name: log - title: Log - group: 2 description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." type: group fields: - name: level - level: core type: keyword ignore_above: 1024 description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/data_stream/packetbeat_logs/fields/fields.yml b/packages/elastic_agent/data_stream/packetbeat_logs/fields/fields.yml index 24771ec5046..e09a459ee5c 100644 --- a/packages/elastic_agent/data_stream/packetbeat_logs/fields/fields.yml +++ b/packages/elastic_agent/data_stream/packetbeat_logs/fields/fields.yml @@ -1,8 +1,6 @@ - name: message type: text - title: Log Message - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -11,18 +9,13 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/data_stream/packetbeat_metrics/fields/agent.yml b/packages/elastic_agent/data_stream/packetbeat_metrics/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/elastic_agent/data_stream/packetbeat_metrics/fields/agent.yml +++ b/packages/elastic_agent/data_stream/packetbeat_metrics/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/elastic_agent/data_stream/packetbeat_metrics/fields/beat-fields.yml b/packages/elastic_agent/data_stream/packetbeat_metrics/fields/beat-fields.yml index 0c063d19aee..408ab9d9b25 100644 --- a/packages/elastic_agent/data_stream/packetbeat_metrics/fields/beat-fields.yml +++ b/packages/elastic_agent/data_stream/packetbeat_metrics/fields/beat-fields.yml @@ -1,5 +1,5 @@ - name: beat.type - descripion: Beat type. + description: Beat type. type: keyword - name: beat.stats description: Beat stats diff --git a/packages/elastic_agent/data_stream/packetbeat_metrics/fields/fields.yml b/packages/elastic_agent/data_stream/packetbeat_metrics/fields/fields.yml index a516126a23b..15a4c17b5e1 100644 --- a/packages/elastic_agent/data_stream/packetbeat_metrics/fields/fields.yml +++ b/packages/elastic_agent/data_stream/packetbeat_metrics/fields/fields.yml @@ -1,5 +1,4 @@ - name: elastic_agent - title: Elastic Agent description: Fields related to the Elastic Agents type: group fields: @@ -8,21 +7,16 @@ ignore_above: 1024 description: Elastic Agent id. - name: process - level: extended type: keyword ignore_above: 1024 description: Process run by the Elastic Agent. - example: metricbeat - name: snapshot - level: extended type: boolean description: Is the agent running from a snapshot build - name: version - level: extended type: keyword ignore_above: 1024 description: Elastic agent version. - example: 7.11.0 - name: system.process type: group fields: diff --git a/packages/elastic_agent/manifest.yml b/packages/elastic_agent/manifest.yml index fbbcc00ea96..65371d3606b 100644 --- a/packages/elastic_agent/manifest.yml +++ b/packages/elastic_agent/manifest.yml @@ -1,6 +1,6 @@ name: elastic_agent title: Elastic Agent -version: 1.3.1 +version: "1.3.2" release: ga description: Collect logs and metrics from Elastic Agents. type: integration diff --git a/packages/elasticsearch/changelog.yml b/packages/elasticsearch/changelog.yml index c768eb508a6..e20c92dd600 100644 --- a/packages/elasticsearch/changelog.yml +++ b/packages/elasticsearch/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.3" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.2.2" changes: - description: Add documentation for multi-fields diff --git a/packages/elasticsearch/data_stream/ccr/fields/fields.yml b/packages/elasticsearch/data_stream/ccr/fields/fields.yml index dd84e6f94bd..2880b91305a 100644 --- a/packages/elasticsearch/data_stream/ccr/fields/fields.yml +++ b/packages/elasticsearch/data_stream/ccr/fields/fields.yml @@ -1,6 +1,5 @@ - name: elasticsearch.ccr type: group - release: ga fields: - name: remote_cluster type: keyword diff --git a/packages/elasticsearch/data_stream/cluster_stats/fields/fields.yml b/packages/elasticsearch/data_stream/cluster_stats/fields/fields.yml index 0d0e52f5bed..2017d1500ee 100644 --- a/packages/elasticsearch/data_stream/cluster_stats/fields/fields.yml +++ b/packages/elasticsearch/data_stream/cluster_stats/fields/fields.yml @@ -1,6 +1,5 @@ - name: elasticsearch.cluster.stats type: group - release: ga fields: - name: version type: keyword diff --git a/packages/elasticsearch/data_stream/enrich/fields/fields.yml b/packages/elasticsearch/data_stream/enrich/fields/fields.yml index b1e626ceeeb..ecce5176269 100644 --- a/packages/elasticsearch/data_stream/enrich/fields/fields.yml +++ b/packages/elasticsearch/data_stream/enrich/fields/fields.yml @@ -1,6 +1,5 @@ - name: elasticsearch.enrich type: group - release: ga fields: - name: executing_policy type: group diff --git a/packages/elasticsearch/data_stream/index/fields/fields.yml b/packages/elasticsearch/data_stream/index/fields/fields.yml index 39ecdae58ee..bf6dd1acdb4 100644 --- a/packages/elasticsearch/data_stream/index/fields/fields.yml +++ b/packages/elasticsearch/data_stream/index/fields/fields.yml @@ -1,6 +1,5 @@ - name: elasticsearch.index type: group - release: ga fields: - name: created type: long diff --git a/packages/elasticsearch/data_stream/index_recovery/fields/fields.yml b/packages/elasticsearch/data_stream/index_recovery/fields/fields.yml index 1d67006406e..0ce5d17901d 100644 --- a/packages/elasticsearch/data_stream/index_recovery/fields/fields.yml +++ b/packages/elasticsearch/data_stream/index_recovery/fields/fields.yml @@ -1,12 +1,10 @@ - name: elasticsearch.index type: group - release: ga fields: - name: name type: keyword - name: recovery type: group - release: ga fields: - name: index type: group diff --git a/packages/elasticsearch/data_stream/index_summary/fields/fields.yml b/packages/elasticsearch/data_stream/index_summary/fields/fields.yml index 3f550d11f52..bd0028f7ad8 100644 --- a/packages/elasticsearch/data_stream/index_summary/fields/fields.yml +++ b/packages/elasticsearch/data_stream/index_summary/fields/fields.yml @@ -1,6 +1,5 @@ - name: elasticsearch.index.summary type: group - release: ga fields: - name: primaries type: group diff --git a/packages/elasticsearch/data_stream/ml_job/fields/ecs.yml b/packages/elasticsearch/data_stream/ml_job/fields/ecs.yml index fffb781df80..5c31c54af99 100644 --- a/packages/elasticsearch/data_stream/ml_job/fields/ecs.yml +++ b/packages/elasticsearch/data_stream/ml_job/fields/ecs.yml @@ -1,6 +1,4 @@ - name: '@timestamp' - level: core - required: true type: date description: |- Date/time when the event originated. diff --git a/packages/elasticsearch/data_stream/ml_job/fields/fields.yml b/packages/elasticsearch/data_stream/ml_job/fields/fields.yml index 558fcb5a94c..55c0ffd3416 100644 --- a/packages/elasticsearch/data_stream/ml_job/fields/fields.yml +++ b/packages/elasticsearch/data_stream/ml_job/fields/fields.yml @@ -1,6 +1,5 @@ - name: elasticsearch.ml.job type: group - release: ga fields: - name: id type: keyword diff --git a/packages/elasticsearch/data_stream/node/fields/fields.yml b/packages/elasticsearch/data_stream/node/fields/fields.yml index 98d8496a786..de5318e7bd7 100644 --- a/packages/elasticsearch/data_stream/node/fields/fields.yml +++ b/packages/elasticsearch/data_stream/node/fields/fields.yml @@ -1,6 +1,5 @@ - name: elasticsearch.node type: group - release: ga fields: - name: version type: keyword diff --git a/packages/elasticsearch/data_stream/node_stats/fields/fields.yml b/packages/elasticsearch/data_stream/node_stats/fields/fields.yml index dfe6387367f..e5bc06e7cbe 100644 --- a/packages/elasticsearch/data_stream/node_stats/fields/fields.yml +++ b/packages/elasticsearch/data_stream/node_stats/fields/fields.yml @@ -1,6 +1,5 @@ - name: elasticsearch.node.stats type: group - release: ga fields: - name: indices type: group diff --git a/packages/elasticsearch/data_stream/pending_tasks/fields/fields.yml b/packages/elasticsearch/data_stream/pending_tasks/fields/fields.yml index 324d4327d94..eef343eabcb 100644 --- a/packages/elasticsearch/data_stream/pending_tasks/fields/fields.yml +++ b/packages/elasticsearch/data_stream/pending_tasks/fields/fields.yml @@ -1,6 +1,5 @@ - name: elasticsearch.cluster.pending_task type: group - release: ga fields: - name: insert_order type: long diff --git a/packages/elasticsearch/data_stream/shard/fields/fields.yml b/packages/elasticsearch/data_stream/shard/fields/fields.yml index 2931fa19741..25709e37aed 100644 --- a/packages/elasticsearch/data_stream/shard/fields/fields.yml +++ b/packages/elasticsearch/data_stream/shard/fields/fields.yml @@ -1,6 +1,5 @@ - name: elasticsearch.shard type: group - release: ga fields: - name: primary type: boolean diff --git a/packages/elasticsearch/manifest.yml b/packages/elasticsearch/manifest.yml index 494e901d7dc..3b732f06374 100644 --- a/packages/elasticsearch/manifest.yml +++ b/packages/elasticsearch/manifest.yml @@ -1,6 +1,6 @@ name: elasticsearch title: Elasticsearch -version: 0.2.2 +version: "0.2.3" release: experimental description: Elasticsearch Integration type: integration diff --git a/packages/f5/changelog.yml b/packages/f5/changelog.yml index 285606778d7..1a3f98e0aa5 100644 --- a/packages/f5/changelog.yml +++ b/packages/f5/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.9.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/f5/data_stream/bigipafm/fields/base-fields.yml b/packages/f5/data_stream/bigipafm/fields/base-fields.yml index a4f2b5492fe..1cf67f0f925 100644 --- a/packages/f5/data_stream/bigipafm/fields/base-fields.yml +++ b/packages/f5/data_stream/bigipafm/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/f5/data_stream/bigipafm/fields/ecs.yml b/packages/f5/data_stream/bigipafm/fields/ecs.yml index 917aab6ef3e..e2cf169296c 100644 --- a/packages/f5/data_stream/bigipafm/fields/ecs.yml +++ b/packages/f5/data_stream/bigipafm/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/f5/data_stream/bigipapm/fields/base-fields.yml b/packages/f5/data_stream/bigipapm/fields/base-fields.yml index 88bd33161a9..1dd299ff508 100644 --- a/packages/f5/data_stream/bigipapm/fields/base-fields.yml +++ b/packages/f5/data_stream/bigipapm/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/f5/data_stream/bigipapm/fields/ecs.yml b/packages/f5/data_stream/bigipapm/fields/ecs.yml index 6159945987a..ce44f149d3c 100644 --- a/packages/f5/data_stream/bigipapm/fields/ecs.yml +++ b/packages/f5/data_stream/bigipapm/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/f5/manifest.yml b/packages/f5/manifest.yml index 5293560f166..fd3255cfabc 100644 --- a/packages/f5/manifest.yml +++ b/packages/f5/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: f5 title: F5 Logs -version: 0.9.0 +version: "0.9.1" description: Collect and parse logs from F5 devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/fim/changelog.yml b/packages/fim/changelog.yml index 800473bf953..ba782ca900c 100644 --- a/packages/fim/changelog.yml +++ b/packages/fim/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.1.0" changes: - description: Initial version diff --git a/packages/fim/data_stream/event/fields/agent.yml b/packages/fim/data_stream/event/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/fim/data_stream/event/fields/agent.yml +++ b/packages/fim/data_stream/event/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/fim/data_stream/event/fields/base-fields.yml b/packages/fim/data_stream/event/fields/base-fields.yml index 0c26baedb3f..3088ac0d44d 100644 --- a/packages/fim/data_stream/event/fields/base-fields.yml +++ b/packages/fim/data_stream/event/fields/base-fields.yml @@ -20,6 +20,5 @@ description: Event timestamp. - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/fim/data_stream/event/fields/ecs.yml b/packages/fim/data_stream/event/fields/ecs.yml index ef68090bb59..ce5ecc09a45 100644 --- a/packages/fim/data_stream/event/fields/ecs.yml +++ b/packages/fim/data_stream/event/fields/ecs.yml @@ -89,7 +89,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/fim/data_stream/event/fields/package-fields.yml b/packages/fim/data_stream/event/fields/package-fields.yml index 69aaa4e9ccd..efccc6039a5 100644 --- a/packages/fim/data_stream/event/fields/package-fields.yml +++ b/packages/fim/data_stream/event/fields/package-fields.yml @@ -4,11 +4,9 @@ fields: - name: setuid type: boolean - example: true description: Set if the file has the `setuid` bit set. Omitted otherwise. - name: setgid type: boolean - example: true description: Set if the file has the `setgid` bit set. Omitted otherwise. - name: origin type: keyword diff --git a/packages/fim/manifest.yml b/packages/fim/manifest.yml index db728d6769a..909f9bfb5e7 100644 --- a/packages/fim/manifest.yml +++ b/packages/fim/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: fim title: "File Integrity Monitoring" -version: 0.1.0 +version: "0.1.1" license: basic release: beta description: "The File Integrity Monitoring integration reports filesystem changes in real time." diff --git a/packages/fireeye/changelog.yml b/packages/fireeye/changelog.yml index 7c5d56a68be..f86e0042dcc 100644 --- a/packages/fireeye/changelog.yml +++ b/packages/fireeye/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.0" changes: - description: Update to ECS 8.2 diff --git a/packages/fireeye/data_stream/nx/fields/agent.yml b/packages/fireeye/data_stream/nx/fields/agent.yml index a371c03d96d..a2307848672 100644 --- a/packages/fireeye/data_stream/nx/fields/agent.yml +++ b/packages/fireeye/data_stream/nx/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/fireeye/data_stream/nx/fields/ecs.yml b/packages/fireeye/data_stream/nx/fields/ecs.yml index f1d3ef0500a..9b24eac6f14 100644 --- a/packages/fireeye/data_stream/nx/fields/ecs.yml +++ b/packages/fireeye/data_stream/nx/fields/ecs.yml @@ -51,7 +51,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs @@ -77,7 +76,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs diff --git a/packages/fireeye/manifest.yml b/packages/fireeye/manifest.yml index 382b78c79ce..80678cd674e 100644 --- a/packages/fireeye/manifest.yml +++ b/packages/fireeye/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: fireeye title: "Fireeye" -version: 1.3.0 +version: "1.3.1" license: basic description: "This Elastic integration collects Fireeye NX logs." type: integration diff --git a/packages/fortinet/changelog.yml b/packages/fortinet/changelog.yml index 227b2679005..87337f34d9c 100644 --- a/packages/fortinet/changelog.yml +++ b/packages/fortinet/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.5.0" changes: - description: Update to ECS 8.2.0 to use new email field set. diff --git a/packages/fortinet/data_stream/clientendpoint/fields/agent.yml b/packages/fortinet/data_stream/clientendpoint/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/fortinet/data_stream/clientendpoint/fields/agent.yml +++ b/packages/fortinet/data_stream/clientendpoint/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/fortinet/data_stream/clientendpoint/fields/base-fields.yml b/packages/fortinet/data_stream/clientendpoint/fields/base-fields.yml index 82f01336920..17ef06db42a 100644 --- a/packages/fortinet/data_stream/clientendpoint/fields/base-fields.yml +++ b/packages/fortinet/data_stream/clientendpoint/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/fortinet/data_stream/clientendpoint/fields/ecs.yml b/packages/fortinet/data_stream/clientendpoint/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/fortinet/data_stream/clientendpoint/fields/ecs.yml +++ b/packages/fortinet/data_stream/clientendpoint/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/fortinet/data_stream/firewall/fields/agent.yml b/packages/fortinet/data_stream/firewall/fields/agent.yml index f6127c3e224..124b8ee388b 100644 --- a/packages/fortinet/data_stream/firewall/fields/agent.yml +++ b/packages/fortinet/data_stream/firewall/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/fortinet/data_stream/firewall/fields/ecs.yml b/packages/fortinet/data_stream/firewall/fields/ecs.yml index c17ad238522..b29bc9a640a 100644 --- a/packages/fortinet/data_stream/firewall/fields/ecs.yml +++ b/packages/fortinet/data_stream/firewall/fields/ecs.yml @@ -19,7 +19,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -167,7 +166,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/fortinet/data_stream/firewall/fields/fields.yml b/packages/fortinet/data_stream/firewall/fields/fields.yml index d7fa9c281c7..3b9f490e811 100644 --- a/packages/fortinet/data_stream/firewall/fields/fields.yml +++ b/packages/fortinet/data_stream/firewall/fields/fields.yml @@ -7,7 +7,6 @@ CRC32 Hash of file - name: firewall type: group - release: beta fields: - name: acct_stat type: keyword diff --git a/packages/fortinet/data_stream/fortimail/fields/agent.yml b/packages/fortinet/data_stream/fortimail/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/fortinet/data_stream/fortimail/fields/agent.yml +++ b/packages/fortinet/data_stream/fortimail/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/fortinet/data_stream/fortimail/fields/base-fields.yml b/packages/fortinet/data_stream/fortimail/fields/base-fields.yml index 50a37950c47..66664a50c60 100644 --- a/packages/fortinet/data_stream/fortimail/fields/base-fields.yml +++ b/packages/fortinet/data_stream/fortimail/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/fortinet/data_stream/fortimail/fields/ecs.yml b/packages/fortinet/data_stream/fortimail/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/fortinet/data_stream/fortimail/fields/ecs.yml +++ b/packages/fortinet/data_stream/fortimail/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/fortinet/data_stream/fortimanager/fields/agent.yml b/packages/fortinet/data_stream/fortimanager/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/fortinet/data_stream/fortimanager/fields/agent.yml +++ b/packages/fortinet/data_stream/fortimanager/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/fortinet/data_stream/fortimanager/fields/base-fields.yml b/packages/fortinet/data_stream/fortimanager/fields/base-fields.yml index bbad94843bc..6647878b72a 100644 --- a/packages/fortinet/data_stream/fortimanager/fields/base-fields.yml +++ b/packages/fortinet/data_stream/fortimanager/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/fortinet/data_stream/fortimanager/fields/ecs.yml b/packages/fortinet/data_stream/fortimanager/fields/ecs.yml index 917aab6ef3e..e2cf169296c 100644 --- a/packages/fortinet/data_stream/fortimanager/fields/ecs.yml +++ b/packages/fortinet/data_stream/fortimanager/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/fortinet/manifest.yml b/packages/fortinet/manifest.yml index c07a83454e6..cc1d62ec7b7 100644 --- a/packages/fortinet/manifest.yml +++ b/packages/fortinet/manifest.yml @@ -1,6 +1,6 @@ name: fortinet title: Fortinet Logs -version: 1.5.0 +version: "1.5.1" release: ga description: Collect logs from Fortinet instances with Elastic Agent. type: integration diff --git a/packages/gcp/changelog.yml b/packages/gcp/changelog.yml index 8cc88f52d65..70b6ed6a966 100644 --- a/packages/gcp/changelog.yml +++ b/packages/gcp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.6.1" changes: - description: Clarify the GCP privileges required by the Pub/Sub input. diff --git a/packages/gcp/data_stream/audit/fields/agent.yml b/packages/gcp/data_stream/audit/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/gcp/data_stream/audit/fields/agent.yml +++ b/packages/gcp/data_stream/audit/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/gcp/data_stream/audit/fields/ecs.yml b/packages/gcp/data_stream/audit/fields/ecs.yml index 0e12c49d653..b184cd114da 100644 --- a/packages/gcp/data_stream/audit/fields/ecs.yml +++ b/packages/gcp/data_stream/audit/fields/ecs.yml @@ -49,7 +49,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/gcp/data_stream/dns/fields/agent.yml b/packages/gcp/data_stream/dns/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/gcp/data_stream/dns/fields/agent.yml +++ b/packages/gcp/data_stream/dns/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/gcp/data_stream/firewall/fields/agent.yml b/packages/gcp/data_stream/firewall/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/gcp/data_stream/firewall/fields/agent.yml +++ b/packages/gcp/data_stream/firewall/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/gcp/data_stream/firewall/fields/ecs.yml b/packages/gcp/data_stream/firewall/fields/ecs.yml index dda63d107f6..7759d1d18ca 100644 --- a/packages/gcp/data_stream/firewall/fields/ecs.yml +++ b/packages/gcp/data_stream/firewall/fields/ecs.yml @@ -19,7 +19,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -85,7 +84,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/gcp/data_stream/vpcflow/fields/agent.yml b/packages/gcp/data_stream/vpcflow/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/gcp/data_stream/vpcflow/fields/agent.yml +++ b/packages/gcp/data_stream/vpcflow/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/gcp/data_stream/vpcflow/fields/ecs.yml b/packages/gcp/data_stream/vpcflow/fields/ecs.yml index 266e736b001..f415e010242 100644 --- a/packages/gcp/data_stream/vpcflow/fields/ecs.yml +++ b/packages/gcp/data_stream/vpcflow/fields/ecs.yml @@ -19,7 +19,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -91,7 +90,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/gcp/manifest.yml b/packages/gcp/manifest.yml index 42b0f9a3547..9317a1d113c 100644 --- a/packages/gcp/manifest.yml +++ b/packages/gcp/manifest.yml @@ -1,6 +1,6 @@ name: gcp title: Google Cloud Platform -version: 1.6.1 +version: "1.6.2" release: ga description: Collect logs from Google Cloud Platform with Elastic Agent. type: integration diff --git a/packages/gcp_pubsub/changelog.yml b/packages/gcp_pubsub/changelog.yml index 1a9fb269184..4faa5b2c560 100644 --- a/packages/gcp_pubsub/changelog.yml +++ b/packages/gcp_pubsub/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.0.0" changes: - description: Initial Release diff --git a/packages/gcp_pubsub/data_stream/generic/fields/agent.yml b/packages/gcp_pubsub/data_stream/generic/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/gcp_pubsub/data_stream/generic/fields/agent.yml +++ b/packages/gcp_pubsub/data_stream/generic/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/gcp_pubsub/manifest.yml b/packages/gcp_pubsub/manifest.yml index 19bfc566503..c345a1e7388 100644 --- a/packages/gcp_pubsub/manifest.yml +++ b/packages/gcp_pubsub/manifest.yml @@ -1,6 +1,6 @@ name: gcp_pubsub title: Custom Google Pub/Sub Logs -version: 1.0.0 +version: "1.0.1" release: ga description: Collect Logs from Google Pub/Sub topics type: integration diff --git a/packages/github/changelog.yml b/packages/github/changelog.yml index be21333d3eb..deb672eafa6 100644 --- a/packages/github/changelog.yml +++ b/packages/github/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.4.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.4.0" changes: - description: Update to ECS 8.2 diff --git a/packages/github/data_stream/audit/fields/agent.yml b/packages/github/data_stream/audit/fields/agent.yml index 4d9a6f7b362..d71780611d2 100644 --- a/packages/github/data_stream/audit/fields/agent.yml +++ b/packages/github/data_stream/audit/fields/agent.yml @@ -1,35 +1,26 @@ - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -38,58 +29,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -102,13 +78,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/github/manifest.yml b/packages/github/manifest.yml index fe7ec5717f3..3fe19772792 100644 --- a/packages/github/manifest.yml +++ b/packages/github/manifest.yml @@ -1,6 +1,6 @@ name: github title: GitHub -version: 0.4.0 +version: "0.4.1" release: experimental description: Collect events from GitHub with Elastic Agent. type: integration diff --git a/packages/google_workspace/changelog.yml b/packages/google_workspace/changelog.yml index 101e3f08e52..38ea00811d4 100644 --- a/packages/google_workspace/changelog.yml +++ b/packages/google_workspace/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.4.0" changes: - description: Update to ECS 8.2 diff --git a/packages/google_workspace/data_stream/admin/fields/agent.yml b/packages/google_workspace/data_stream/admin/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/google_workspace/data_stream/admin/fields/agent.yml +++ b/packages/google_workspace/data_stream/admin/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/google_workspace/data_stream/admin/fields/ecs.yml b/packages/google_workspace/data_stream/admin/fields/ecs.yml index 4ea90a14e84..5ab5384eed2 100644 --- a/packages/google_workspace/data_stream/admin/fields/ecs.yml +++ b/packages/google_workspace/data_stream/admin/fields/ecs.yml @@ -65,7 +65,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/google_workspace/data_stream/drive/fields/agent.yml b/packages/google_workspace/data_stream/drive/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/google_workspace/data_stream/drive/fields/agent.yml +++ b/packages/google_workspace/data_stream/drive/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/google_workspace/data_stream/drive/fields/ecs.yml b/packages/google_workspace/data_stream/drive/fields/ecs.yml index 11a8398fbab..bc785077bbf 100644 --- a/packages/google_workspace/data_stream/drive/fields/ecs.yml +++ b/packages/google_workspace/data_stream/drive/fields/ecs.yml @@ -73,7 +73,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/google_workspace/data_stream/groups/fields/agent.yml b/packages/google_workspace/data_stream/groups/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/google_workspace/data_stream/groups/fields/agent.yml +++ b/packages/google_workspace/data_stream/groups/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/google_workspace/data_stream/groups/fields/ecs.yml b/packages/google_workspace/data_stream/groups/fields/ecs.yml index bbc5a2dd20c..8b96c74d30d 100644 --- a/packages/google_workspace/data_stream/groups/fields/ecs.yml +++ b/packages/google_workspace/data_stream/groups/fields/ecs.yml @@ -63,7 +63,6 @@ - external: ecs name: source.geo.country_name - name: source.geo.location - level: core type: geo_point description: Longitude and latitude. - external: ecs diff --git a/packages/google_workspace/data_stream/login/fields/agent.yml b/packages/google_workspace/data_stream/login/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/google_workspace/data_stream/login/fields/agent.yml +++ b/packages/google_workspace/data_stream/login/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/google_workspace/data_stream/login/fields/ecs.yml b/packages/google_workspace/data_stream/login/fields/ecs.yml index bbc5a2dd20c..8b96c74d30d 100644 --- a/packages/google_workspace/data_stream/login/fields/ecs.yml +++ b/packages/google_workspace/data_stream/login/fields/ecs.yml @@ -63,7 +63,6 @@ - external: ecs name: source.geo.country_name - name: source.geo.location - level: core type: geo_point description: Longitude and latitude. - external: ecs diff --git a/packages/google_workspace/data_stream/saml/fields/agent.yml b/packages/google_workspace/data_stream/saml/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/google_workspace/data_stream/saml/fields/agent.yml +++ b/packages/google_workspace/data_stream/saml/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/google_workspace/data_stream/saml/fields/ecs.yml b/packages/google_workspace/data_stream/saml/fields/ecs.yml index bbc5a2dd20c..8b96c74d30d 100644 --- a/packages/google_workspace/data_stream/saml/fields/ecs.yml +++ b/packages/google_workspace/data_stream/saml/fields/ecs.yml @@ -63,7 +63,6 @@ - external: ecs name: source.geo.country_name - name: source.geo.location - level: core type: geo_point description: Longitude and latitude. - external: ecs diff --git a/packages/google_workspace/data_stream/user_accounts/fields/agent.yml b/packages/google_workspace/data_stream/user_accounts/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/google_workspace/data_stream/user_accounts/fields/agent.yml +++ b/packages/google_workspace/data_stream/user_accounts/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/google_workspace/data_stream/user_accounts/fields/ecs.yml b/packages/google_workspace/data_stream/user_accounts/fields/ecs.yml index bbc5a2dd20c..8b96c74d30d 100644 --- a/packages/google_workspace/data_stream/user_accounts/fields/ecs.yml +++ b/packages/google_workspace/data_stream/user_accounts/fields/ecs.yml @@ -63,7 +63,6 @@ - external: ecs name: source.geo.country_name - name: source.geo.location - level: core type: geo_point description: Longitude and latitude. - external: ecs diff --git a/packages/google_workspace/manifest.yml b/packages/google_workspace/manifest.yml index 96d1f138714..f4b672bc11a 100644 --- a/packages/google_workspace/manifest.yml +++ b/packages/google_workspace/manifest.yml @@ -1,6 +1,6 @@ name: google_workspace title: Google Workspace Audit Reports -version: 1.4.0 +version: "1.4.1" release: ga description: Collect audit reports from Google Workspaces with Elastic Agent. type: integration diff --git a/packages/haproxy/changelog.yml b/packages/haproxy/changelog.yml index f629b9f2303..b4d8ad8eb27 100644 --- a/packages/haproxy/changelog.yml +++ b/packages/haproxy/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.1.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.1.1" changes: - description: Add documentation for multi-fields diff --git a/packages/haproxy/data_stream/info/fields/agent.yml b/packages/haproxy/data_stream/info/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/haproxy/data_stream/info/fields/agent.yml +++ b/packages/haproxy/data_stream/info/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/haproxy/data_stream/log/fields/agent.yml b/packages/haproxy/data_stream/log/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/haproxy/data_stream/log/fields/agent.yml +++ b/packages/haproxy/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/haproxy/data_stream/log/fields/ecs.yml b/packages/haproxy/data_stream/log/fields/ecs.yml index 418948ab587..e8c3330fbd7 100644 --- a/packages/haproxy/data_stream/log/fields/ecs.yml +++ b/packages/haproxy/data_stream/log/fields/ecs.yml @@ -47,7 +47,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/haproxy/data_stream/stat/fields/agent.yml b/packages/haproxy/data_stream/stat/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/haproxy/data_stream/stat/fields/agent.yml +++ b/packages/haproxy/data_stream/stat/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/haproxy/manifest.yml b/packages/haproxy/manifest.yml index 2517e41729a..bf7ad8948a4 100644 --- a/packages/haproxy/manifest.yml +++ b/packages/haproxy/manifest.yml @@ -1,6 +1,6 @@ name: haproxy title: HAProxy -version: 1.1.1 +version: "1.1.2" description: Collect logs and metrics from HAProxy servers with Elastic Agent. type: integration icons: diff --git a/packages/hashicorp_vault/changelog.yml b/packages/hashicorp_vault/changelog.yml index 15522bc940c..2866ebfd122 100644 --- a/packages/hashicorp_vault/changelog.yml +++ b/packages/hashicorp_vault/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.4.0" changes: - description: Update to ECS 8.2 diff --git a/packages/hashicorp_vault/data_stream/metrics/fields/fields.yml b/packages/hashicorp_vault/data_stream/metrics/fields/fields.yml index 460dfe67663..d0198788071 100644 --- a/packages/hashicorp_vault/data_stream/metrics/fields/fields.yml +++ b/packages/hashicorp_vault/data_stream/metrics/fields/fields.yml @@ -40,7 +40,6 @@ - name: token_type type: keyword description: Identifies whether the token is a batch token or a service token. - example: service - name: type type: keyword - name: version diff --git a/packages/hashicorp_vault/manifest.yml b/packages/hashicorp_vault/manifest.yml index 1ac240bd83f..7b4dfac858a 100644 --- a/packages/hashicorp_vault/manifest.yml +++ b/packages/hashicorp_vault/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: hashicorp_vault title: Hashicorp Vault -version: 1.4.0 +version: "1.4.1" license: basic description: Collect logs and metrics from Hashicorp Vault with Elastic Agent. type: integration diff --git a/packages/hid_bravura_monitor/changelog.yml b/packages/hid_bravura_monitor/changelog.yml index 4c880e07b99..0e44a45de84 100644 --- a/packages/hid_bravura_monitor/changelog.yml +++ b/packages/hid_bravura_monitor/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.3" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.0.2" changes: - description: Add documentation for multi-fields diff --git a/packages/hid_bravura_monitor/data_stream/log/fields/agent.yml b/packages/hid_bravura_monitor/data_stream/log/fields/agent.yml index d38a70bd6b3..efcdeb30806 100644 --- a/packages/hid_bravura_monitor/data_stream/log/fields/agent.yml +++ b/packages/hid_bravura_monitor/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/hid_bravura_monitor/data_stream/log/fields/ecs.yml b/packages/hid_bravura_monitor/data_stream/log/fields/ecs.yml index eaee751dad7..50ce941bb5b 100644 --- a/packages/hid_bravura_monitor/data_stream/log/fields/ecs.yml +++ b/packages/hid_bravura_monitor/data_stream/log/fields/ecs.yml @@ -21,7 +21,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -153,7 +152,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/hid_bravura_monitor/data_stream/winlog/fields/agent.yml b/packages/hid_bravura_monitor/data_stream/winlog/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/fields/agent.yml +++ b/packages/hid_bravura_monitor/data_stream/winlog/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/hid_bravura_monitor/data_stream/winlog/fields/base-fields.yml b/packages/hid_bravura_monitor/data_stream/winlog/fields/base-fields.yml index ecf4acb535d..358c779b048 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/fields/base-fields.yml +++ b/packages/hid_bravura_monitor/data_stream/winlog/fields/base-fields.yml @@ -21,6 +21,5 @@ value: hid_bravura_monitor.winlog - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/hid_bravura_monitor/data_stream/winlog/fields/winlog.yml b/packages/hid_bravura_monitor/data_stream/winlog/fields/winlog.yml index 9d6d57c7473..a692142e5e2 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/fields/winlog.yml +++ b/packages/hid_bravura_monitor/data_stream/winlog/fields/winlog.yml @@ -5,7 +5,6 @@ fields: - name: api - required: true type: keyword description: > The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. @@ -14,19 +13,16 @@ - name: activity_id type: keyword - required: false description: > A globally unique identifier that identifies the current activity. The events that are published with this identifier are part of the same activity. - name: channel type: keyword - required: true description: > The name of the channel from which this record was read. This value is one of the names from the `event_logs` collection in the configuration. - name: computer_name type: keyword - required: true description: > The name of the computer that generated the record. When using Windows event forwarding, this name can differ from `agent.hostname`. @@ -45,7 +41,6 @@ - name: event_data type: object object_type: keyword - required: false description: > The event-specific data. This field is mutually exclusive with `user_data`. If you are capturing event data on versions prior to Windows Vista, the parameters in `event_data` are named `param1`, `param2`, and so on, because event log parameters are unnamed in earlier versions of Windows. @@ -227,92 +222,75 @@ type: keyword - name: event_id type: keyword - required: true description: > The event identifier. The value is specific to the source of the event. - name: keywords type: keyword - required: false description: > The keywords are used to classify an event. - name: level type: keyword - required: false description: > The event severity. Levels are Critical, Error, Warning and Information, Verbose - name: outcome type: keyword - required: false description: > Success or Failure of the event. - name: record_id type: keyword - required: true description: > The record ID of the event log record. The first record written to an event log is record number 1, and other records are numbered sequentially. If the record number reaches the maximum value (2^32^ for the Event Logging API and 2^64^ for the Windows Event Log API), the next record number will be 0. - name: related_activity_id type: keyword - required: false description: > A globally unique identifier that identifies the activity to which control was transferred to. The related events would then have this identifier as their `activity_id` identifier. - name: opcode type: keyword - required: false description: > The opcode defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. - name: provider_guid type: keyword - required: false description: > A globally unique identifier that identifies the provider that logged the event. - name: process.pid type: long - required: false description: > The process_id of the Client Server Runtime Process. - name: provider_name type: keyword - required: true description: > The source of the event log record (the application or service that logged the record). - name: task type: keyword - required: false description: > The task defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. The category used by the Event Logging API (on pre Windows Vista operating systems) is written to this field. - name: time_created type: keyword - required: false description: > Time event was created - name: trustAttribute type: keyword - required: false - name: trustDirection type: keyword - required: false - name: trustType type: keyword - required: false - name: process.thread.id type: long - required: false - name: user_data type: object object_type: keyword - required: false description: > The event specific data. This field is mutually exclusive with `event_data`. @@ -328,17 +306,14 @@ - name: user.domain type: keyword - required: false description: > The domain that the account associated with this event is a member of. - name: user.type type: keyword - required: false description: > The type of account associated with this event. - name: version type: long - required: false description: The version number of the event's definition. diff --git a/packages/hid_bravura_monitor/manifest.yml b/packages/hid_bravura_monitor/manifest.yml index eb761c62d82..48598982ebf 100644 --- a/packages/hid_bravura_monitor/manifest.yml +++ b/packages/hid_bravura_monitor/manifest.yml @@ -1,6 +1,6 @@ name: hid_bravura_monitor title: Hitachi ID Bravura Monitor -version: 1.0.2 +version: "1.0.3" categories: ["security"] release: ga description: Collect logs from Hitachi ID Security Fabric with Elastic Agent. diff --git a/packages/iis/changelog.yml b/packages/iis/changelog.yml index d0c0d1a98ad..338e16e00aa 100644 --- a/packages/iis/changelog.yml +++ b/packages/iis/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.5" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.8.4" changes: - description: Add documentation for multi-fields diff --git a/packages/iis/data_stream/access/fields/agent.yml b/packages/iis/data_stream/access/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/iis/data_stream/access/fields/agent.yml +++ b/packages/iis/data_stream/access/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/iis/data_stream/access/fields/ecs.yml b/packages/iis/data_stream/access/fields/ecs.yml index 80a028d9cb0..ef203fec54e 100644 --- a/packages/iis/data_stream/access/fields/ecs.yml +++ b/packages/iis/data_stream/access/fields/ecs.yml @@ -47,7 +47,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/iis/data_stream/application_pool/fields/agent.yml b/packages/iis/data_stream/application_pool/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/iis/data_stream/application_pool/fields/agent.yml +++ b/packages/iis/data_stream/application_pool/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/iis/data_stream/error/fields/agent.yml b/packages/iis/data_stream/error/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/iis/data_stream/error/fields/agent.yml +++ b/packages/iis/data_stream/error/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/iis/data_stream/error/fields/ecs.yml b/packages/iis/data_stream/error/fields/ecs.yml index 58caadf4de0..9332d867627 100644 --- a/packages/iis/data_stream/error/fields/ecs.yml +++ b/packages/iis/data_stream/error/fields/ecs.yml @@ -37,7 +37,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/iis/data_stream/webserver/fields/agent.yml b/packages/iis/data_stream/webserver/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/iis/data_stream/webserver/fields/agent.yml +++ b/packages/iis/data_stream/webserver/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/iis/data_stream/website/fields/agent.yml b/packages/iis/data_stream/website/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/iis/data_stream/website/fields/agent.yml +++ b/packages/iis/data_stream/website/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/iis/manifest.yml b/packages/iis/manifest.yml index 23cf3d4c988..f34cc4b67d1 100644 --- a/packages/iis/manifest.yml +++ b/packages/iis/manifest.yml @@ -1,6 +1,6 @@ name: iis title: IIS -version: 0.8.4 +version: "0.8.5" description: Collect logs and metrics from Internet Information Services (IIS) servers with Elastic Agent. type: integration icons: diff --git a/packages/imperva/changelog.yml b/packages/imperva/changelog.yml index 7b520319361..3a883c8b08d 100644 --- a/packages/imperva/changelog.yml +++ b/packages/imperva/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/imperva/data_stream/securesphere/fields/base-fields.yml b/packages/imperva/data_stream/securesphere/fields/base-fields.yml index dc56d4aaff7..8a7aadaa028 100644 --- a/packages/imperva/data_stream/securesphere/fields/base-fields.yml +++ b/packages/imperva/data_stream/securesphere/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/imperva/data_stream/securesphere/fields/ecs.yml b/packages/imperva/data_stream/securesphere/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/imperva/data_stream/securesphere/fields/ecs.yml +++ b/packages/imperva/data_stream/securesphere/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/imperva/manifest.yml b/packages/imperva/manifest.yml index e3b683c8f8a..fff06dc33e0 100644 --- a/packages/imperva/manifest.yml +++ b/packages/imperva/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: imperva title: Imperva SecureSphere Logs -version: 0.8.0 +version: "0.8.1" description: Collect SecureSphere logs from Imperva devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/infoblox/changelog.yml b/packages/infoblox/changelog.yml index 6ab8c997bbc..1b789734ba8 100644 --- a/packages/infoblox/changelog.yml +++ b/packages/infoblox/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/infoblox/data_stream/nios/fields/base-fields.yml b/packages/infoblox/data_stream/nios/fields/base-fields.yml index f9d913dd565..350aa303fee 100644 --- a/packages/infoblox/data_stream/nios/fields/base-fields.yml +++ b/packages/infoblox/data_stream/nios/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/infoblox/data_stream/nios/fields/ecs.yml b/packages/infoblox/data_stream/nios/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/infoblox/data_stream/nios/fields/ecs.yml +++ b/packages/infoblox/data_stream/nios/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/infoblox/manifest.yml b/packages/infoblox/manifest.yml index 35c3db4ab2c..3155d10a87d 100644 --- a/packages/infoblox/manifest.yml +++ b/packages/infoblox/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: infoblox title: Infoblox NIOS Logs -version: 0.8.0 +version: "0.8.1" description: Collect NIOS logs from Infoblox devices with Elastic Agent. categories: ["network"] release: experimental diff --git a/packages/infoblox_nios/changelog.yml b/packages/infoblox_nios/changelog.yml index af71c49ef4d..d8a0e322f9e 100644 --- a/packages/infoblox_nios/changelog.yml +++ b/packages/infoblox_nios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.1.0" changes: - description: Initial draft of the package. diff --git a/packages/infoblox_nios/data_stream/log/fields/agent.yml b/packages/infoblox_nios/data_stream/log/fields/agent.yml index 6639aec94a9..8b5ed47be7f 100644 --- a/packages/infoblox_nios/data_stream/log/fields/agent.yml +++ b/packages/infoblox_nios/data_stream/log/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/infoblox_nios/manifest.yml b/packages/infoblox_nios/manifest.yml index def5dd278a5..56a3b483e1e 100644 --- a/packages/infoblox_nios/manifest.yml +++ b/packages/infoblox_nios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: infoblox_nios title: Infoblox NIOS -version: 0.1.0 +version: "0.1.1" license: basic description: Collect logs from Infoblox NIOS with Elastic Agent. type: integration diff --git a/packages/iptables/changelog.yml b/packages/iptables/changelog.yml index 1d05835a009..99ca0228486 100644 --- a/packages/iptables/changelog.yml +++ b/packages/iptables/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.9.0" changes: - description: Update to ECS 8.2 diff --git a/packages/iptables/data_stream/log/fields/agent.yml b/packages/iptables/data_stream/log/fields/agent.yml index 589de95acbf..0d1045a0002 100644 --- a/packages/iptables/data_stream/log/fields/agent.yml +++ b/packages/iptables/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/iptables/data_stream/log/fields/ecs.yml b/packages/iptables/data_stream/log/fields/ecs.yml index 6ae6f210e59..30c6814b38e 100644 --- a/packages/iptables/data_stream/log/fields/ecs.yml +++ b/packages/iptables/data_stream/log/fields/ecs.yml @@ -11,7 +11,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -75,7 +74,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/iptables/manifest.yml b/packages/iptables/manifest.yml index ef458c9951f..be4698d70f5 100644 --- a/packages/iptables/manifest.yml +++ b/packages/iptables/manifest.yml @@ -1,6 +1,6 @@ name: iptables title: Iptables Logs -version: 0.9.0 +version: "0.9.1" release: beta description: Collect and parse logs from iptables and ip6tables with Elastic Agent. type: integration diff --git a/packages/juniper/changelog.yml b/packages/juniper/changelog.yml index 11a217e4c81..f4a96af0ac8 100644 --- a/packages/juniper/changelog.yml +++ b/packages/juniper/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.1.1" changes: - description: Add documentation for multi-fields diff --git a/packages/juniper/data_stream/junos/fields/agent.yml b/packages/juniper/data_stream/junos/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/juniper/data_stream/junos/fields/agent.yml +++ b/packages/juniper/data_stream/junos/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/juniper/data_stream/junos/fields/base-fields.yml b/packages/juniper/data_stream/junos/fields/base-fields.yml index 6092398a3f1..b8c3cab98d1 100644 --- a/packages/juniper/data_stream/junos/fields/base-fields.yml +++ b/packages/juniper/data_stream/junos/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/juniper/data_stream/junos/fields/ecs.yml b/packages/juniper/data_stream/junos/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/juniper/data_stream/junos/fields/ecs.yml +++ b/packages/juniper/data_stream/junos/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/juniper/data_stream/netscreen/fields/agent.yml b/packages/juniper/data_stream/netscreen/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/juniper/data_stream/netscreen/fields/agent.yml +++ b/packages/juniper/data_stream/netscreen/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/juniper/data_stream/netscreen/fields/base-fields.yml b/packages/juniper/data_stream/netscreen/fields/base-fields.yml index db5ff9a4dad..adaca0a1da9 100644 --- a/packages/juniper/data_stream/netscreen/fields/base-fields.yml +++ b/packages/juniper/data_stream/netscreen/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/juniper/data_stream/netscreen/fields/ecs.yml b/packages/juniper/data_stream/netscreen/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/juniper/data_stream/netscreen/fields/ecs.yml +++ b/packages/juniper/data_stream/netscreen/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/juniper/data_stream/srx/fields/agent.yml b/packages/juniper/data_stream/srx/fields/agent.yml index c5d5959b5ab..83ce652d322 100644 --- a/packages/juniper/data_stream/srx/fields/agent.yml +++ b/packages/juniper/data_stream/srx/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/juniper/data_stream/srx/fields/ecs.yml b/packages/juniper/data_stream/srx/fields/ecs.yml index 5708c81eb0c..7f22c7821fc 100644 --- a/packages/juniper/data_stream/srx/fields/ecs.yml +++ b/packages/juniper/data_stream/srx/fields/ecs.yml @@ -35,7 +35,6 @@ - external: ecs name: client.geo.country_name - description: Longitude and latitude. - level: core name: client.geo.location type: geo_point - external: ecs @@ -141,7 +140,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -481,7 +479,6 @@ - external: ecs name: host.geo.country_name - description: Longitude and latitude. - level: core name: host.geo.location type: geo_point - external: ecs @@ -619,7 +616,6 @@ - external: ecs name: observer.geo.country_name - description: Longitude and latitude. - level: core name: observer.geo.location type: geo_point - external: ecs @@ -913,7 +909,6 @@ - external: ecs name: server.geo.country_name - description: Longitude and latitude. - level: core name: server.geo.location type: geo_point - external: ecs @@ -991,7 +986,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/juniper/data_stream/srx/fields/fields.yml b/packages/juniper/data_stream/srx/fields/fields.yml index f1c609ea122..16fc8685daa 100644 --- a/packages/juniper/data_stream/srx/fields/fields.yml +++ b/packages/juniper/data_stream/srx/fields/fields.yml @@ -1,6 +1,5 @@ - name: juniper.srx type: group - release: ga fields: - name: reason type: keyword diff --git a/packages/juniper/manifest.yml b/packages/juniper/manifest.yml index 74ccaa02073..dd84013c557 100644 --- a/packages/juniper/manifest.yml +++ b/packages/juniper/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper title: Juniper Logs -version: 1.1.1 +version: "1.1.2" description: Deprecated. Use a specific Juniper package instead. categories: ["network", "security"] release: ga diff --git a/packages/juniper_junos/changelog.yml b/packages/juniper_junos/changelog.yml index fd36fca681e..ef9db81af87 100644 --- a/packages/juniper_junos/changelog.yml +++ b/packages/juniper_junos/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.2.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/juniper_junos/data_stream/log/fields/agent.yml b/packages/juniper_junos/data_stream/log/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/juniper_junos/data_stream/log/fields/agent.yml +++ b/packages/juniper_junos/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/juniper_junos/data_stream/log/fields/base-fields.yml b/packages/juniper_junos/data_stream/log/fields/base-fields.yml index d93730c7a76..c4a55ca75a6 100644 --- a/packages/juniper_junos/data_stream/log/fields/base-fields.yml +++ b/packages/juniper_junos/data_stream/log/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/juniper_junos/data_stream/log/fields/ecs.yml b/packages/juniper_junos/data_stream/log/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/juniper_junos/data_stream/log/fields/ecs.yml +++ b/packages/juniper_junos/data_stream/log/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/juniper_junos/manifest.yml b/packages/juniper_junos/manifest.yml index 3f4ba534485..282e067da10 100644 --- a/packages/juniper_junos/manifest.yml +++ b/packages/juniper_junos/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_junos title: Juniper JunOS -version: 0.2.0 +version: "0.2.1" description: Collect logs from Juniper JunOS with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/juniper_netscreen/changelog.yml b/packages/juniper_netscreen/changelog.yml index 722ca318d5b..14992c5472f 100644 --- a/packages/juniper_netscreen/changelog.yml +++ b/packages/juniper_netscreen/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.2.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/juniper_netscreen/data_stream/log/fields/agent.yml b/packages/juniper_netscreen/data_stream/log/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/juniper_netscreen/data_stream/log/fields/agent.yml +++ b/packages/juniper_netscreen/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/juniper_netscreen/data_stream/log/fields/base-fields.yml b/packages/juniper_netscreen/data_stream/log/fields/base-fields.yml index 82882053b69..b8be6764d1b 100644 --- a/packages/juniper_netscreen/data_stream/log/fields/base-fields.yml +++ b/packages/juniper_netscreen/data_stream/log/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/juniper_netscreen/data_stream/log/fields/ecs.yml b/packages/juniper_netscreen/data_stream/log/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/juniper_netscreen/data_stream/log/fields/ecs.yml +++ b/packages/juniper_netscreen/data_stream/log/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/juniper_netscreen/manifest.yml b/packages/juniper_netscreen/manifest.yml index c446eabb620..507a758a565 100644 --- a/packages/juniper_netscreen/manifest.yml +++ b/packages/juniper_netscreen/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_netscreen title: Juniper NetScreen -version: 0.2.0 +version: "0.2.1" description: Collect logs from Juniper NetScreen with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/juniper_srx/changelog.yml b/packages/juniper_srx/changelog.yml index 641ad372432..d80a7c8ff49 100644 --- a/packages/juniper_srx/changelog.yml +++ b/packages/juniper_srx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/juniper_srx/data_stream/log/fields/agent.yml b/packages/juniper_srx/data_stream/log/fields/agent.yml index c5d5959b5ab..83ce652d322 100644 --- a/packages/juniper_srx/data_stream/log/fields/agent.yml +++ b/packages/juniper_srx/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/juniper_srx/data_stream/log/fields/ecs.yml b/packages/juniper_srx/data_stream/log/fields/ecs.yml index 5708c81eb0c..7f22c7821fc 100644 --- a/packages/juniper_srx/data_stream/log/fields/ecs.yml +++ b/packages/juniper_srx/data_stream/log/fields/ecs.yml @@ -35,7 +35,6 @@ - external: ecs name: client.geo.country_name - description: Longitude and latitude. - level: core name: client.geo.location type: geo_point - external: ecs @@ -141,7 +140,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -481,7 +479,6 @@ - external: ecs name: host.geo.country_name - description: Longitude and latitude. - level: core name: host.geo.location type: geo_point - external: ecs @@ -619,7 +616,6 @@ - external: ecs name: observer.geo.country_name - description: Longitude and latitude. - level: core name: observer.geo.location type: geo_point - external: ecs @@ -913,7 +909,6 @@ - external: ecs name: server.geo.country_name - description: Longitude and latitude. - level: core name: server.geo.location type: geo_point - external: ecs @@ -991,7 +986,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/juniper_srx/data_stream/log/fields/fields.yml b/packages/juniper_srx/data_stream/log/fields/fields.yml index f1c609ea122..16fc8685daa 100644 --- a/packages/juniper_srx/data_stream/log/fields/fields.yml +++ b/packages/juniper_srx/data_stream/log/fields/fields.yml @@ -1,6 +1,5 @@ - name: juniper.srx type: group - release: ga fields: - name: reason type: keyword diff --git a/packages/juniper_srx/manifest.yml b/packages/juniper_srx/manifest.yml index 66d24736fdf..93265682317 100644 --- a/packages/juniper_srx/manifest.yml +++ b/packages/juniper_srx/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_srx title: Juniper SRX -version: 1.2.0 +version: "1.2.1" description: Collect logs from Juniper SRX devices with Elastic Agent. categories: ["network", "security"] release: ga diff --git a/packages/kafka/changelog.yml b/packages/kafka/changelog.yml index 300c538b0b3..cf358d5a75f 100644 --- a/packages/kafka/changelog.yml +++ b/packages/kafka/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.4" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.2.3" changes: - description: Add documentation for multi-fields diff --git a/packages/kafka/data_stream/broker/fields/agent.yml b/packages/kafka/data_stream/broker/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kafka/data_stream/broker/fields/agent.yml +++ b/packages/kafka/data_stream/broker/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kafka/data_stream/consumergroup/fields/agent.yml b/packages/kafka/data_stream/consumergroup/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kafka/data_stream/consumergroup/fields/agent.yml +++ b/packages/kafka/data_stream/consumergroup/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kafka/data_stream/log/fields/agent.yml b/packages/kafka/data_stream/log/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kafka/data_stream/log/fields/agent.yml +++ b/packages/kafka/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kafka/data_stream/partition/fields/agent.yml b/packages/kafka/data_stream/partition/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kafka/data_stream/partition/fields/agent.yml +++ b/packages/kafka/data_stream/partition/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kafka/manifest.yml b/packages/kafka/manifest.yml index 18ca54d8930..2d34bfd0be9 100644 --- a/packages/kafka/manifest.yml +++ b/packages/kafka/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: kafka title: Kafka -version: 1.2.3 +version: "1.2.4" license: basic description: Collect logs and metrics from Kafka servers with Elastic Agent. type: integration diff --git a/packages/keycloak/changelog.yml b/packages/keycloak/changelog.yml index 9767451727b..bad2c95863c 100644 --- a/packages/keycloak/changelog.yml +++ b/packages/keycloak/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.0" changes: - description: Update to ECS 8.2 diff --git a/packages/keycloak/data_stream/log/fields/agent.yml b/packages/keycloak/data_stream/log/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/keycloak/data_stream/log/fields/agent.yml +++ b/packages/keycloak/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/keycloak/data_stream/log/fields/ecs.yml b/packages/keycloak/data_stream/log/fields/ecs.yml index 1fe4f525dfc..8553e90efb4 100644 --- a/packages/keycloak/data_stream/log/fields/ecs.yml +++ b/packages/keycloak/data_stream/log/fields/ecs.yml @@ -46,7 +46,6 @@ external: ecs - name: source.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: source.geo.name external: ecs diff --git a/packages/keycloak/manifest.yml b/packages/keycloak/manifest.yml index 484e84fa335..5d60da44cfb 100644 --- a/packages/keycloak/manifest.yml +++ b/packages/keycloak/manifest.yml @@ -1,6 +1,6 @@ name: keycloak title: Keycloak -version: 1.3.0 +version: "1.3.1" release: ga description: Keycloak Integration type: integration diff --git a/packages/kubernetes/changelog.yml b/packages/kubernetes/changelog.yml index 613c78671e3..fc78f57c6f9 100644 --- a/packages/kubernetes/changelog.yml +++ b/packages/kubernetes/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.19.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.19.1" changes: - description: Add documentation for volume field diff --git a/packages/kubernetes/data_stream/apiserver/fields/agent.yml b/packages/kubernetes/data_stream/apiserver/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/apiserver/fields/agent.yml +++ b/packages/kubernetes/data_stream/apiserver/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/audit_logs/fields/agent.yml b/packages/kubernetes/data_stream/audit_logs/fields/agent.yml index f9129cdb055..ad6c035d5f4 100644 --- a/packages/kubernetes/data_stream/audit_logs/fields/agent.yml +++ b/packages/kubernetes/data_stream/audit_logs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,37 +39,28 @@ type: keyword description: Image ID for the cloud instance. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -94,58 +69,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -158,13 +118,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/container/fields/agent.yml b/packages/kubernetes/data_stream/container/fields/agent.yml index d16c8825520..c9172768cca 100644 --- a/packages/kubernetes/data_stream/container/fields/agent.yml +++ b/packages/kubernetes/data_stream/container/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,8 +39,6 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' @@ -64,57 +46,44 @@ fields: - name: id dimension: true - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -123,58 +92,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -187,13 +141,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/container_logs/fields/agent.yml b/packages/kubernetes/data_stream/container_logs/fields/agent.yml index 5959b701dc1..b0b838d0111 100644 --- a/packages/kubernetes/data_stream/container_logs/fields/agent.yml +++ b/packages/kubernetes/data_stream/container_logs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,8 +39,6 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' @@ -64,58 +46,45 @@ fields: - name: id dimension: true - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name dimension: true - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -124,58 +93,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -188,13 +142,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/controllermanager/fields/agent.yml b/packages/kubernetes/data_stream/controllermanager/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/controllermanager/fields/agent.yml +++ b/packages/kubernetes/data_stream/controllermanager/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/event/fields/agent.yml b/packages/kubernetes/data_stream/event/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/event/fields/agent.yml +++ b/packages/kubernetes/data_stream/event/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/node/fields/agent.yml b/packages/kubernetes/data_stream/node/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/node/fields/agent.yml +++ b/packages/kubernetes/data_stream/node/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/pod/fields/agent.yml b/packages/kubernetes/data_stream/pod/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/pod/fields/agent.yml +++ b/packages/kubernetes/data_stream/pod/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/proxy/fields/agent.yml b/packages/kubernetes/data_stream/proxy/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/proxy/fields/agent.yml +++ b/packages/kubernetes/data_stream/proxy/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/scheduler/fields/agent.yml b/packages/kubernetes/data_stream/scheduler/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/scheduler/fields/agent.yml +++ b/packages/kubernetes/data_stream/scheduler/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/state_container/fields/agent.yml b/packages/kubernetes/data_stream/state_container/fields/agent.yml index d16c8825520..c9172768cca 100644 --- a/packages/kubernetes/data_stream/state_container/fields/agent.yml +++ b/packages/kubernetes/data_stream/state_container/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,8 +39,6 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' @@ -64,57 +46,44 @@ fields: - name: id dimension: true - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -123,58 +92,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -187,13 +141,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/state_cronjob/fields/agent.yml b/packages/kubernetes/data_stream/state_cronjob/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/state_cronjob/fields/agent.yml +++ b/packages/kubernetes/data_stream/state_cronjob/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/state_daemonset/fields/agent.yml b/packages/kubernetes/data_stream/state_daemonset/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/state_daemonset/fields/agent.yml +++ b/packages/kubernetes/data_stream/state_daemonset/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/state_deployment/fields/agent.yml b/packages/kubernetes/data_stream/state_deployment/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/state_deployment/fields/agent.yml +++ b/packages/kubernetes/data_stream/state_deployment/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/state_job/fields/agent.yml b/packages/kubernetes/data_stream/state_job/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/state_job/fields/agent.yml +++ b/packages/kubernetes/data_stream/state_job/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/state_node/fields/agent.yml b/packages/kubernetes/data_stream/state_node/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/state_node/fields/agent.yml +++ b/packages/kubernetes/data_stream/state_node/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/state_persistentvolume/fields/agent.yml b/packages/kubernetes/data_stream/state_persistentvolume/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/state_persistentvolume/fields/agent.yml +++ b/packages/kubernetes/data_stream/state_persistentvolume/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/state_persistentvolumeclaim/fields/agent.yml b/packages/kubernetes/data_stream/state_persistentvolumeclaim/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/state_persistentvolumeclaim/fields/agent.yml +++ b/packages/kubernetes/data_stream/state_persistentvolumeclaim/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/state_pod/fields/agent.yml b/packages/kubernetes/data_stream/state_pod/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/state_pod/fields/agent.yml +++ b/packages/kubernetes/data_stream/state_pod/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/state_replicaset/fields/agent.yml b/packages/kubernetes/data_stream/state_replicaset/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/state_replicaset/fields/agent.yml +++ b/packages/kubernetes/data_stream/state_replicaset/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/state_replicaset/fields/base-fields.yml b/packages/kubernetes/data_stream/state_replicaset/fields/base-fields.yml index 9db60548093..5ba440e428f 100644 --- a/packages/kubernetes/data_stream/state_replicaset/fields/base-fields.yml +++ b/packages/kubernetes/data_stream/state_replicaset/fields/base-fields.yml @@ -65,13 +65,13 @@ Kubernetes Service selectors map - name: replicaset.name - dimensiont: true + dimension: true type: keyword description: > Kubernetes replicaset name - name: deployment.name - dimensiont: true + dimension: true type: keyword description: > Kubernetes deployment name diff --git a/packages/kubernetes/data_stream/state_resourcequota/fields/agent.yml b/packages/kubernetes/data_stream/state_resourcequota/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/state_resourcequota/fields/agent.yml +++ b/packages/kubernetes/data_stream/state_resourcequota/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/state_service/fields/agent.yml b/packages/kubernetes/data_stream/state_service/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/state_service/fields/agent.yml +++ b/packages/kubernetes/data_stream/state_service/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/state_statefulset/fields/agent.yml b/packages/kubernetes/data_stream/state_statefulset/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/state_statefulset/fields/agent.yml +++ b/packages/kubernetes/data_stream/state_statefulset/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/state_statefulset/fields/base-fields.yml b/packages/kubernetes/data_stream/state_statefulset/fields/base-fields.yml index b6151d62fbe..06aaa1a6c78 100644 --- a/packages/kubernetes/data_stream/state_statefulset/fields/base-fields.yml +++ b/packages/kubernetes/data_stream/state_statefulset/fields/base-fields.yml @@ -75,7 +75,7 @@ Kubernetes deployment name - name: statefulset.name - dimensions: true + dimension: true type: keyword description: > Kubernetes statefulset name diff --git a/packages/kubernetes/data_stream/state_storageclass/fields/agent.yml b/packages/kubernetes/data_stream/state_storageclass/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/state_storageclass/fields/agent.yml +++ b/packages/kubernetes/data_stream/state_storageclass/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/system/fields/agent.yml b/packages/kubernetes/data_stream/system/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/system/fields/agent.yml +++ b/packages/kubernetes/data_stream/system/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/data_stream/volume/fields/agent.yml b/packages/kubernetes/data_stream/volume/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/kubernetes/data_stream/volume/fields/agent.yml +++ b/packages/kubernetes/data_stream/volume/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/kubernetes/manifest.yml b/packages/kubernetes/manifest.yml index 3b45c6ce5e7..1e6f9fb2342 100644 --- a/packages/kubernetes/manifest.yml +++ b/packages/kubernetes/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: kubernetes title: Kubernetes -version: 1.19.1 +version: "1.19.2" license: basic description: Collect logs and metrics from Kubernetes clusters with Elastic Agent. type: integration diff --git a/packages/linux/changelog.yml b/packages/linux/changelog.yml index bab25b763ba..eed19780548 100644 --- a/packages/linux/changelog.yml +++ b/packages/linux/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.6.5" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.6.4" changes: - description: Add fields for memory mapping diff --git a/packages/linux/data_stream/conntrack/fields/agent.yml b/packages/linux/data_stream/conntrack/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/linux/data_stream/conntrack/fields/agent.yml +++ b/packages/linux/data_stream/conntrack/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/linux/data_stream/entropy/fields/agent.yml b/packages/linux/data_stream/entropy/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/linux/data_stream/entropy/fields/agent.yml +++ b/packages/linux/data_stream/entropy/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/linux/data_stream/iostat/fields/agent.yml b/packages/linux/data_stream/iostat/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/linux/data_stream/iostat/fields/agent.yml +++ b/packages/linux/data_stream/iostat/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/linux/data_stream/iostat/fields/fields.yml b/packages/linux/data_stream/iostat/fields/fields.yml index 7c0b0cee868..1cd6706bce3 100644 --- a/packages/linux/data_stream/iostat/fields/fields.yml +++ b/packages/linux/data_stream/iostat/fields/fields.yml @@ -1,6 +1,5 @@ - name: linux.iostat type: group - release: beta description: > iostat diff --git a/packages/linux/data_stream/ksm/fields/agent.yml b/packages/linux/data_stream/ksm/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/linux/data_stream/ksm/fields/agent.yml +++ b/packages/linux/data_stream/ksm/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/linux/data_stream/memory/fields/agent.yml b/packages/linux/data_stream/memory/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/linux/data_stream/memory/fields/agent.yml +++ b/packages/linux/data_stream/memory/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/linux/data_stream/memory/fields/fields.yml b/packages/linux/data_stream/memory/fields/fields.yml index e251fea567c..d68b3411a0a 100644 --- a/packages/linux/data_stream/memory/fields/fields.yml +++ b/packages/linux/data_stream/memory/fields/fields.yml @@ -1,6 +1,5 @@ - name: linux.memory type: group - release: beta description: > Linux memory data @@ -42,7 +41,6 @@ description: Raw data from /proc/vmstat on the host. - name: hugepages type: group - prefix: "[float]" description: This group contains statistics related to huge pages usage on the system. fields: - name: total diff --git a/packages/linux/data_stream/network_summary/fields/agent.yml b/packages/linux/data_stream/network_summary/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/linux/data_stream/network_summary/fields/agent.yml +++ b/packages/linux/data_stream/network_summary/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/linux/data_stream/pageinfo/fields/agent.yml b/packages/linux/data_stream/pageinfo/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/linux/data_stream/pageinfo/fields/agent.yml +++ b/packages/linux/data_stream/pageinfo/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/linux/data_stream/raid/fields/agent.yml b/packages/linux/data_stream/raid/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/linux/data_stream/raid/fields/agent.yml +++ b/packages/linux/data_stream/raid/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/linux/data_stream/service/fields/agent.yml b/packages/linux/data_stream/service/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/linux/data_stream/service/fields/agent.yml +++ b/packages/linux/data_stream/service/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/linux/data_stream/socket/fields/agent.yml b/packages/linux/data_stream/socket/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/linux/data_stream/socket/fields/agent.yml +++ b/packages/linux/data_stream/socket/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/linux/data_stream/users/fields/agent.yml b/packages/linux/data_stream/users/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/linux/data_stream/users/fields/agent.yml +++ b/packages/linux/data_stream/users/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/linux/manifest.yml b/packages/linux/manifest.yml index f4de92cea0e..ca78bef18b0 100644 --- a/packages/linux/manifest.yml +++ b/packages/linux/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: linux title: Linux Metrics -version: 0.6.4 +version: "0.6.5" license: basic description: Collect metrics from Linux servers with Elastic Agent. type: integration diff --git a/packages/log/changelog.yml b/packages/log/changelog.yml index 058ba8e5bb2..90efd18cacb 100644 --- a/packages/log/changelog.yml +++ b/packages/log/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.0.0" changes: - description: Release Custom Logs as GA diff --git a/packages/log/data_stream/log/fields/agent.yml b/packages/log/data_stream/log/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/log/data_stream/log/fields/agent.yml +++ b/packages/log/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/log/manifest.yml b/packages/log/manifest.yml index be11e963b5d..7dc597f18b4 100644 --- a/packages/log/manifest.yml +++ b/packages/log/manifest.yml @@ -4,7 +4,7 @@ title: Custom Logs description: >- Collect custom logs with Elastic Agent. type: integration -version: 1.0.0 +version: "1.0.1" release: ga license: basic categories: diff --git a/packages/logstash/changelog.yml b/packages/logstash/changelog.yml index b129bde28fb..a6e7f494f09 100644 --- a/packages/logstash/changelog.yml +++ b/packages/logstash/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.1.0" changes: - description: Make experimental package stop breaking stack version ^8.0.0 by fixing compatible version range diff --git a/packages/logstash/data_stream/log/fields/fields.yml b/packages/logstash/data_stream/log/fields/fields.yml index fa72f6aeb50..ea771fded45 100644 --- a/packages/logstash/data_stream/log/fields/fields.yml +++ b/packages/logstash/data_stream/log/fields/fields.yml @@ -1,5 +1,4 @@ - name: logstash.log - title: Logstash type: group fields: - name: module diff --git a/packages/logstash/data_stream/node/fields/fields.yml b/packages/logstash/data_stream/node/fields/fields.yml index baf21e108e8..a9517ac2e21 100644 --- a/packages/logstash/data_stream/node/fields/fields.yml +++ b/packages/logstash/data_stream/node/fields/fields.yml @@ -1,6 +1,5 @@ - name: logstash.node type: group - release: ga fields: - name: host type: keyword diff --git a/packages/logstash/data_stream/node_stats/fields/fields.yml b/packages/logstash/data_stream/node_stats/fields/fields.yml index b52ce13d236..e28240ed708 100644 --- a/packages/logstash/data_stream/node_stats/fields/fields.yml +++ b/packages/logstash/data_stream/node_stats/fields/fields.yml @@ -1,6 +1,5 @@ - name: logstash.node type: group - release: ga fields: - name: state.pipeline type: group diff --git a/packages/logstash/manifest.yml b/packages/logstash/manifest.yml index cdf625b2760..83a5fadcbbe 100644 --- a/packages/logstash/manifest.yml +++ b/packages/logstash/manifest.yml @@ -1,6 +1,6 @@ name: logstash title: Logstash -version: 1.1.0 +version: "1.1.1" release: experimental description: Collect logs and metrics from Logstash with Elastic Agent. type: integration diff --git a/packages/m365_defender/changelog.yml b/packages/m365_defender/changelog.yml index 2d21665902f..1a86a15f2bf 100644 --- a/packages/m365_defender/changelog.yml +++ b/packages/m365_defender/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.4" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.0.3" changes: - description: Add duplication handling in ingest pipeline diff --git a/packages/m365_defender/data_stream/log/fields/agent.yml b/packages/m365_defender/data_stream/log/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/m365_defender/data_stream/log/fields/agent.yml +++ b/packages/m365_defender/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/m365_defender/manifest.yml b/packages/m365_defender/manifest.yml index 331a04a51ec..274ace52fee 100644 --- a/packages/m365_defender/manifest.yml +++ b/packages/m365_defender/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: m365_defender title: M365 Defender Logs -version: 1.0.3 +version: "1.0.4" description: Collect logs from M365 Defender API with Elastic Agent. categories: - "network" diff --git a/packages/mattermost/changelog.yml b/packages/mattermost/changelog.yml index 6ec45519a79..a49511246cd 100644 --- a/packages/mattermost/changelog.yml +++ b/packages/mattermost/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/mattermost/data_stream/audit/fields/agent.yml b/packages/mattermost/data_stream/audit/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/mattermost/data_stream/audit/fields/agent.yml +++ b/packages/mattermost/data_stream/audit/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mattermost/data_stream/audit/fields/ecs.yml b/packages/mattermost/data_stream/audit/fields/ecs.yml index e51142dc94e..f10eb9c1534 100644 --- a/packages/mattermost/data_stream/audit/fields/ecs.yml +++ b/packages/mattermost/data_stream/audit/fields/ecs.yml @@ -34,7 +34,6 @@ external: ecs - name: source.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: source.geo.name external: ecs diff --git a/packages/mattermost/manifest.yml b/packages/mattermost/manifest.yml index 5d9e94972e3..2378e5589fb 100644 --- a/packages/mattermost/manifest.yml +++ b/packages/mattermost/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: mattermost title: "Mattermost" -version: 1.2.0 +version: "1.2.1" license: basic description: Collect and parse logs from Mattermost with Elastic Agent. type: integration diff --git a/packages/microsoft/changelog.yml b/packages/microsoft/changelog.yml index a3f35e968a2..c2a94285488 100644 --- a/packages/microsoft/changelog.yml +++ b/packages/microsoft/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.2.1" changes: - description: Add documentation for multi-fields diff --git a/packages/microsoft/data_stream/defender_atp/fields/agent.yml b/packages/microsoft/data_stream/defender_atp/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/microsoft/data_stream/defender_atp/fields/agent.yml +++ b/packages/microsoft/data_stream/defender_atp/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/microsoft/data_stream/defender_atp/fields/fields.yml b/packages/microsoft/data_stream/defender_atp/fields/fields.yml index a05ec2d2491..bcbb880cf69 100644 --- a/packages/microsoft/data_stream/defender_atp/fields/fields.yml +++ b/packages/microsoft/data_stream/defender_atp/fields/fields.yml @@ -1,6 +1,5 @@ - name: microsoft.defender_atp type: group - release: beta fields: - name: lastUpdateTime type: date diff --git a/packages/microsoft/data_stream/dhcp/fields/agent.yml b/packages/microsoft/data_stream/dhcp/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/microsoft/data_stream/dhcp/fields/agent.yml +++ b/packages/microsoft/data_stream/dhcp/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/microsoft/data_stream/dhcp/fields/base-fields.yml b/packages/microsoft/data_stream/dhcp/fields/base-fields.yml index cd35075f6e4..57d57d33972 100644 --- a/packages/microsoft/data_stream/dhcp/fields/base-fields.yml +++ b/packages/microsoft/data_stream/dhcp/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/microsoft/data_stream/dhcp/fields/ecs.yml b/packages/microsoft/data_stream/dhcp/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/microsoft/data_stream/dhcp/fields/ecs.yml +++ b/packages/microsoft/data_stream/dhcp/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/microsoft/manifest.yml b/packages/microsoft/manifest.yml index 54af6e2c478..fe7fb637980 100644 --- a/packages/microsoft/manifest.yml +++ b/packages/microsoft/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft title: Microsoft -version: 1.2.1 +version: "1.2.2" description: Deprecated. Use a specific Microsoft package instead. categories: - "network" diff --git a/packages/microsoft_defender_endpoint/changelog.yml b/packages/microsoft_defender_endpoint/changelog.yml index 37ca39fa024..d9ad66f4e2f 100644 --- a/packages/microsoft_defender_endpoint/changelog.yml +++ b/packages/microsoft_defender_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "2.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/microsoft_defender_endpoint/data_stream/log/fields/agent.yml b/packages/microsoft_defender_endpoint/data_stream/log/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/fields/agent.yml +++ b/packages/microsoft_defender_endpoint/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/microsoft_defender_endpoint/data_stream/log/fields/fields.yml b/packages/microsoft_defender_endpoint/data_stream/log/fields/fields.yml index ad1ed731d85..8e3f69f9a75 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/fields/fields.yml +++ b/packages/microsoft_defender_endpoint/data_stream/log/fields/fields.yml @@ -1,6 +1,5 @@ - name: microsoft.defender_endpoint type: group - release: ga fields: - name: lastUpdateTime type: date diff --git a/packages/microsoft_defender_endpoint/manifest.yml b/packages/microsoft_defender_endpoint/manifest.yml index 6c6cdbf891f..39f6db32eb7 100644 --- a/packages/microsoft_defender_endpoint/manifest.yml +++ b/packages/microsoft_defender_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_defender_endpoint title: Microsoft Defender for Endpoint -version: 2.2.0 +version: "2.2.1" description: Collect logs from Microsoft Defender for Endpoint with Elastic Agent. categories: - "network" diff --git a/packages/microsoft_sqlserver/changelog.yml b/packages/microsoft_sqlserver/changelog.yml index 7246d309a78..09cbe31906e 100644 --- a/packages/microsoft_sqlserver/changelog.yml +++ b/packages/microsoft_sqlserver/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.5.0" changes: - description: Update to ECS 8.2 diff --git a/packages/microsoft_sqlserver/data_stream/audit/fields/winlog.yml b/packages/microsoft_sqlserver/data_stream/audit/fields/winlog.yml index 075d40345dc..0dd9d2fe6e8 100644 --- a/packages/microsoft_sqlserver/data_stream/audit/fields/winlog.yml +++ b/packages/microsoft_sqlserver/data_stream/audit/fields/winlog.yml @@ -5,7 +5,6 @@ fields: - name: api - required: true type: keyword description: > The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. @@ -14,20 +13,17 @@ - name: activity_id type: keyword - required: false description: > A globally unique identifier that identifies the current activity. The events that are published with this identifier are part of the same activity. - name: computer_name type: keyword - required: true description: > The name of the computer that generated the record. When using Windows event forwarding, this name can differ from `agent.hostname`. - name: event_data type: object object_type: keyword - required: false description: > The event-specific data. This field is mutually exclusive with `user_data`. If you are capturing event data on versions prior to Windows Vista, the parameters in `event_data` are named `param1`, `param2`, and so on, because event log parameters are unnamed in earlier versions of Windows. @@ -55,78 +51,64 @@ type: keyword - name: event_id type: keyword - required: true description: > The event identifier. The value is specific to the source of the event. - name: keywords type: keyword - required: false description: > The keywords are used to classify an event. - name: channel type: keyword - required: true description: > The name of the channel from which this record was read. This value is one of the names from the `event_logs` collection in the configuration. - name: record_id type: keyword - required: true description: > The record ID of the event log record. The first record written to an event log is record number 1, and other records are numbered sequentially. If the record number reaches the maximum value (2^32^ for the Event Logging API and 2^64^ for the Windows Event Log API), the next record number will be 0. - name: related_activity_id type: keyword - required: false description: > A globally unique identifier that identifies the activity to which control was transferred to. The related events would then have this identifier as their `activity_id` identifier. - name: opcode type: keyword - required: false description: > The opcode defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. - name: provider_guid type: keyword - required: false description: > A globally unique identifier that identifies the provider that logged the event. - name: process.pid type: long - required: false description: > The process_id of the Client Server Runtime Process. - name: provider_name type: keyword - required: true description: > The source of the event log record (the application or service that logged the record). - name: task type: keyword - required: false description: > The task defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. The category used by the Event Logging API (on pre Windows Vista operating systems) is written to this field. - name: process.thread.id type: long - required: false - name: user_data type: object object_type: keyword - required: false description: > The event specific data. This field is mutually exclusive with `event_data`. - name: user.identifier type: keyword - required: false - example: S-1-5-21-3541430928-2051711210-1391384369-1001 description: > The Windows security identifier (SID) of the account associated with this event. @@ -139,17 +121,14 @@ - name: user.domain type: keyword - required: false description: > The domain that the account associated with this event is a member of. - name: user.type type: keyword - required: false description: > The type of account associated with this event. - name: version type: long - required: false description: The version number of the event's definition. diff --git a/packages/microsoft_sqlserver/manifest.yml b/packages/microsoft_sqlserver/manifest.yml index 3cb974fcee2..ea508c6d1c8 100644 --- a/packages/microsoft_sqlserver/manifest.yml +++ b/packages/microsoft_sqlserver/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_sqlserver title: "Microsoft SQL Server" -version: 0.5.0 +version: "0.5.1" license: basic description: Collect audit events from Microsoft SQL Server with Elastic Agent. type: integration diff --git a/packages/mimecast/changelog.yml b/packages/mimecast/changelog.yml index 7b3075e2342..843b542e6fa 100644 --- a/packages/mimecast/changelog.yml +++ b/packages/mimecast/changelog.yml @@ -1,3 +1,8 @@ +- version: "0.0.12" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.0.11" changes: - description: Update integration description for consistency with other integrations. diff --git a/packages/mimecast/data_stream/audit_events/fields/agent.yml b/packages/mimecast/data_stream/audit_events/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/mimecast/data_stream/audit_events/fields/agent.yml +++ b/packages/mimecast/data_stream/audit_events/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mimecast/data_stream/dlp_logs/fields/agent.yml b/packages/mimecast/data_stream/dlp_logs/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/mimecast/data_stream/dlp_logs/fields/agent.yml +++ b/packages/mimecast/data_stream/dlp_logs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mimecast/data_stream/siem_logs/fields/agent.yml b/packages/mimecast/data_stream/siem_logs/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/mimecast/data_stream/siem_logs/fields/agent.yml +++ b/packages/mimecast/data_stream/siem_logs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mimecast/data_stream/threat_intel_malware_customer/fields/agent.yml b/packages/mimecast/data_stream/threat_intel_malware_customer/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_customer/fields/agent.yml +++ b/packages/mimecast/data_stream/threat_intel_malware_customer/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mimecast/data_stream/threat_intel_malware_grid/fields/agent.yml b/packages/mimecast/data_stream/threat_intel_malware_grid/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_grid/fields/agent.yml +++ b/packages/mimecast/data_stream/threat_intel_malware_grid/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mimecast/data_stream/ttp_ap_logs/fields/agent.yml b/packages/mimecast/data_stream/ttp_ap_logs/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/mimecast/data_stream/ttp_ap_logs/fields/agent.yml +++ b/packages/mimecast/data_stream/ttp_ap_logs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mimecast/data_stream/ttp_ip_logs/fields/agent.yml b/packages/mimecast/data_stream/ttp_ip_logs/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/mimecast/data_stream/ttp_ip_logs/fields/agent.yml +++ b/packages/mimecast/data_stream/ttp_ip_logs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mimecast/data_stream/ttp_url_logs/fields/agent.yml b/packages/mimecast/data_stream/ttp_url_logs/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/mimecast/data_stream/ttp_url_logs/fields/agent.yml +++ b/packages/mimecast/data_stream/ttp_url_logs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mimecast/manifest.yml b/packages/mimecast/manifest.yml index 1181a8d8112..e4a7b0bdad8 100644 --- a/packages/mimecast/manifest.yml +++ b/packages/mimecast/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: mimecast title: "Mimecast" -version: 0.0.11 +version: "0.0.12" license: basic description: "Collect logs from the Mimecast API with Elastic Agent." type: integration diff --git a/packages/modsecurity/changelog.yml b/packages/modsecurity/changelog.yml index 827b5c11a1b..6aad9cc1a14 100644 --- a/packages/modsecurity/changelog.yml +++ b/packages/modsecurity/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.6" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.1.5" changes: - description: Add documentation for multi-fields diff --git a/packages/modsecurity/data_stream/auditlog/fields/agent.yml b/packages/modsecurity/data_stream/auditlog/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/modsecurity/data_stream/auditlog/fields/agent.yml +++ b/packages/modsecurity/data_stream/auditlog/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/modsecurity/data_stream/auditlog/fields/ecs.yml b/packages/modsecurity/data_stream/auditlog/fields/ecs.yml index db4c78747d8..6b8166de36f 100644 --- a/packages/modsecurity/data_stream/auditlog/fields/ecs.yml +++ b/packages/modsecurity/data_stream/auditlog/fields/ecs.yml @@ -39,7 +39,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/modsecurity/manifest.yml b/packages/modsecurity/manifest.yml index 4f7ac71b2aa..ebf6fd4d02f 100644 --- a/packages/modsecurity/manifest.yml +++ b/packages/modsecurity/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: modsecurity title: "ModSecurity Audit" -version: 0.1.5 +version: "0.1.6" license: basic description: "ModSecurity Audit Log Integration" type: integration diff --git a/packages/mongodb/changelog.yml b/packages/mongodb/changelog.yml index a8f17ebdebf..8441c575a37 100644 --- a/packages/mongodb/changelog.yml +++ b/packages/mongodb/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.3" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.2" changes: - description: Add documentation for multi-fields diff --git a/packages/mongodb/data_stream/collstats/fields/agent.yml b/packages/mongodb/data_stream/collstats/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/mongodb/data_stream/collstats/fields/agent.yml +++ b/packages/mongodb/data_stream/collstats/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mongodb/data_stream/dbstats/fields/agent.yml b/packages/mongodb/data_stream/dbstats/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/mongodb/data_stream/dbstats/fields/agent.yml +++ b/packages/mongodb/data_stream/dbstats/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mongodb/data_stream/log/fields/agent.yml b/packages/mongodb/data_stream/log/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/mongodb/data_stream/log/fields/agent.yml +++ b/packages/mongodb/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mongodb/data_stream/log/fields/fields.yml b/packages/mongodb/data_stream/log/fields/fields.yml index 52be99f8779..daf4cc71833 100644 --- a/packages/mongodb/data_stream/log/fields/fields.yml +++ b/packages/mongodb/data_stream/log/fields/fields.yml @@ -12,7 +12,6 @@ - name: id description: | Integer representing the unique identifier of the log statement - example: 4615611 type: long - name: attr description: | diff --git a/packages/mongodb/data_stream/metrics/fields/agent.yml b/packages/mongodb/data_stream/metrics/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/mongodb/data_stream/metrics/fields/agent.yml +++ b/packages/mongodb/data_stream/metrics/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mongodb/data_stream/replstatus/fields/agent.yml b/packages/mongodb/data_stream/replstatus/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/mongodb/data_stream/replstatus/fields/agent.yml +++ b/packages/mongodb/data_stream/replstatus/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mongodb/data_stream/status/fields/agent.yml b/packages/mongodb/data_stream/status/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/mongodb/data_stream/status/fields/agent.yml +++ b/packages/mongodb/data_stream/status/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mongodb/manifest.yml b/packages/mongodb/manifest.yml index a17db0a32c2..6a345ec47aa 100644 --- a/packages/mongodb/manifest.yml +++ b/packages/mongodb/manifest.yml @@ -1,6 +1,6 @@ name: mongodb title: MongoDB -version: 1.3.2 +version: "1.3.3" description: Collect logs and metrics from MongoDB instances with Elastic Agent. type: integration categories: diff --git a/packages/mysql/changelog.yml b/packages/mysql/changelog.yml index fc6a32a0e03..6184c1dd697 100644 --- a/packages/mysql/changelog.yml +++ b/packages/mysql/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.1" changes: - description: Add documentation for multi-fields diff --git a/packages/mysql/data_stream/error/fields/agent.yml b/packages/mysql/data_stream/error/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/mysql/data_stream/error/fields/agent.yml +++ b/packages/mysql/data_stream/error/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mysql/data_stream/galera_status/fields/agent.yml b/packages/mysql/data_stream/galera_status/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/mysql/data_stream/galera_status/fields/agent.yml +++ b/packages/mysql/data_stream/galera_status/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mysql/data_stream/galera_status/fields/fields.yml b/packages/mysql/data_stream/galera_status/fields/fields.yml index 0b12eeea68b..87b59bb2501 100644 --- a/packages/mysql/data_stream/galera_status/fields/fields.yml +++ b/packages/mysql/data_stream/galera_status/fields/fields.yml @@ -1,6 +1,5 @@ - name: mysql.galera_status type: group - release: beta fields: - name: apply type: group diff --git a/packages/mysql/data_stream/performance/fields/fields.yml b/packages/mysql/data_stream/performance/fields/fields.yml index d1ae1822fa2..42f3f789b5a 100644 --- a/packages/mysql/data_stream/performance/fields/fields.yml +++ b/packages/mysql/data_stream/performance/fields/fields.yml @@ -1,6 +1,5 @@ - name: mysql.performance type: group - release: beta fields: - name: events_statements type: group diff --git a/packages/mysql/data_stream/slowlog/fields/agent.yml b/packages/mysql/data_stream/slowlog/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/mysql/data_stream/slowlog/fields/agent.yml +++ b/packages/mysql/data_stream/slowlog/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mysql/data_stream/status/fields/agent.yml b/packages/mysql/data_stream/status/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/mysql/data_stream/status/fields/agent.yml +++ b/packages/mysql/data_stream/status/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mysql/data_stream/status/fields/fields.yml b/packages/mysql/data_stream/status/fields/fields.yml index 6eb4b9df262..17d833d6991 100644 --- a/packages/mysql/data_stream/status/fields/fields.yml +++ b/packages/mysql/data_stream/status/fields/fields.yml @@ -1,6 +1,5 @@ - name: mysql.status type: group - release: beta fields: - name: aborted type: group diff --git a/packages/mysql/manifest.yml b/packages/mysql/manifest.yml index a2b636c4014..c6a6e40a37f 100644 --- a/packages/mysql/manifest.yml +++ b/packages/mysql/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: mysql title: MySQL -version: 1.3.1 +version: "1.3.2" license: basic description: Collect logs and metrics from MySQL servers with Elastic Agent. type: integration diff --git a/packages/mysql_enterprise/changelog.yml b/packages/mysql_enterprise/changelog.yml index da38cd11a54..94b95d068e2 100644 --- a/packages/mysql_enterprise/changelog.yml +++ b/packages/mysql_enterprise/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.0.1" changes: - description: Add documentation for multi-fields diff --git a/packages/mysql_enterprise/data_stream/audit/fields/agent.yml b/packages/mysql_enterprise/data_stream/audit/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/mysql_enterprise/data_stream/audit/fields/agent.yml +++ b/packages/mysql_enterprise/data_stream/audit/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/mysql_enterprise/manifest.yml b/packages/mysql_enterprise/manifest.yml index a1c3d5fed19..357118a22c5 100644 --- a/packages/mysql_enterprise/manifest.yml +++ b/packages/mysql_enterprise/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: mysql_enterprise title: "MySQL Enterprise" -version: 1.0.1 +version: "1.0.2" license: basic description: "MySQL Enterprise Audit Log Integration" type: integration diff --git a/packages/nats/changelog.yml b/packages/nats/changelog.yml index c375ae8ae74..d97feaa9422 100644 --- a/packages/nats/changelog.yml +++ b/packages/nats/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.0" changes: - description: Update to ECS 8.0 diff --git a/packages/nats/data_stream/connection/fields/fields.yml b/packages/nats/data_stream/connection/fields/fields.yml index 40e02e89f9a..088e8a3510e 100644 --- a/packages/nats/data_stream/connection/fields/fields.yml +++ b/packages/nats/data_stream/connection/fields/fields.yml @@ -1,6 +1,5 @@ - name: nats.connection type: group - release: ga fields: - name: name type: keyword diff --git a/packages/nats/data_stream/connections/fields/fields.yml b/packages/nats/data_stream/connections/fields/fields.yml index 6c62494cbe7..96d5a5a9638 100644 --- a/packages/nats/data_stream/connections/fields/fields.yml +++ b/packages/nats/data_stream/connections/fields/fields.yml @@ -1,6 +1,5 @@ - name: nats.connections type: group - release: ga fields: - name: total type: integer diff --git a/packages/nats/data_stream/log/fields/base-fields.yml b/packages/nats/data_stream/log/fields/base-fields.yml index b60b0c5191f..505a8314701 100644 --- a/packages/nats/data_stream/log/fields/base-fields.yml +++ b/packages/nats/data_stream/log/fields/base-fields.yml @@ -15,7 +15,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.offset diff --git a/packages/nats/data_stream/log/fields/fields.yml b/packages/nats/data_stream/log/fields/fields.yml index 36469135405..5b5df1ecc6e 100644 --- a/packages/nats/data_stream/log/fields/fields.yml +++ b/packages/nats/data_stream/log/fields/fields.yml @@ -1,6 +1,5 @@ - name: nats.log type: group - release: beta fields: - name: client type: group diff --git a/packages/nats/data_stream/route/fields/fields.yml b/packages/nats/data_stream/route/fields/fields.yml index 60165a88e46..e9894beb9dd 100644 --- a/packages/nats/data_stream/route/fields/fields.yml +++ b/packages/nats/data_stream/route/fields/fields.yml @@ -1,6 +1,5 @@ - name: nats.route type: group - release: ga fields: - name: subscriptions type: integer diff --git a/packages/nats/data_stream/routes/fields/fields.yml b/packages/nats/data_stream/routes/fields/fields.yml index f75a22f2555..aa880a4f156 100644 --- a/packages/nats/data_stream/routes/fields/fields.yml +++ b/packages/nats/data_stream/routes/fields/fields.yml @@ -1,6 +1,5 @@ - name: nats.routes type: group - release: ga fields: - name: total type: integer diff --git a/packages/nats/data_stream/stats/fields/fields.yml b/packages/nats/data_stream/stats/fields/fields.yml index 46449523a71..6e61ff57fad 100644 --- a/packages/nats/data_stream/stats/fields/fields.yml +++ b/packages/nats/data_stream/stats/fields/fields.yml @@ -1,6 +1,5 @@ - name: nats.stats type: group - release: ga fields: - name: uptime type: long diff --git a/packages/nats/data_stream/subscriptions/fields/fields.yml b/packages/nats/data_stream/subscriptions/fields/fields.yml index 92798fef60e..cc6d5731e1e 100644 --- a/packages/nats/data_stream/subscriptions/fields/fields.yml +++ b/packages/nats/data_stream/subscriptions/fields/fields.yml @@ -1,6 +1,5 @@ - name: nats.subscriptions type: group - release: ga fields: - name: total type: integer diff --git a/packages/nats/manifest.yml b/packages/nats/manifest.yml index 2a2f6fd763e..f6e0ea36caa 100644 --- a/packages/nats/manifest.yml +++ b/packages/nats/manifest.yml @@ -1,6 +1,6 @@ name: nats title: NATS -version: 1.3.0 +version: "1.3.1" release: ga description: Collect logs and metrics from NATS servers with Elastic Agent. type: integration diff --git a/packages/netflow/changelog.yml b/packages/netflow/changelog.yml index 296343e6427..aa63f9bd814 100644 --- a/packages/netflow/changelog.yml +++ b/packages/netflow/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.5.0" changes: - description: Update to ECS 8.2 diff --git a/packages/netflow/data_stream/log/fields/agent.yml b/packages/netflow/data_stream/log/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/netflow/data_stream/log/fields/agent.yml +++ b/packages/netflow/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/netflow/data_stream/log/fields/ecs.yml b/packages/netflow/data_stream/log/fields/ecs.yml index 8d3da9674be..75258c0575f 100644 --- a/packages/netflow/data_stream/log/fields/ecs.yml +++ b/packages/netflow/data_stream/log/fields/ecs.yml @@ -33,7 +33,6 @@ - external: ecs name: client.geo.country_name - description: Longitude and latitude. - level: core name: client.geo.location type: geo_point - external: ecs @@ -121,7 +120,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -337,7 +335,6 @@ - external: ecs name: host.geo.country_name - description: Longitude and latitude. - level: core name: host.geo.location type: geo_point - external: ecs @@ -449,7 +446,6 @@ - external: ecs name: observer.geo.country_name - description: Longitude and latitude. - level: core name: observer.geo.location type: geo_point - external: ecs @@ -577,7 +573,6 @@ - external: ecs name: server.geo.country_name - description: Longitude and latitude. - level: core name: server.geo.location type: geo_point - external: ecs @@ -653,7 +648,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/netflow/manifest.yml b/packages/netflow/manifest.yml index 3b57e673882..8601a664b22 100644 --- a/packages/netflow/manifest.yml +++ b/packages/netflow/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netflow title: NetFlow Records -version: 1.5.0 +version: "1.5.1" license: basic description: Collect flow records from NetFlow and IPFIX exporters with Elastic Agent. type: integration diff --git a/packages/netscout/changelog.yml b/packages/netscout/changelog.yml index ee67a524187..0c9ab06580f 100644 --- a/packages/netscout/changelog.yml +++ b/packages/netscout/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/netscout/data_stream/sightline/fields/base-fields.yml b/packages/netscout/data_stream/sightline/fields/base-fields.yml index 32ac5000dd4..21838002ddd 100644 --- a/packages/netscout/data_stream/sightline/fields/base-fields.yml +++ b/packages/netscout/data_stream/sightline/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/netscout/data_stream/sightline/fields/ecs.yml b/packages/netscout/data_stream/sightline/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/netscout/data_stream/sightline/fields/ecs.yml +++ b/packages/netscout/data_stream/sightline/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/netscout/manifest.yml b/packages/netscout/manifest.yml index 48e6adf6e22..e4e6808a972 100644 --- a/packages/netscout/manifest.yml +++ b/packages/netscout/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netscout title: Arbor Peakflow SP Logs -version: 0.8.0 +version: "0.8.1" description: Collect and parse logs from Netscout Arbor Peakflow SP with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/netskope/changelog.yml b/packages/netskope/changelog.yml index 9ee3850eb10..73dcc993c80 100644 --- a/packages/netskope/changelog.yml +++ b/packages/netskope/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.3" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.1.2" changes: - description: Fix boolean conversion logic to accept "true", "false", "yes", and "no" as strings. Correct the type of `is_alert` and `is_web_universal_connector` to boolean. diff --git a/packages/netskope/data_stream/alerts/fields/agent.yml b/packages/netskope/data_stream/alerts/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/netskope/data_stream/alerts/fields/agent.yml +++ b/packages/netskope/data_stream/alerts/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/netskope/data_stream/events/fields/agent.yml b/packages/netskope/data_stream/events/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/netskope/data_stream/events/fields/agent.yml +++ b/packages/netskope/data_stream/events/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/netskope/manifest.yml b/packages/netskope/manifest.yml index 8867454ed14..6bb30f3d6de 100644 --- a/packages/netskope/manifest.yml +++ b/packages/netskope/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netskope title: "Netskope" -version: 0.1.2 +version: "0.1.3" license: basic description: Collect logs from Netskope with Elastic Agent. type: integration diff --git a/packages/network_traffic/changelog.yml b/packages/network_traffic/changelog.yml index 11c806a675c..8e22e6c6f41 100644 --- a/packages/network_traffic/changelog.yml +++ b/packages/network_traffic/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.9.0" changes: - description: Update to ECS 8.2 diff --git a/packages/network_traffic/data_stream/amqp/fields/agent.yml b/packages/network_traffic/data_stream/amqp/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/amqp/fields/agent.yml +++ b/packages/network_traffic/data_stream/amqp/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/amqp/fields/protocol.yml b/packages/network_traffic/data_stream/amqp/fields/protocol.yml index 4b87cf176cd..83bfcdb0497 100644 --- a/packages/network_traffic/data_stream/amqp/fields/protocol.yml +++ b/packages/network_traffic/data_stream/amqp/fields/protocol.yml @@ -6,7 +6,6 @@ description: > AMQP reply code to an error, similar to http reply-code - example: 404 - name: reply-text type: keyword description: > @@ -32,7 +31,6 @@ description: > Exchange type. - example: fanout - name: passive type: boolean description: > @@ -138,7 +136,6 @@ description: > MIME content type. - example: text/plain - name: content-encoding type: keyword description: > diff --git a/packages/network_traffic/data_stream/cassandra/fields/agent.yml b/packages/network_traffic/data_stream/cassandra/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/cassandra/fields/agent.yml +++ b/packages/network_traffic/data_stream/cassandra/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/dhcpv4/fields/agent.yml b/packages/network_traffic/data_stream/dhcpv4/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/dhcpv4/fields/agent.yml +++ b/packages/network_traffic/data_stream/dhcpv4/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/dhcpv4/fields/protocol.yml b/packages/network_traffic/data_stream/dhcpv4/fields/protocol.yml index 0180691a5bb..8d8009fe682 100644 --- a/packages/network_traffic/data_stream/dhcpv4/fields/protocol.yml +++ b/packages/network_traffic/data_stream/dhcpv4/fields/protocol.yml @@ -46,7 +46,6 @@ DHCPOFFER or DHCPACK messages. - name: op_code type: keyword - example: bootreply description: | The message op code (bootrequest or bootreply). - name: hops @@ -62,7 +61,6 @@ fields: - name: message_type type: keyword - example: ack description: | The specific type of DHCP message being sent (e.g. discover, offer, request, decline, ack, nak, release, inform). diff --git a/packages/network_traffic/data_stream/dns/fields/agent.yml b/packages/network_traffic/data_stream/dns/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/dns/fields/agent.yml +++ b/packages/network_traffic/data_stream/dns/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/dns/fields/protocol.yml b/packages/network_traffic/data_stream/dns/fields/protocol.yml index 28d506b996d..1b2bf0a1827 100644 --- a/packages/network_traffic/data_stream/dns/fields/protocol.yml +++ b/packages/network_traffic/data_stream/dns/fields/protocol.yml @@ -34,7 +34,6 @@ - name: question.etld_plus_one type: keyword description: The effective top-level domain (eTLD) plus one more label. For example, the eTLD+1 for "foo.bar.golang.org." is "golang.org.". The data for determining the eTLD comes from an embedded copy of the data from http://publicsuffix.org. - example: amazon.co.uk. - name: answers_count type: long description: > @@ -53,15 +52,12 @@ - name: authorities.name type: keyword description: The domain name to which this resource record pertains. - example: example.com. - name: authorities.type type: keyword description: The type of data contained in this resource record. - example: NS - name: authorities.class type: keyword description: The class of DNS data contained in this resource record. - example: IN - name: additionals type: object description: > @@ -75,15 +71,12 @@ - name: additionals.name type: keyword description: The domain name to which this resource record pertains. - example: example.com. - name: additionals.type type: keyword description: The type of data contained in this resource record. - example: NS - name: additionals.class type: keyword description: The class of DNS data contained in this resource record. - example: IN - name: additionals.ttl description: > The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached. @@ -97,14 +90,12 @@ - name: opt.version type: keyword description: The EDNS version. - example: "0" - name: opt.do type: boolean description: If set, the transaction uses DNSSEC. - name: opt.ext_rcode type: keyword description: Extended response code field. - example: "BADVERS" - name: opt.udp_size type: long description: Requestor's UDP payload size (in bytes). diff --git a/packages/network_traffic/data_stream/flow/fields/agent.yml b/packages/network_traffic/data_stream/flow/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/flow/fields/agent.yml +++ b/packages/network_traffic/data_stream/flow/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/http/fields/agent.yml b/packages/network_traffic/data_stream/http/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/http/fields/agent.yml +++ b/packages/network_traffic/data_stream/http/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/http/fields/protocol.yml b/packages/network_traffic/data_stream/http/fields/protocol.yml index 51b73ae344a..84bfcc3d740 100644 --- a/packages/network_traffic/data_stream/http/fields/protocol.yml +++ b/packages/network_traffic/data_stream/http/fields/protocol.yml @@ -18,7 +18,6 @@ - name: status_phrase type: keyword description: The HTTP status phrase. - example: Not Found - name: headers type: flattened description: > diff --git a/packages/network_traffic/data_stream/icmp/fields/agent.yml b/packages/network_traffic/data_stream/icmp/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/icmp/fields/agent.yml +++ b/packages/network_traffic/data_stream/icmp/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/icmp/fields/protocol.yml b/packages/network_traffic/data_stream/icmp/fields/protocol.yml index 5aef1deaf45..842e9591fc3 100644 --- a/packages/network_traffic/data_stream/icmp/fields/protocol.yml +++ b/packages/network_traffic/data_stream/icmp/fields/protocol.yml @@ -4,9 +4,6 @@ - name: version type: long description: The version of the ICMP protocol. - possible_values: - - 4 - - 6 - name: request.message type: keyword description: A human readable form of the request. diff --git a/packages/network_traffic/data_stream/memcached/fields/agent.yml b/packages/network_traffic/data_stream/memcached/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/memcached/fields/agent.yml +++ b/packages/network_traffic/data_stream/memcached/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/mongodb/fields/agent.yml b/packages/network_traffic/data_stream/mongodb/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/mongodb/fields/agent.yml +++ b/packages/network_traffic/data_stream/mongodb/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/mysql/fields/agent.yml b/packages/network_traffic/data_stream/mysql/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/mysql/fields/agent.yml +++ b/packages/network_traffic/data_stream/mysql/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/nfs/fields/agent.yml b/packages/network_traffic/data_stream/nfs/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/nfs/fields/agent.yml +++ b/packages/network_traffic/data_stream/nfs/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/pgsql/fields/agent.yml b/packages/network_traffic/data_stream/pgsql/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/pgsql/fields/agent.yml +++ b/packages/network_traffic/data_stream/pgsql/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/pgsql/fields/protocol.yml b/packages/network_traffic/data_stream/pgsql/fields/protocol.yml index 4fd03e12cb8..33659b743b9 100644 --- a/packages/network_traffic/data_stream/pgsql/fields/protocol.yml +++ b/packages/network_traffic/data_stream/pgsql/fields/protocol.yml @@ -10,10 +10,6 @@ - name: error_severity type: keyword description: The PostgreSQL error severity. - possible_values: - - ERROR - - FATAL - - PANIC - name: num_fields type: long description: > diff --git a/packages/network_traffic/data_stream/redis/fields/agent.yml b/packages/network_traffic/data_stream/redis/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/redis/fields/agent.yml +++ b/packages/network_traffic/data_stream/redis/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/sip/fields/agent.yml b/packages/network_traffic/data_stream/sip/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/sip/fields/agent.yml +++ b/packages/network_traffic/data_stream/sip/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/thrift/fields/agent.yml b/packages/network_traffic/data_stream/thrift/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/thrift/fields/agent.yml +++ b/packages/network_traffic/data_stream/thrift/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/tls/fields/agent.yml b/packages/network_traffic/data_stream/tls/fields/agent.yml index a55e9f71b3e..7e2781afced 100644 --- a/packages/network_traffic/data_stream/tls/fields/agent.yml +++ b/packages/network_traffic/data_stream/tls/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,64 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -121,35 +91,27 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: @@ -157,21 +119,15 @@ type: text norms: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -184,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/network_traffic/data_stream/tls/fields/protocol.yml b/packages/network_traffic/data_stream/tls/fields/protocol.yml index d8264468d4d..dce8743efa1 100644 --- a/packages/network_traffic/data_stream/tls/fields/protocol.yml +++ b/packages/network_traffic/data_stream/tls/fields/protocol.yml @@ -9,7 +9,6 @@ description: > The version of the TLS protocol used. - example: "TLS 1.3" - name: resumption_method type: keyword description: > diff --git a/packages/network_traffic/manifest.yml b/packages/network_traffic/manifest.yml index 09d640389d8..97d14481765 100644 --- a/packages/network_traffic/manifest.yml +++ b/packages/network_traffic/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: network_traffic title: Network Packet Capture -version: 0.9.0 +version: "0.9.1" license: basic description: Capture and analyze network traffic from a host with Elastic Agent. type: integration diff --git a/packages/nginx/changelog.yml b/packages/nginx/changelog.yml index 50ddcc388f3..a21f1a7c975 100644 --- a/packages/nginx/changelog.yml +++ b/packages/nginx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.3" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.2" changes: - description: Add documentation for multi-fields diff --git a/packages/nginx/data_stream/access/fields/agent.yml b/packages/nginx/data_stream/access/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/nginx/data_stream/access/fields/agent.yml +++ b/packages/nginx/data_stream/access/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/nginx/data_stream/access/fields/ecs.yml b/packages/nginx/data_stream/access/fields/ecs.yml index 1888586bd9b..10b5e0972d4 100644 --- a/packages/nginx/data_stream/access/fields/ecs.yml +++ b/packages/nginx/data_stream/access/fields/ecs.yml @@ -37,7 +37,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/nginx/data_stream/error/fields/agent.yml b/packages/nginx/data_stream/error/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/nginx/data_stream/error/fields/agent.yml +++ b/packages/nginx/data_stream/error/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/nginx/data_stream/stubstatus/fields/agent.yml b/packages/nginx/data_stream/stubstatus/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/nginx/data_stream/stubstatus/fields/agent.yml +++ b/packages/nginx/data_stream/stubstatus/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/nginx/manifest.yml b/packages/nginx/manifest.yml index 780643ed8dc..ae070a377c4 100644 --- a/packages/nginx/manifest.yml +++ b/packages/nginx/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: nginx title: Nginx -version: 1.3.2 +version: "1.3.3" license: basic description: Collect logs and metrics from Nginx HTTP servers with Elastic Agent. type: integration diff --git a/packages/nginx_ingress_controller/changelog.yml b/packages/nginx_ingress_controller/changelog.yml index ffa11183cf6..12b30675ba8 100644 --- a/packages/nginx_ingress_controller/changelog.yml +++ b/packages/nginx_ingress_controller/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.1" changes: - description: Add documentation for multi-fields diff --git a/packages/nginx_ingress_controller/data_stream/access/fields/agent.yml b/packages/nginx_ingress_controller/data_stream/access/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/nginx_ingress_controller/data_stream/access/fields/agent.yml +++ b/packages/nginx_ingress_controller/data_stream/access/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/nginx_ingress_controller/data_stream/access/fields/ecs.yml b/packages/nginx_ingress_controller/data_stream/access/fields/ecs.yml index 78cfd8d6ea1..a68283dee29 100644 --- a/packages/nginx_ingress_controller/data_stream/access/fields/ecs.yml +++ b/packages/nginx_ingress_controller/data_stream/access/fields/ecs.yml @@ -31,7 +31,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/nginx_ingress_controller/data_stream/error/fields/agent.yml b/packages/nginx_ingress_controller/data_stream/error/fields/agent.yml index c4f76779adb..f3079d3a3b3 100644 --- a/packages/nginx_ingress_controller/data_stream/error/fields/agent.yml +++ b/packages/nginx_ingress_controller/data_stream/error/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/nginx_ingress_controller/manifest.yml b/packages/nginx_ingress_controller/manifest.yml index 72c6d2e526b..838786a5511 100644 --- a/packages/nginx_ingress_controller/manifest.yml +++ b/packages/nginx_ingress_controller/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: nginx_ingress_controller title: Nginx Ingress Controller Logs -version: 1.3.1 +version: "1.3.2" license: basic description: Collect and parse logs from Nginx Ingress Controller instances with Elastic Agent. type: integration diff --git a/packages/o365/changelog.yml b/packages/o365/changelog.yml index ea174eb581a..47915a38648 100644 --- a/packages/o365/changelog.yml +++ b/packages/o365/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.5.1" changes: - description: Fix processing of ModifiedProperties when it is a list of strings diff --git a/packages/o365/data_stream/audit/fields/agent.yml b/packages/o365/data_stream/audit/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/o365/data_stream/audit/fields/agent.yml +++ b/packages/o365/data_stream/audit/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/o365/data_stream/audit/fields/ecs.yml b/packages/o365/data_stream/audit/fields/ecs.yml index 7c16cc39f3f..2ac914cdfd6 100644 --- a/packages/o365/data_stream/audit/fields/ecs.yml +++ b/packages/o365/data_stream/audit/fields/ecs.yml @@ -99,7 +99,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/o365/manifest.yml b/packages/o365/manifest.yml index ccb1b423ba1..5d4ece53c4b 100644 --- a/packages/o365/manifest.yml +++ b/packages/o365/manifest.yml @@ -1,6 +1,6 @@ name: o365 title: Office 365 Logs -version: 1.5.1 +version: "1.5.2" release: ga description: Collect and parse event logs from Office 365 with Elastic Agent. type: integration diff --git a/packages/okta/changelog.yml b/packages/okta/changelog.yml index 360d0b6aa13..80f55996194 100644 --- a/packages/okta/changelog.yml +++ b/packages/okta/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.6.0" changes: - description: Update to ECS 8.2 diff --git a/packages/okta/data_stream/system/fields/agent.yml b/packages/okta/data_stream/system/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/okta/data_stream/system/fields/agent.yml +++ b/packages/okta/data_stream/system/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/okta/data_stream/system/fields/ecs.yml b/packages/okta/data_stream/system/fields/ecs.yml index 971ea67bca8..501151b9d16 100644 --- a/packages/okta/data_stream/system/fields/ecs.yml +++ b/packages/okta/data_stream/system/fields/ecs.yml @@ -9,7 +9,6 @@ - external: ecs name: client.geo.country_name - description: Longitude and latitude. - level: core name: client.geo.location type: geo_point - external: ecs @@ -35,7 +34,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -89,7 +87,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/okta/data_stream/system/fields/fields.yml b/packages/okta/data_stream/system/fields/fields.yml index 7cafbcba896..dbaa828ab9b 100644 --- a/packages/okta/data_stream/system/fields/fields.yml +++ b/packages/okta/data_stream/system/fields/fields.yml @@ -1,30 +1,24 @@ - name: okta.uuid - title: UUID type: keyword description: | The unique identifier of the Okta LogEvent. - name: okta.event_type - title: Event Type type: keyword description: | The type of the LogEvent. - name: okta.version - title: Version type: keyword description: | The version of the LogEvent. - name: okta.severity - title: Severity type: keyword description: | The severity of the LogEvent. Must be one of DEBUG, INFO, WARN, or ERROR. - name: okta.display_message - title: Display Message type: keyword description: | The display message of the LogEvent. - name: okta.actor - title: Actor type: group fields: - name: id @@ -44,7 +38,6 @@ description: | Display name of the actor. - name: okta.client - title: Client type: group fields: - name: ip @@ -79,7 +72,6 @@ description: | The identifier of the client. - name: okta.outcome - title: Outcome of the LogEvent. type: group fields: - name: reason @@ -91,7 +83,6 @@ description: | The result of the outcome. Must be one of: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. - name: okta.target - title: Target type: flattened description: | The list of targets. @@ -113,7 +104,6 @@ description: | Display name of the actor. - name: okta.transaction - title: Transaction type: group fields: - name: id @@ -125,7 +115,6 @@ description: | The type of transaction. Must be one of "WEB", "JOB". - name: okta.debug_context - title: Debug Context type: group fields: - name: debug_data @@ -152,7 +141,6 @@ description: | The URL. - name: okta.authentication_context - title: Authentication Context type: group fields: - name: authentication_provider @@ -193,7 +181,6 @@ description: | The interface used. e.g., Outlook, Office365, wsTrust - name: okta.security_context - title: Security Context type: group fields: - name: as @@ -223,7 +210,6 @@ description: | Whether it is a proxy or not. - name: okta.request - title: Request type: group fields: - name: ip_chain diff --git a/packages/okta/manifest.yml b/packages/okta/manifest.yml index 837bf15e569..1d2a0e03567 100644 --- a/packages/okta/manifest.yml +++ b/packages/okta/manifest.yml @@ -1,6 +1,6 @@ name: okta title: Okta Logs -version: 1.6.0 +version: "1.6.1" release: ga description: Collect and parse event logs from Okta API with Elastic Agent. type: integration diff --git a/packages/oracle/changelog.yml b/packages/oracle/changelog.yml index 957c89800f1..e2c2bd911c5 100644 --- a/packages/oracle/changelog.yml +++ b/packages/oracle/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.0.1" changes: - description: Add documentation for multi-fields diff --git a/packages/oracle/data_stream/database_audit/fields/agent.yml b/packages/oracle/data_stream/database_audit/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/oracle/data_stream/database_audit/fields/agent.yml +++ b/packages/oracle/data_stream/database_audit/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/oracle/manifest.yml b/packages/oracle/manifest.yml index 4fd5e2eac62..672a07cd02f 100644 --- a/packages/oracle/manifest.yml +++ b/packages/oracle/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: oracle title: "Oracle" -version: 1.0.1 +version: "1.0.2" license: basic description: "Oracle Audit Log Integration" type: integration diff --git a/packages/osquery/changelog.yml b/packages/osquery/changelog.yml index ce8b5180459..989522d6f62 100644 --- a/packages/osquery/changelog.yml +++ b/packages/osquery/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.0" changes: - description: Update to ECS 8.2 diff --git a/packages/osquery/data_stream/result/fields/agent.yml b/packages/osquery/data_stream/result/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/osquery/data_stream/result/fields/agent.yml +++ b/packages/osquery/data_stream/result/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/osquery/manifest.yml b/packages/osquery/manifest.yml index e295cd72a63..74212de9a6c 100644 --- a/packages/osquery/manifest.yml +++ b/packages/osquery/manifest.yml @@ -1,6 +1,6 @@ name: osquery title: Osquery Logs -version: 1.3.0 +version: "1.3.1" release: ga description: Collect and parse logs from Osquery instances with Elastic Agent. type: integration diff --git a/packages/osquery_manager/changelog.yml b/packages/osquery_manager/changelog.yml index 952eea523a9..527402813e4 100644 --- a/packages/osquery_manager/changelog.yml +++ b/packages/osquery_manager/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.2.1" changes: - description: Update readme to remove exported fields diff --git a/packages/osquery_manager/data_stream/result/fields/osquery.yml b/packages/osquery_manager/data_stream/result/fields/osquery.yml index 72daeb98305..02608bd6518 100644 --- a/packages/osquery_manager/data_stream/result/fields/osquery.yml +++ b/packages/osquery_manager/data_stream/result/fields/osquery.yml @@ -1,5 +1,4 @@ - name: osquery - title: Osquery result description: Fields related to the Osquery result type: group fields: @@ -11,7 +10,6 @@ - name: text type: text norms: false - default_field: false - name: abi description: elf_info.abi - Section type type: keyword @@ -20,7 +18,6 @@ - name: text type: text norms: false - default_field: false - name: abi_version description: elf_info.abi_version - Section virtual address in memory type: keyword @@ -28,7 +25,6 @@ multi_fields: - name: number type: long - default_field: false - name: access description: ntfs_acl_permissions.access - Specific permissions that indicate the rights described by the ACE. type: keyword @@ -37,7 +33,6 @@ - name: text type: text norms: false - default_field: false - name: accessed_directories description: prefetch.accessed_directories - Directories accessed by application within ten seconds of launch. type: keyword @@ -46,7 +41,6 @@ - name: text type: text norms: false - default_field: false - name: accessed_directories_count description: prefetch.accessed_directories_count - Number of directories accessed. type: keyword @@ -54,7 +48,6 @@ multi_fields: - name: number type: long - default_field: false - name: accessed_files description: prefetch.accessed_files - Files accessed by application within ten seconds of launch. type: keyword @@ -63,7 +56,6 @@ - name: text type: text norms: false - default_field: false - name: accessed_files_count description: prefetch.accessed_files_count - Number of files accessed. type: keyword @@ -71,7 +63,6 @@ multi_fields: - name: number type: long - default_field: false - name: accessed_time description: shellbags.accessed_time - Directory Accessed time. type: keyword @@ -79,7 +70,6 @@ multi_fields: - name: number type: long - default_field: false - name: account_id description: ec2_instance_metadata.account_id - AWS account ID which owns this EC2 instance type: keyword @@ -88,7 +78,6 @@ - name: text type: text norms: false - default_field: false - name: action description: |- disk_events.action - Appear or disappear @@ -106,7 +95,6 @@ - name: text type: text norms: false - default_field: false - name: activated description: tpm_info.activated - TPM is activated type: keyword @@ -114,7 +102,6 @@ multi_fields: - name: number type: long - default_field: false - name: active description: |- firefox_addons.active - 1 If the addon is active else 0 @@ -128,7 +115,6 @@ multi_fields: - name: number type: long - default_field: false - name: active_disks description: md_devices.active_disks - Number of active disks in array type: keyword @@ -136,7 +122,6 @@ multi_fields: - name: number type: long - default_field: false - name: active_state description: systemd_units.active_state - The high-level unit activation state, i.e. generalization of SUB type: keyword @@ -145,7 +130,6 @@ - name: text type: text norms: false - default_field: false - name: actual description: fan_speed_sensors.actual - Actual speed type: keyword @@ -153,7 +137,6 @@ multi_fields: - name: number type: long - default_field: false - name: additional_product_id description: smart_drive_info.additional_product_id - An additional drive identifier if any type: keyword @@ -162,7 +145,6 @@ - name: text type: text norms: false - default_field: false - name: addr description: elf_symbols.addr - Symbol address (value) type: keyword @@ -170,7 +152,6 @@ multi_fields: - name: number type: long - default_field: false - name: address description: |- arp_cache.address - IPv4 address target @@ -188,7 +169,6 @@ - name: text type: text norms: false - default_field: false - name: address_width description: cpu_info.address_width - The width of the CPU address bus. type: keyword @@ -197,7 +177,6 @@ - name: text type: text norms: false - default_field: false - name: algorithm description: authorized_keys.algorithm - algorithm of key type: keyword @@ -206,7 +185,6 @@ - name: text type: text norms: false - default_field: false - name: alias description: |- etc_protocols.alias - Protocol alias @@ -217,7 +195,6 @@ - name: text type: text norms: false - default_field: false - name: aliases description: |- etc_services.aliases - Optional space separated list of other names for a service @@ -228,7 +205,6 @@ - name: text type: text norms: false - default_field: false - name: align description: |- elf_sections.align - Segment alignment @@ -238,7 +214,6 @@ multi_fields: - name: number type: long - default_field: false - name: allow_maximum description: shared_resources.allow_maximum - Number of concurrent users for this resource has been limited. If True, the value in the MaximumAllowed property is ignored. type: keyword @@ -246,7 +221,6 @@ multi_fields: - name: number type: long - default_field: false - name: allow_root description: authorizations.allow_root - Label top-level key type: keyword @@ -255,7 +229,6 @@ - name: text type: text norms: false - default_field: false - name: allow_signed_enabled description: alf.allow_signed_enabled - 1 If allow signed mode is enabled else 0 type: keyword @@ -263,7 +236,6 @@ multi_fields: - name: number type: long - default_field: false - name: ami_id description: ec2_instance_metadata.ami_id - AMI ID used to launch this EC2 instance type: keyword @@ -272,7 +244,6 @@ - name: text type: text norms: false - default_field: false - name: amperage description: battery.amperage - The battery's current amperage in mA type: keyword @@ -280,7 +251,6 @@ multi_fields: - name: number type: long - default_field: false - name: anonymous description: virtual_memory_info.anonymous - Total number of anonymous pages. type: keyword @@ -288,7 +258,6 @@ multi_fields: - name: number type: long - default_field: false - name: antispyware description: windows_security_center.antispyware - Deprecated (always 'Good'). type: keyword @@ -297,7 +266,6 @@ - name: text type: text norms: false - default_field: false - name: antivirus description: windows_security_center.antivirus - The health of the monitored Antivirus solution (see windows_security_products) type: keyword @@ -306,7 +274,6 @@ - name: text type: text norms: false - default_field: false - name: api_version description: docker_version.api_version - API version type: keyword @@ -315,7 +282,6 @@ - name: text type: text norms: false - default_field: false - name: app_name description: windows_firewall_rules.app_name - Friendly name of the application to which the rule applies type: keyword @@ -324,7 +290,6 @@ - name: text type: text norms: false - default_field: false - name: apparmor description: apparmor_events.apparmor - Apparmor Status like ALLOWED, DENIED etc. type: keyword @@ -333,7 +298,6 @@ - name: text type: text norms: false - default_field: false - name: applescript_enabled description: apps.applescript_enabled - Info properties NSAppleScriptEnabled label type: keyword @@ -342,7 +306,6 @@ - name: text type: text norms: false - default_field: false - name: application description: office_mru.application - Associated Office application type: keyword @@ -351,7 +314,6 @@ - name: text type: text norms: false - default_field: false - name: arch description: |- deb_packages.arch - Package architecture @@ -367,7 +329,6 @@ - name: text type: text norms: false - default_field: false - name: architecture description: |- docker_info.architecture - Hardware architecture @@ -380,7 +341,6 @@ - name: text type: text norms: false - default_field: false - name: architectures description: apt_sources.architectures - Repository architectures type: keyword @@ -389,7 +349,6 @@ - name: text type: text norms: false - default_field: false - name: args description: startup_items.args - Arguments provided to startup executable type: keyword @@ -398,7 +357,6 @@ - name: text type: text norms: false - default_field: false - name: arguments description: kernel_info.arguments - Kernel arguments type: keyword @@ -407,7 +365,6 @@ - name: text type: text norms: false - default_field: false - name: array_handle description: memory_devices.array_handle - The memory array that the device is attached to type: keyword @@ -416,7 +373,6 @@ - name: text type: text norms: false - default_field: false - name: assessments_enabled description: gatekeeper.assessments_enabled - 1 If a Gatekeeper is enabled else 0 type: keyword @@ -424,7 +380,6 @@ multi_fields: - name: number type: long - default_field: false - name: asset_tag description: memory_devices.asset_tag - Manufacturer specific asset tag of memory device type: keyword @@ -433,7 +388,6 @@ - name: text type: text norms: false - default_field: false - name: ata_version description: smart_drive_info.ata_version - ATA version of drive type: keyword @@ -442,7 +396,6 @@ - name: text type: text norms: false - default_field: false - name: atime description: |- device_file.atime - Last access time @@ -455,7 +408,6 @@ multi_fields: - name: number type: long - default_field: false - name: attach description: apparmor_profiles.attach - Which executable(s) a profile will attach to. type: keyword @@ -464,7 +416,6 @@ - name: text type: text norms: false - default_field: false - name: attached description: shared_memory.attached - Number of attached processes type: keyword @@ -472,7 +423,6 @@ multi_fields: - name: number type: long - default_field: false - name: attributes description: "file.attributes - File attrib string. See: https://ss64.com/nt/attrib.html" type: keyword @@ -481,7 +431,6 @@ - name: text type: text norms: false - default_field: false - name: audible_alarm description: chassis_info.audible_alarm - If TRUE, the frame is equipped with an audible alarm. type: keyword @@ -490,7 +439,6 @@ - name: text type: text norms: false - default_field: false - name: auid description: |- process_events.auid - Audit User ID at process start @@ -508,7 +456,6 @@ - name: text type: text norms: false - default_field: false - name: authentication_package description: logon_sessions.authentication_package - The authentication package used to authenticate the owner of the logon session. type: keyword @@ -517,7 +464,6 @@ - name: text type: text norms: false - default_field: false - name: author description: |- chocolatey_packages.author - Optional package author @@ -531,7 +477,6 @@ - name: text type: text norms: false - default_field: false - name: authority description: signature.authority - Certificate Common Name type: keyword @@ -540,7 +485,6 @@ - name: text type: text norms: false - default_field: false - name: authority_key_id description: certificates.authority_key_id - AKID an optionally included SHA1 type: keyword @@ -549,7 +493,6 @@ - name: text type: text norms: false - default_field: false - name: authority_key_identifier description: curl_certificate.authority_key_identifier - Authority Key Identifier type: keyword @@ -558,7 +501,6 @@ - name: text type: text norms: false - default_field: false - name: authorizations description: keychain_acls.authorizations - A space delimited set of authorization attributes type: keyword @@ -567,7 +509,6 @@ - name: text type: text norms: false - default_field: false - name: auto_login description: wifi_networks.auto_login - 1 if auto login is enabled, 0 otherwise type: keyword @@ -575,7 +516,6 @@ multi_fields: - name: number type: long - default_field: false - name: auto_update description: lxd_images.auto_update - Whether the image auto-updates (1) or not (0) type: keyword @@ -583,7 +523,6 @@ multi_fields: - name: number type: long - default_field: false - name: autoupdate description: |- firefox_addons.autoupdate - 1 If the addon applies background updates else 0 @@ -598,7 +537,6 @@ - name: text type: text norms: false - default_field: false - name: availability_zone description: ec2_instance_metadata.availability_zone - Availability zone in which this instance launched type: keyword @@ -607,7 +545,6 @@ - name: text type: text norms: false - default_field: false - name: average description: load_average.average - Load average over the specified period. type: keyword @@ -616,7 +553,6 @@ - name: text type: text norms: false - default_field: false - name: average_memory description: osquery_schedule.average_memory - Average of the bytes of resident memory left allocated after collecting results type: keyword @@ -624,7 +560,6 @@ multi_fields: - name: number type: long - default_field: false - name: avg_disk_bytes_per_read description: physical_disk_performance.avg_disk_bytes_per_read - Average number of bytes transferred from the disk during read operations type: keyword @@ -632,7 +567,6 @@ multi_fields: - name: number type: long - default_field: false - name: avg_disk_bytes_per_write description: physical_disk_performance.avg_disk_bytes_per_write - Average number of bytes transferred to the disk during write operations type: keyword @@ -640,7 +574,6 @@ multi_fields: - name: number type: long - default_field: false - name: avg_disk_read_queue_length description: physical_disk_performance.avg_disk_read_queue_length - Average number of read requests that were queued for the selected disk during the sample interval type: keyword @@ -648,7 +581,6 @@ multi_fields: - name: number type: long - default_field: false - name: avg_disk_sec_per_read description: physical_disk_performance.avg_disk_sec_per_read - Average time, in seconds, of a read operation of data from the disk type: keyword @@ -656,7 +588,6 @@ multi_fields: - name: number type: long - default_field: false - name: avg_disk_sec_per_write description: physical_disk_performance.avg_disk_sec_per_write - Average time, in seconds, of a write operation of data to the disk type: keyword @@ -664,7 +595,6 @@ multi_fields: - name: number type: long - default_field: false - name: avg_disk_write_queue_length description: physical_disk_performance.avg_disk_write_queue_length - Average number of write requests that were queued for the selected disk during the sample interval type: keyword @@ -672,7 +602,6 @@ multi_fields: - name: number type: long - default_field: false - name: backup_date description: time_machine_backups.backup_date - Backup Date type: keyword @@ -680,7 +609,6 @@ multi_fields: - name: number type: long - default_field: false - name: bank_locator description: memory_devices.bank_locator - String number of the string that identifies the physically-labeled bank where the memory device is located type: keyword @@ -689,7 +617,6 @@ - name: text type: text norms: false - default_field: false - name: base64 description: extended_attributes.base64 - 1 if the value is base64 encoded else 0 type: keyword @@ -697,7 +624,6 @@ multi_fields: - name: number type: long - default_field: false - name: base_image description: lxd_instances.base_image - ID of image used to launch this instance type: keyword @@ -706,7 +632,6 @@ - name: text type: text norms: false - default_field: false - name: base_uri description: apt_sources.base_uri - Repository base URI type: keyword @@ -715,7 +640,6 @@ - name: text type: text norms: false - default_field: false - name: baseurl description: yum_sources.baseurl - Repository base URL type: keyword @@ -724,7 +648,6 @@ - name: text type: text norms: false - default_field: false - name: basic_constraint description: curl_certificate.basic_constraint - Basic Constraints type: keyword @@ -733,7 +656,6 @@ - name: text type: text norms: false - default_field: false - name: binary_queue description: carbon_black_info.binary_queue - Size in bytes of binaries waiting to be sent to Carbon Black server type: keyword @@ -741,7 +663,6 @@ multi_fields: - name: number type: long - default_field: false - name: binding description: elf_symbols.binding - Binding type type: keyword @@ -750,7 +671,6 @@ - name: text type: text norms: false - default_field: false - name: bitmap_chunk_size description: md_devices.bitmap_chunk_size - Bitmap chunk size type: keyword @@ -759,7 +679,6 @@ - name: text type: text norms: false - default_field: false - name: bitmap_external_file description: md_devices.bitmap_external_file - External referenced bitmap file type: keyword @@ -768,7 +687,6 @@ - name: text type: text norms: false - default_field: false - name: bitmap_on_mem description: md_devices.bitmap_on_mem - Pages allocated in in-memory bitmap, if enabled type: keyword @@ -777,7 +695,6 @@ - name: text type: text norms: false - default_field: false - name: block description: ssh_configs.block - The host or match block type: keyword @@ -786,7 +703,6 @@ - name: text type: text norms: false - default_field: false - name: block_size description: |- block_devices.block_size - Block size in bytes @@ -797,7 +713,6 @@ multi_fields: - name: number type: long - default_field: false - name: blocks description: |- device_partitions.blocks - Number of blocks @@ -807,7 +722,6 @@ multi_fields: - name: number type: long - default_field: false - name: blocks_available description: mounts.blocks_available - Mounted device available blocks type: keyword @@ -815,7 +729,6 @@ multi_fields: - name: number type: long - default_field: false - name: blocks_free description: mounts.blocks_free - Mounted device free blocks type: keyword @@ -823,7 +736,6 @@ multi_fields: - name: number type: long - default_field: false - name: blocks_size description: |- device_partitions.blocks_size - Byte size of each block @@ -833,7 +745,6 @@ multi_fields: - name: number type: long - default_field: false - name: bluetooth_sharing description: sharing_preferences.bluetooth_sharing - 1 If bluetooth sharing is enabled for any user else 0 type: keyword @@ -841,7 +752,6 @@ multi_fields: - name: number type: long - default_field: false - name: board_model description: system_info.board_model - Board model type: keyword @@ -850,7 +760,6 @@ - name: text type: text norms: false - default_field: false - name: board_serial description: system_info.board_serial - Board serial number type: keyword @@ -859,7 +768,6 @@ - name: text type: text norms: false - default_field: false - name: board_vendor description: system_info.board_vendor - Board vendor type: keyword @@ -868,7 +776,6 @@ - name: text type: text norms: false - default_field: false - name: board_version description: system_info.board_version - Board version type: keyword @@ -877,7 +784,6 @@ - name: text type: text norms: false - default_field: false - name: boot_partition description: logical_drives.boot_partition - True if Windows booted from this drive. type: keyword @@ -885,7 +791,6 @@ multi_fields: - name: number type: long - default_field: false - name: boot_uuid description: ibridge_info.boot_uuid - Boot UUID of the iBridge controller type: keyword @@ -894,7 +799,6 @@ - name: text type: text norms: false - default_field: false - name: bp_microcode_disabled description: kva_speculative_info.bp_microcode_disabled - Branch Predictions are disabled due to lack of microcode update. type: keyword @@ -902,7 +806,6 @@ multi_fields: - name: number type: long - default_field: false - name: bp_mitigations description: kva_speculative_info.bp_mitigations - Branch Prediction mitigations are enabled. type: keyword @@ -910,7 +813,6 @@ multi_fields: - name: number type: long - default_field: false - name: bp_system_pol_disabled description: kva_speculative_info.bp_system_pol_disabled - Branch Predictions are disabled via system policy. type: keyword @@ -918,7 +820,6 @@ multi_fields: - name: number type: long - default_field: false - name: breach_description description: chassis_info.breach_description - If provided, gives a more detailed description of a detected security breach. type: keyword @@ -927,7 +828,6 @@ - name: text type: text norms: false - default_field: false - name: bridge_nf_ip6tables description: docker_info.bridge_nf_ip6tables - 1 if bridge netfilter ip6tables is enabled. 0 otherwise type: keyword @@ -935,7 +835,6 @@ multi_fields: - name: number type: long - default_field: false - name: bridge_nf_iptables description: docker_info.bridge_nf_iptables - 1 if bridge netfilter iptables is enabled. 0 otherwise type: keyword @@ -943,7 +842,6 @@ multi_fields: - name: number type: long - default_field: false - name: broadcast description: interface_addresses.broadcast - Broadcast address for the interface type: keyword @@ -952,7 +850,6 @@ - name: text type: text norms: false - default_field: false - name: browser_type description: |- chrome_extension_content_scripts.browser_type - The browser type (Valid values: chrome, chromium, opera, yandex, brave) @@ -963,7 +860,6 @@ - name: text type: text norms: false - default_field: false - name: bsd_flags description: "file.bsd_flags - The BSD file flags (chflags). Possible values: NODUMP, UF_IMMUTABLE, UF_APPEND, OPAQUE, HIDDEN, ARCHIVED, SF_IMMUTABLE, SF_APPEND" type: keyword @@ -972,7 +868,6 @@ - name: text type: text norms: false - default_field: false - name: bssid description: |- wifi_status.bssid - The current basic service set identifier @@ -983,7 +878,6 @@ - name: text type: text norms: false - default_field: false - name: btime description: |- file.btime - (B)irth or (cr)eate time @@ -993,7 +887,6 @@ multi_fields: - name: number type: long - default_field: false - name: buffers description: memory_info.buffers - The amount of physical RAM, in bytes, used for file buffers type: keyword @@ -1001,7 +894,6 @@ multi_fields: - name: number type: long - default_field: false - name: build description: os_version.build - Optional build-specific or variant string type: keyword @@ -1010,7 +902,6 @@ - name: text type: text norms: false - default_field: false - name: build_distro description: osquery_info.build_distro - osquery toolkit platform distribution name (os version) type: keyword @@ -1019,7 +910,6 @@ - name: text type: text norms: false - default_field: false - name: build_id description: sandboxes.build_id - Sandbox-specific identifier type: keyword @@ -1028,7 +918,6 @@ - name: text type: text norms: false - default_field: false - name: build_number description: windows_crashes.build_number - Windows build number of the crashing machine type: keyword @@ -1036,7 +925,6 @@ multi_fields: - name: number type: long - default_field: false - name: build_platform description: osquery_info.build_platform - osquery toolkit build platform type: keyword @@ -1045,7 +933,6 @@ - name: text type: text norms: false - default_field: false - name: build_time description: |- docker_version.build_time - Build time @@ -1056,7 +943,6 @@ - name: text type: text norms: false - default_field: false - name: bundle_executable description: apps.bundle_executable - Info properties CFBundleExecutable label type: keyword @@ -1065,7 +951,6 @@ - name: text type: text norms: false - default_field: false - name: bundle_identifier description: |- apps.bundle_identifier - Info properties CFBundleIdentifier label @@ -1076,7 +961,6 @@ - name: text type: text norms: false - default_field: false - name: bundle_name description: apps.bundle_name - Info properties CFBundleName label type: keyword @@ -1085,7 +969,6 @@ - name: text type: text norms: false - default_field: false - name: bundle_package_type description: apps.bundle_package_type - Info properties CFBundlePackageType label type: keyword @@ -1094,7 +977,6 @@ - name: text type: text norms: false - default_field: false - name: bundle_path description: |- sandboxes.bundle_path - Application bundle used by the sandbox @@ -1105,7 +987,6 @@ - name: text type: text norms: false - default_field: false - name: bundle_short_version description: apps.bundle_short_version - Info properties CFBundleShortVersionString label type: keyword @@ -1114,7 +995,6 @@ - name: text type: text norms: false - default_field: false - name: bundle_version description: apps.bundle_version - Info properties CFBundleVersion label type: keyword @@ -1123,7 +1003,6 @@ - name: text type: text norms: false - default_field: false - name: busy_state description: |- iokit_devicetree.busy_state - 1 if the device is in a busy state else 0 @@ -1133,7 +1012,6 @@ multi_fields: - name: number type: long - default_field: false - name: bytes description: |- curl.bytes - Number of bytes in the response @@ -1143,7 +1021,6 @@ multi_fields: - name: number type: long - default_field: false - name: bytes_available description: time_machine_destinations.bytes_available - Bytes available on volume type: keyword @@ -1151,7 +1028,6 @@ multi_fields: - name: number type: long - default_field: false - name: bytes_received description: lxd_networks.bytes_received - Number of bytes received on this network type: keyword @@ -1159,7 +1035,6 @@ multi_fields: - name: number type: long - default_field: false - name: bytes_sent description: lxd_networks.bytes_sent - Number of bytes sent on this network type: keyword @@ -1167,7 +1042,6 @@ multi_fields: - name: number type: long - default_field: false - name: bytes_used description: time_machine_destinations.bytes_used - Bytes used on volume type: keyword @@ -1175,7 +1049,6 @@ multi_fields: - name: number type: long - default_field: false - name: ca description: "certificates.ca - 1 if CA: true (certificate is an authority) else 0" type: keyword @@ -1183,7 +1056,6 @@ multi_fields: - name: number type: long - default_field: false - name: cache_path description: quicklook_cache.cache_path - Path to cache data type: keyword @@ -1192,7 +1064,6 @@ - name: text type: text norms: false - default_field: false - name: cached description: |- lxd_images.cached - Whether image is cached (1) or not (0) @@ -1202,7 +1073,6 @@ multi_fields: - name: number type: long - default_field: false - name: capability description: apparmor_events.capability - Capability number type: keyword @@ -1210,7 +1080,6 @@ multi_fields: - name: number type: long - default_field: false - name: capname description: apparmor_events.capname - Capability requested by the process type: keyword @@ -1219,7 +1088,6 @@ - name: text type: text norms: false - default_field: false - name: caption description: |- patches.caption - Short description of the patch. @@ -1230,7 +1098,6 @@ - name: text type: text norms: false - default_field: false - name: captive_portal description: wifi_networks.captive_portal - 1 if this network has a captive portal, 0 otherwise type: keyword @@ -1238,7 +1105,6 @@ multi_fields: - name: number type: long - default_field: false - name: carve description: carves.carve - Set this value to '1' to start a file carve type: keyword @@ -1246,7 +1112,6 @@ multi_fields: - name: number type: long - default_field: false - name: carve_guid description: carves.carve_guid - Identifying value of the carve session type: keyword @@ -1255,7 +1120,6 @@ - name: text type: text norms: false - default_field: false - name: category description: |- apps.category - The UTI that categorizes the app for the App Store @@ -1270,7 +1134,6 @@ - name: text type: text norms: false - default_field: false - name: cdhash description: |- es_process_events.cdhash - Codesigning hash of the process @@ -1281,7 +1144,6 @@ - name: text type: text norms: false - default_field: false - name: celsius description: temperature_sensors.celsius - Temperature in Celsius type: keyword @@ -1289,7 +1151,6 @@ multi_fields: - name: number type: double - default_field: false - name: certificate description: lxd_certificates.certificate - Certificate content type: keyword @@ -1298,7 +1159,6 @@ - name: text type: text norms: false - default_field: false - name: cgroup_driver description: docker_info.cgroup_driver - Control groups driver type: keyword @@ -1307,7 +1167,6 @@ - name: text type: text norms: false - default_field: false - name: cgroup_namespace description: |- docker_containers.cgroup_namespace - cgroup namespace @@ -1318,7 +1177,6 @@ - name: text type: text norms: false - default_field: false - name: chain description: iptables.chain - Size of module content. type: keyword @@ -1327,7 +1185,6 @@ - name: text type: text norms: false - default_field: false - name: change_type description: "docker_container_fs_changes.change_type - Type of change: C:Modified, A:Added, D:Deleted" type: keyword @@ -1336,7 +1193,6 @@ - name: text type: text norms: false - default_field: false - name: channel description: |- wifi_status.channel - Channel number @@ -1353,7 +1209,6 @@ multi_fields: - name: number type: long - default_field: false - name: channel_width description: |- wifi_status.channel_width - Channel width @@ -1363,7 +1218,6 @@ multi_fields: - name: number type: long - default_field: false - name: charged description: battery.charged - 1 if the battery is currently completely charged. 0 otherwise type: keyword @@ -1371,7 +1225,6 @@ multi_fields: - name: number type: long - default_field: false - name: charging description: battery.charging - 1 if the battery is currently being charged by a power source. 0 otherwise type: keyword @@ -1379,7 +1232,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_bridge_capability_available description: lldp_neighbors.chassis_bridge_capability_available - Chassis bridge capability availability type: keyword @@ -1387,7 +1239,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_bridge_capability_enabled description: lldp_neighbors.chassis_bridge_capability_enabled - Is chassis bridge capability enabled. type: keyword @@ -1395,7 +1246,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_docsis_capability_available description: lldp_neighbors.chassis_docsis_capability_available - Chassis DOCSIS capability availability type: keyword @@ -1403,7 +1253,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_docsis_capability_enabled description: lldp_neighbors.chassis_docsis_capability_enabled - Chassis DOCSIS capability enabled type: keyword @@ -1411,7 +1260,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_id description: lldp_neighbors.chassis_id - Neighbor chassis ID value type: keyword @@ -1420,7 +1268,6 @@ - name: text type: text norms: false - default_field: false - name: chassis_id_type description: lldp_neighbors.chassis_id_type - Neighbor chassis ID type type: keyword @@ -1429,7 +1276,6 @@ - name: text type: text norms: false - default_field: false - name: chassis_mgmt_ips description: lldp_neighbors.chassis_mgmt_ips - Comma delimited list of chassis management IPS type: keyword @@ -1438,7 +1284,6 @@ - name: text type: text norms: false - default_field: false - name: chassis_other_capability_available description: lldp_neighbors.chassis_other_capability_available - Chassis other capability availability type: keyword @@ -1446,7 +1291,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_other_capability_enabled description: lldp_neighbors.chassis_other_capability_enabled - Chassis other capability enabled type: keyword @@ -1454,7 +1298,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_repeater_capability_available description: lldp_neighbors.chassis_repeater_capability_available - Chassis repeater capability availability type: keyword @@ -1462,7 +1305,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_repeater_capability_enabled description: lldp_neighbors.chassis_repeater_capability_enabled - Chassis repeater capability enabled type: keyword @@ -1470,7 +1312,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_router_capability_available description: lldp_neighbors.chassis_router_capability_available - Chassis router capability availability type: keyword @@ -1478,7 +1319,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_router_capability_enabled description: lldp_neighbors.chassis_router_capability_enabled - Chassis router capability enabled type: keyword @@ -1486,7 +1326,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_station_capability_available description: lldp_neighbors.chassis_station_capability_available - Chassis station capability availability type: keyword @@ -1494,7 +1333,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_station_capability_enabled description: lldp_neighbors.chassis_station_capability_enabled - Chassis station capability enabled type: keyword @@ -1502,7 +1340,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_sys_description description: lldp_neighbors.chassis_sys_description - Max number of CPU physical cores type: keyword @@ -1510,7 +1347,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_sysname description: lldp_neighbors.chassis_sysname - CPU brand string, contains vendor and model type: keyword @@ -1519,7 +1355,6 @@ - name: text type: text norms: false - default_field: false - name: chassis_tel_capability_available description: lldp_neighbors.chassis_tel_capability_available - Chassis telephone capability availability type: keyword @@ -1527,7 +1362,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_tel_capability_enabled description: lldp_neighbors.chassis_tel_capability_enabled - Chassis telephone capability enabled type: keyword @@ -1535,7 +1369,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_types description: chassis_info.chassis_types - A comma-separated list of chassis types, such as Desktop or Laptop. type: keyword @@ -1544,7 +1377,6 @@ - name: text type: text norms: false - default_field: false - name: chassis_wlan_capability_available description: lldp_neighbors.chassis_wlan_capability_available - Chassis wlan capability availability type: keyword @@ -1552,7 +1384,6 @@ multi_fields: - name: number type: long - default_field: false - name: chassis_wlan_capability_enabled description: lldp_neighbors.chassis_wlan_capability_enabled - Chassis wlan capability enabled type: keyword @@ -1560,7 +1391,6 @@ multi_fields: - name: number type: long - default_field: false - name: check_array_finish description: md_devices.check_array_finish - Estimated duration of the check array activity type: keyword @@ -1569,7 +1399,6 @@ - name: text type: text norms: false - default_field: false - name: check_array_progress description: md_devices.check_array_progress - Progress of the check array activity type: keyword @@ -1578,7 +1407,6 @@ - name: text type: text norms: false - default_field: false - name: check_array_speed description: md_devices.check_array_speed - Speed of the check array activity type: keyword @@ -1587,7 +1415,6 @@ - name: text type: text norms: false - default_field: false - name: checksum description: disk_events.checksum - UDIF Master checksum if available (CRC32) type: keyword @@ -1596,7 +1423,6 @@ - name: text type: text norms: false - default_field: false - name: child_pid description: es_process_events.child_pid - Process ID of a child process in case of a fork event type: keyword @@ -1604,7 +1430,6 @@ multi_fields: - name: number type: long - default_field: false - name: chunk_size description: md_devices.chunk_size - chunk size in bytes type: keyword @@ -1612,7 +1437,6 @@ multi_fields: - name: number type: long - default_field: false - name: cid description: |- bpf_process_events.cid - Cgroup ID @@ -1622,7 +1446,6 @@ multi_fields: - name: number type: long - default_field: false - name: class description: |- authorizations.class - Label top-level key @@ -1642,7 +1465,6 @@ - name: text type: text norms: false - default_field: false - name: client_site_name description: ntdomains.client_site_name - The name of the site where the domain controller is configured. type: keyword @@ -1651,7 +1473,6 @@ - name: text type: text norms: false - default_field: false - name: cmdline description: |- bpf_process_events.cmdline - Command line arguments @@ -1665,7 +1486,6 @@ - name: text type: text norms: false - default_field: false - name: cmdline_count description: es_process_events.cmdline_count - Number of command line arguments type: keyword @@ -1673,7 +1493,6 @@ multi_fields: - name: number type: long - default_field: false - name: cmdline_size description: process_events.cmdline_size - Actual size (bytes) of command line arguments type: keyword @@ -1681,7 +1500,6 @@ multi_fields: - name: number type: long - default_field: false - name: code description: seccomp_events.code - The seccomp action type: keyword @@ -1690,7 +1508,6 @@ - name: text type: text norms: false - default_field: false - name: code_integrity_policy_enforcement_status description: hvci_status.code_integrity_policy_enforcement_status - The status of the code integrity policy enforcement settings. Returns UNKNOWN if an error is encountered. type: keyword @@ -1699,7 +1516,6 @@ - name: text type: text norms: false - default_field: false - name: codename description: os_version.codename - OS version codename type: keyword @@ -1708,7 +1524,6 @@ - name: text type: text norms: false - default_field: false - name: collect_cross_processes description: carbon_black_info.collect_cross_processes - If the sensor is configured to cross process events type: keyword @@ -1716,7 +1531,6 @@ multi_fields: - name: number type: long - default_field: false - name: collect_data_file_writes description: carbon_black_info.collect_data_file_writes - If the sensor is configured to collect non binary file writes type: keyword @@ -1724,7 +1538,6 @@ multi_fields: - name: number type: long - default_field: false - name: collect_emet_events description: carbon_black_info.collect_emet_events - If the sensor is configured to EMET events type: keyword @@ -1732,7 +1545,6 @@ multi_fields: - name: number type: long - default_field: false - name: collect_file_mods description: carbon_black_info.collect_file_mods - If the sensor is configured to collect file modification events type: keyword @@ -1740,7 +1552,6 @@ multi_fields: - name: number type: long - default_field: false - name: collect_module_info description: carbon_black_info.collect_module_info - If the sensor is configured to collect metadata of binaries type: keyword @@ -1748,7 +1559,6 @@ multi_fields: - name: number type: long - default_field: false - name: collect_module_loads description: carbon_black_info.collect_module_loads - If the sensor is configured to capture module loads type: keyword @@ -1756,7 +1566,6 @@ multi_fields: - name: number type: long - default_field: false - name: collect_net_conns description: carbon_black_info.collect_net_conns - If the sensor is configured to collect network connections type: keyword @@ -1764,7 +1573,6 @@ multi_fields: - name: number type: long - default_field: false - name: collect_process_user_context description: carbon_black_info.collect_process_user_context - If the sensor is configured to collect the user running a process type: keyword @@ -1772,7 +1580,6 @@ multi_fields: - name: number type: long - default_field: false - name: collect_processes description: carbon_black_info.collect_processes - If the sensor is configured to process events type: keyword @@ -1780,7 +1587,6 @@ multi_fields: - name: number type: long - default_field: false - name: collect_reg_mods description: carbon_black_info.collect_reg_mods - If the sensor is configured to collect registry modification events type: keyword @@ -1788,7 +1594,6 @@ multi_fields: - name: number type: long - default_field: false - name: collect_sensor_operations description: carbon_black_info.collect_sensor_operations - Unknown type: keyword @@ -1796,7 +1601,6 @@ multi_fields: - name: number type: long - default_field: false - name: collect_store_files description: carbon_black_info.collect_store_files - If the sensor is configured to send back binaries to the Carbon Black server type: keyword @@ -1804,7 +1608,6 @@ multi_fields: - name: number type: long - default_field: false - name: collisions description: interface_details.collisions - Packet Collisions detected type: keyword @@ -1812,7 +1615,6 @@ multi_fields: - name: number type: long - default_field: false - name: color_depth description: video_info.color_depth - The amount of bits per pixel to represent color. type: keyword @@ -1820,7 +1622,6 @@ multi_fields: - name: number type: long - default_field: false - name: comm description: |- apparmor_events.comm - Command-line name of the command that was used to invoke the analyzed process @@ -1831,7 +1632,6 @@ - name: text type: text norms: false - default_field: false - name: command description: |- crontab.command - Raw command string @@ -1843,7 +1643,6 @@ - name: text type: text norms: false - default_field: false - name: command_args description: shortcut_files.command_args - Command args passed to lnk file. type: keyword @@ -1852,7 +1651,6 @@ - name: text type: text norms: false - default_field: false - name: command_line description: windows_crashes.command_line - Command-line string passed to the crashed process type: keyword @@ -1861,7 +1659,6 @@ - name: text type: text norms: false - default_field: false - name: command_line_template description: wmi_cli_event_consumers.command_line_template - Standard string template that specifies the process to be started. This property can be NULL, and the ExecutablePath property is used as the command line. type: keyword @@ -1870,7 +1667,6 @@ - name: text type: text norms: false - default_field: false - name: comment description: |- authorizations.comment - Label top-level key @@ -1885,7 +1681,6 @@ - name: text type: text norms: false - default_field: false - name: common_name description: |- certificates.common_name - Certificate CommonName @@ -1896,7 +1691,6 @@ - name: text type: text norms: false - default_field: false - name: common_path description: shortcut_files.common_path - Common system path to target file. type: keyword @@ -1905,7 +1699,6 @@ - name: text type: text norms: false - default_field: false - name: compat description: seccomp_events.compat - Is system call in compatibility mode type: keyword @@ -1913,7 +1706,6 @@ multi_fields: - name: number type: long - default_field: false - name: compiler description: apps.compiler - Info properties DTCompiler label type: keyword @@ -1922,7 +1714,6 @@ - name: text type: text norms: false - default_field: false - name: completed_time description: cups_jobs.completed_time - When the job completed printing type: keyword @@ -1930,7 +1721,6 @@ multi_fields: - name: number type: long - default_field: false - name: components description: apt_sources.components - Repository components type: keyword @@ -1939,7 +1729,6 @@ - name: text type: text norms: false - default_field: false - name: compressed description: virtual_memory_info.compressed - The total number of pages that have been compressed by the VM compressor. type: keyword @@ -1947,7 +1736,6 @@ multi_fields: - name: number type: long - default_field: false - name: compressor description: virtual_memory_info.compressor - The number of pages used to store compressed VM pages. type: keyword @@ -1955,7 +1743,6 @@ multi_fields: - name: number type: long - default_field: false - name: computer_name description: |- system_info.computer_name - Friendly computer name (optional) @@ -1967,7 +1754,6 @@ - name: text type: text norms: false - default_field: false - name: condition description: 'battery.condition - One of the following: "Normal" indicates the condition of the battery is within normal tolerances, "Service Needed" indicates that the battery should be checked out by a licensed Mac repair service, "Permanent Failure" indicates the battery needs replacement' type: keyword @@ -1976,7 +1762,6 @@ - name: text type: text norms: false - default_field: false - name: config_entrypoint description: docker_containers.config_entrypoint - Container entrypoint(s) type: keyword @@ -1985,7 +1770,6 @@ - name: text type: text norms: false - default_field: false - name: config_flag description: sip_config.config_flag - The System Integrity Protection config flag type: keyword @@ -1994,7 +1778,6 @@ - name: text type: text norms: false - default_field: false - name: config_hash description: osquery_info.config_hash - Hash of the working configuration state type: keyword @@ -2003,7 +1786,6 @@ - name: text type: text norms: false - default_field: false - name: config_name description: carbon_black_info.config_name - Sensor group type: keyword @@ -2012,7 +1794,6 @@ - name: text type: text norms: false - default_field: false - name: config_valid description: osquery_info.config_valid - 1 if the config was loaded and considered valid, else 0 type: keyword @@ -2020,7 +1801,6 @@ multi_fields: - name: number type: long - default_field: false - name: config_value description: system_controls.config_value - The MIB value set in /etc/sysctl.conf type: keyword @@ -2029,7 +1809,6 @@ - name: text type: text norms: false - default_field: false - name: configured_clock_speed description: memory_devices.configured_clock_speed - Configured speed of memory device in megatransfers per second (MT/s) type: keyword @@ -2037,7 +1816,6 @@ multi_fields: - name: number type: long - default_field: false - name: configured_voltage description: memory_devices.configured_voltage - Configured operating voltage of device in millivolts type: keyword @@ -2045,7 +1823,6 @@ multi_fields: - name: number type: long - default_field: false - name: connection_id description: interface_details.connection_id - Name of the network connection as it appears in the Network Connections Control Panel program. type: keyword @@ -2054,7 +1831,6 @@ - name: text type: text norms: false - default_field: false - name: connection_status description: interface_details.connection_status - State of the network adapter connection to the network. type: keyword @@ -2063,7 +1839,6 @@ - name: text type: text norms: false - default_field: false - name: consistency_scan_date description: time_machine_destinations.consistency_scan_date - Consistency scan date type: keyword @@ -2071,7 +1846,6 @@ multi_fields: - name: number type: long - default_field: false - name: consumer description: wmi_filter_consumer_binding.consumer - Reference to an instance of __EventConsumer that represents the object path to a logical consumer, the recipient of an event. type: keyword @@ -2080,7 +1854,6 @@ - name: text type: text norms: false - default_field: false - name: containers description: docker_info.containers - Total number of containers type: keyword @@ -2088,7 +1861,6 @@ multi_fields: - name: number type: long - default_field: false - name: containers_paused description: docker_info.containers_paused - Number of containers in paused state type: keyword @@ -2096,7 +1868,6 @@ multi_fields: - name: number type: long - default_field: false - name: containers_running description: docker_info.containers_running - Number of containers currently running type: keyword @@ -2104,7 +1875,6 @@ multi_fields: - name: number type: long - default_field: false - name: containers_stopped description: docker_info.containers_stopped - Number of containers in stopped state type: keyword @@ -2112,7 +1882,6 @@ multi_fields: - name: number type: long - default_field: false - name: content description: disk_events.content - Disk event content type: keyword @@ -2121,7 +1890,6 @@ - name: text type: text norms: false - default_field: false - name: content_caching description: sharing_preferences.content_caching - 1 If content caching is enabled else 0 type: keyword @@ -2129,7 +1897,6 @@ multi_fields: - name: number type: long - default_field: false - name: content_type description: package_install_history.content_type - Package content_type (optional) type: keyword @@ -2138,7 +1905,6 @@ - name: text type: text norms: false - default_field: false - name: conversion_status description: bitlocker_info.conversion_status - The bitlocker conversion status of the drive. type: keyword @@ -2146,7 +1912,6 @@ multi_fields: - name: number type: long - default_field: false - name: coprocessor_version description: ibridge_info.coprocessor_version - The manufacturer and chip version type: keyword @@ -2155,7 +1920,6 @@ - name: text type: text norms: false - default_field: false - name: copy description: virtual_memory_info.copy - Total number of copy-on-write pages. type: keyword @@ -2163,7 +1927,6 @@ multi_fields: - name: number type: long - default_field: false - name: copyright description: apps.copyright - Info properties NSHumanReadableCopyright label type: keyword @@ -2172,7 +1935,6 @@ - name: text type: text norms: false - default_field: false - name: core description: cpu_time.core - Name of the cpu (core) type: keyword @@ -2180,7 +1942,6 @@ multi_fields: - name: number type: long - default_field: false - name: cosine_similarity description: powershell_events.cosine_similarity - How similar the Powershell script is to a provided 'normal' character frequency type: keyword @@ -2188,7 +1949,6 @@ multi_fields: - name: number type: double - default_field: false - name: count description: |- userassist.count - Number of times the application has been executed. @@ -2199,7 +1959,6 @@ multi_fields: - name: number type: long - default_field: false - name: country_code description: |- wifi_status.country_code - The country code (ISO/IEC 3166-1:1997) for the network @@ -2210,7 +1969,6 @@ - name: text type: text norms: false - default_field: false - name: cpu description: docker_container_processes.cpu - CPU utilization as percentage type: keyword @@ -2218,7 +1976,6 @@ multi_fields: - name: number type: double - default_field: false - name: cpu_brand description: system_info.cpu_brand - CPU brand string, contains vendor and model type: keyword @@ -2227,7 +1984,6 @@ - name: text type: text norms: false - default_field: false - name: cpu_cfs_period description: docker_info.cpu_cfs_period - 1 if CPU Completely Fair Scheduler (CFS) period support is enabled. 0 otherwise type: keyword @@ -2235,7 +1991,6 @@ multi_fields: - name: number type: long - default_field: false - name: cpu_cfs_quota description: docker_info.cpu_cfs_quota - 1 if CPU Completely Fair Scheduler (CFS) quota support is enabled. 0 otherwise type: keyword @@ -2243,7 +1998,6 @@ multi_fields: - name: number type: long - default_field: false - name: cpu_kernelmode_usage description: docker_container_stats.cpu_kernelmode_usage - CPU kernel mode usage type: keyword @@ -2251,7 +2005,6 @@ multi_fields: - name: number type: long - default_field: false - name: cpu_logical_cores description: system_info.cpu_logical_cores - Number of logical CPU cores available to the system type: keyword @@ -2259,7 +2012,6 @@ multi_fields: - name: number type: long - default_field: false - name: cpu_microcode description: system_info.cpu_microcode - Microcode version type: keyword @@ -2268,7 +2020,6 @@ - name: text type: text norms: false - default_field: false - name: cpu_physical_cores description: system_info.cpu_physical_cores - Number of physical CPU cores in to the system type: keyword @@ -2276,7 +2027,6 @@ multi_fields: - name: number type: long - default_field: false - name: cpu_pred_cmd_supported description: kva_speculative_info.cpu_pred_cmd_supported - PRED_CMD MSR supported by CPU Microcode. type: keyword @@ -2284,7 +2034,6 @@ multi_fields: - name: number type: long - default_field: false - name: cpu_set description: docker_info.cpu_set - 1 if CPU set selection support is enabled. 0 otherwise type: keyword @@ -2292,7 +2041,6 @@ multi_fields: - name: number type: long - default_field: false - name: cpu_shares description: docker_info.cpu_shares - 1 if CPU share weighting support is enabled. 0 otherwise type: keyword @@ -2300,7 +2048,6 @@ multi_fields: - name: number type: long - default_field: false - name: cpu_spec_ctrl_supported description: kva_speculative_info.cpu_spec_ctrl_supported - SPEC_CTRL MSR supported by CPU Microcode. type: keyword @@ -2308,7 +2055,6 @@ multi_fields: - name: number type: long - default_field: false - name: cpu_status description: cpu_info.cpu_status - The current operating status of the CPU. type: keyword @@ -2316,7 +2062,6 @@ multi_fields: - name: number type: long - default_field: false - name: cpu_subtype description: |- processes.cpu_subtype - Indicates the specific processor on which an entry may be used. @@ -2330,7 +2075,6 @@ multi_fields: - name: number type: long - default_field: false - name: cpu_type description: |- processes.cpu_type - Indicates the specific processor designed for installation. @@ -2344,7 +2088,6 @@ multi_fields: - name: number type: long - default_field: false - name: cpus description: docker_info.cpus - Number of CPUs type: keyword @@ -2352,7 +2095,6 @@ multi_fields: - name: number type: long - default_field: false - name: crash_path description: |- crashes.crash_path - Location of log file @@ -2363,7 +2105,6 @@ - name: text type: text norms: false - default_field: false - name: crashed_thread description: crashes.crashed_thread - Thread ID which crashed type: keyword @@ -2371,7 +2112,6 @@ multi_fields: - name: number type: long - default_field: false - name: created description: |- authorizations.created - Label top-level key @@ -2386,7 +2126,6 @@ - name: text type: text norms: false - default_field: false - name: created_at description: |- lxd_images.created_at - ISO time of image creation @@ -2397,7 +2136,6 @@ - name: text type: text norms: false - default_field: false - name: created_by description: docker_image_history.created_by - Created by instruction type: keyword @@ -2406,7 +2144,6 @@ - name: text type: text norms: false - default_field: false - name: created_time description: shellbags.created_time - Directory Created time. type: keyword @@ -2414,7 +2151,6 @@ multi_fields: - name: number type: long - default_field: false - name: creation_time description: |- account_policy_data.creation_time - When the account was first created @@ -2429,7 +2165,6 @@ - name: text type: text norms: false - default_field: false - name: creator_pid description: shared_memory.creator_pid - Process ID that created the segment type: keyword @@ -2437,7 +2172,6 @@ multi_fields: - name: number type: long - default_field: false - name: creator_uid description: shared_memory.creator_uid - User ID of creator process type: keyword @@ -2445,7 +2179,6 @@ multi_fields: - name: number type: long - default_field: false - name: csname description: patches.csname - The name of the host the patch is installed on. type: keyword @@ -2454,7 +2187,6 @@ - name: text type: text norms: false - default_field: false - name: ctime description: |- device_file.ctime - Creation time @@ -2472,7 +2204,6 @@ multi_fields: - name: number type: long - default_field: false - name: current_clock_speed description: cpu_info.current_clock_speed - The current frequency of the CPU. type: keyword @@ -2480,7 +2211,6 @@ multi_fields: - name: number type: long - default_field: false - name: current_directory description: windows_crashes.current_directory - Current working directory of the crashed process type: keyword @@ -2489,7 +2219,6 @@ - name: text type: text norms: false - default_field: false - name: current_disk_queue_length description: physical_disk_performance.current_disk_queue_length - Number of requests outstanding on the disk at the time the performance data is collected type: keyword @@ -2497,7 +2226,6 @@ multi_fields: - name: number type: long - default_field: false - name: current_locale description: chrome_extensions.current_locale - Current locale supported by extension type: keyword @@ -2506,7 +2234,6 @@ - name: text type: text norms: false - default_field: false - name: current_value description: system_controls.current_value - Value of setting type: keyword @@ -2515,7 +2242,6 @@ - name: text type: text norms: false - default_field: false - name: cwd description: |- bpf_process_events.cwd - Current working directory @@ -2529,7 +2255,6 @@ - name: text type: text norms: false - default_field: false - name: cycle_count description: battery.cycle_count - The number of charge/discharge cycles type: keyword @@ -2537,7 +2262,6 @@ multi_fields: - name: number type: long - default_field: false - name: data description: |- magic.data - Magic number data from libmagic @@ -2550,7 +2274,6 @@ - name: text type: text norms: false - default_field: false - name: data_width description: memory_devices.data_width - Data width, in bits, of this memory device type: keyword @@ -2558,7 +2281,6 @@ multi_fields: - name: number type: long - default_field: false - name: database description: lxd_cluster_members.database - Whether the server is a database node (1) or not (0) type: keyword @@ -2566,7 +2288,6 @@ multi_fields: - name: number type: long - default_field: false - name: date description: |- drivers.date - Driver date @@ -2588,7 +2309,6 @@ - name: text type: text norms: false - default_field: false - name: day description: time.day - Current day in UTC type: keyword @@ -2596,7 +2316,6 @@ multi_fields: - name: number type: long - default_field: false - name: day_of_month description: crontab.day_of_month - The day of the month for the job type: keyword @@ -2605,7 +2324,6 @@ - name: text type: text norms: false - default_field: false - name: day_of_week description: crontab.day_of_week - The day of the week for the job type: keyword @@ -2614,7 +2332,6 @@ - name: text type: text norms: false - default_field: false - name: days description: uptime.days - Days of uptime type: keyword @@ -2622,7 +2339,6 @@ multi_fields: - name: number type: long - default_field: false - name: dc_site_name description: ntdomains.dc_site_name - The name of the site where the domain controller is located. type: keyword @@ -2631,7 +2347,6 @@ - name: text type: text norms: false - default_field: false - name: decompressed description: virtual_memory_info.decompressed - The total number of pages that have been decompressed by the VM compressor. type: keyword @@ -2639,7 +2354,6 @@ multi_fields: - name: number type: long - default_field: false - name: default_locale description: chrome_extensions.default_locale - Default locale supported by extension type: keyword @@ -2648,7 +2362,6 @@ - name: text type: text norms: false - default_field: false - name: default_value description: osquery_flags.default_value - Flag default value type: keyword @@ -2657,7 +2370,6 @@ - name: text type: text norms: false - default_field: false - name: denied_mask description: apparmor_events.denied_mask - Denied permissions for the process type: keyword @@ -2666,7 +2378,6 @@ - name: text type: text norms: false - default_field: false - name: denylisted description: osquery_schedule.denylisted - 1 if the query is denylisted else 0 type: keyword @@ -2674,7 +2385,6 @@ multi_fields: - name: number type: long - default_field: false - name: dependencies description: kernel_panics.dependencies - Module dependencies existing in crashed module's backtrace type: keyword @@ -2683,7 +2393,6 @@ - name: text type: text norms: false - default_field: false - name: depth description: |- iokit_devicetree.depth - Device nested depth @@ -2693,7 +2402,6 @@ multi_fields: - name: number type: long - default_field: false - name: description description: |- appcompat_shims.description - Description of the SDB. @@ -2727,7 +2435,6 @@ - name: text type: text norms: false - default_field: false - name: designed_capacity description: battery.designed_capacity - The battery's designed capacity in mAh type: keyword @@ -2735,7 +2442,6 @@ multi_fields: - name: number type: long - default_field: false - name: dest_path description: process_file_events.dest_path - The canonical path associated with the event type: keyword @@ -2744,7 +2450,6 @@ - name: text type: text norms: false - default_field: false - name: destination description: |- cups_jobs.destination - The printer the job was sent to @@ -2756,7 +2461,6 @@ - name: text type: text norms: false - default_field: false - name: destination_id description: |- time_machine_backups.destination_id - Time Machine destination ID @@ -2767,7 +2471,6 @@ - name: text type: text norms: false - default_field: false - name: dev_id_enabled description: gatekeeper.dev_id_enabled - 1 If a Gatekeeper allows execution from identified developers else 0 type: keyword @@ -2775,7 +2478,6 @@ multi_fields: - name: number type: long - default_field: false - name: developer_id description: |- safari_extensions.developer_id - Optional developer identifier @@ -2786,7 +2488,6 @@ - name: text type: text norms: false - default_field: false - name: development_region description: |- apps.development_region - Info properties CFBundleDevelopmentRegion label @@ -2797,7 +2498,6 @@ - name: text type: text norms: false - default_field: false - name: device description: |- device_file.device - Absolute file path to device node @@ -2816,7 +2516,6 @@ - name: text type: text norms: false - default_field: false - name: device_alias description: mounts.device_alias - Mounted device alias type: keyword @@ -2825,7 +2524,6 @@ - name: text type: text norms: false - default_field: false - name: device_error_address description: memory_error_info.device_error_address - 32 bit physical address of the error relative to the start of the failing memory address, in bytes type: keyword @@ -2834,7 +2532,6 @@ - name: text type: text norms: false - default_field: false - name: device_id description: |- bitlocker_info.device_id - ID of the encrypted drive. @@ -2847,7 +2544,6 @@ - name: text type: text norms: false - default_field: false - name: device_locator description: memory_devices.device_locator - String number of the string that identifies the physically-labeled socket or board position where the memory device is located type: keyword @@ -2856,7 +2552,6 @@ - name: text type: text norms: false - default_field: false - name: device_model description: smart_drive_info.device_model - Device Model type: keyword @@ -2865,7 +2560,6 @@ - name: text type: text norms: false - default_field: false - name: device_name description: |- drivers.device_name - Device name @@ -2877,7 +2571,6 @@ - name: text type: text norms: false - default_field: false - name: device_path description: iokit_devicetree.device_path - Device tree path type: keyword @@ -2886,7 +2579,6 @@ - name: text type: text norms: false - default_field: false - name: device_type description: |- lxd_instance_devices.device_type - Device type @@ -2897,7 +2589,6 @@ - name: text type: text norms: false - default_field: false - name: dhcp_enabled description: interface_details.dhcp_enabled - If TRUE, the dynamic host configuration protocol (DHCP) server automatically assigns an IP address to the computer system when establishing a network connection. type: keyword @@ -2905,7 +2596,6 @@ multi_fields: - name: number type: long - default_field: false - name: dhcp_lease_expires description: interface_details.dhcp_lease_expires - Expiration date and time for a leased IP address that was assigned to the computer by the dynamic host configuration protocol (DHCP) server. type: keyword @@ -2914,7 +2604,6 @@ - name: text type: text norms: false - default_field: false - name: dhcp_lease_obtained description: interface_details.dhcp_lease_obtained - Date and time the lease was obtained for the IP address assigned to the computer by the dynamic host configuration protocol (DHCP) server. type: keyword @@ -2923,7 +2612,6 @@ - name: text type: text norms: false - default_field: false - name: dhcp_server description: interface_details.dhcp_server - IP address of the dynamic host configuration protocol (DHCP) server. type: keyword @@ -2932,7 +2620,6 @@ - name: text type: text norms: false - default_field: false - name: direction description: windows_firewall_rules.direction - Direction of traffic for which the rule applies type: keyword @@ -2941,7 +2628,6 @@ - name: text type: text norms: false - default_field: false - name: directory description: |- extended_attributes.directory - Directory of file(s) @@ -2956,7 +2642,6 @@ - name: text type: text norms: false - default_field: false - name: disabled description: |- browser_plugins.disabled - Is the plugin disabled. 1 = Disabled @@ -2972,7 +2657,6 @@ multi_fields: - name: number type: long - default_field: false - name: disconnected description: connectivity.disconnected - True if the all interfaces are not connected to any network type: keyword @@ -2980,7 +2664,6 @@ multi_fields: - name: number type: long - default_field: false - name: discovery_cache_hits description: osquery_packs.discovery_cache_hits - The number of times that the discovery query used cached values since the last time the config was reloaded type: keyword @@ -2988,7 +2671,6 @@ multi_fields: - name: number type: long - default_field: false - name: discovery_executions description: osquery_packs.discovery_executions - The number of times that the discovery queries have been executed since the last time the config was reloaded type: keyword @@ -2996,7 +2678,6 @@ multi_fields: - name: number type: long - default_field: false - name: disk_bytes_read description: processes.disk_bytes_read - Bytes read from disk type: keyword @@ -3004,7 +2685,6 @@ multi_fields: - name: number type: long - default_field: false - name: disk_bytes_written description: processes.disk_bytes_written - Bytes written to disk type: keyword @@ -3012,7 +2692,6 @@ multi_fields: - name: number type: long - default_field: false - name: disk_id description: smart_drive_info.disk_id - Physical slot number of device, only exists when hardware storage controller exists type: keyword @@ -3020,7 +2699,6 @@ multi_fields: - name: number type: long - default_field: false - name: disk_index description: disk_info.disk_index - Physical drive number of the disk. type: keyword @@ -3028,7 +2706,6 @@ multi_fields: - name: number type: long - default_field: false - name: disk_read description: docker_container_stats.disk_read - Total disk read bytes type: keyword @@ -3036,7 +2713,6 @@ multi_fields: - name: number type: long - default_field: false - name: disk_size description: disk_info.disk_size - Size of the disk. type: keyword @@ -3044,7 +2720,6 @@ multi_fields: - name: number type: long - default_field: false - name: disk_write description: docker_container_stats.disk_write - Total disk write bytes type: keyword @@ -3052,7 +2727,6 @@ multi_fields: - name: number type: long - default_field: false - name: display_name description: |- apps.display_name - Info properties CFBundleDisplayName label @@ -3063,7 +2737,6 @@ - name: text type: text norms: false - default_field: false - name: dns_domain description: interface_details.dns_domain - Organization name followed by a period and an extension that indicates the type of organization, such as 'microsoft.com'. type: keyword @@ -3072,7 +2745,6 @@ - name: text type: text norms: false - default_field: false - name: dns_domain_name description: logon_sessions.dns_domain_name - The DNS name for the owner of the logon session. type: keyword @@ -3081,7 +2753,6 @@ - name: text type: text norms: false - default_field: false - name: dns_domain_suffix_search_order description: interface_details.dns_domain_suffix_search_order - Array of DNS domain suffixes to be appended to the end of host names during name resolution. type: keyword @@ -3090,7 +2761,6 @@ - name: text type: text norms: false - default_field: false - name: dns_forest_name description: ntdomains.dns_forest_name - The name of the root of the DNS tree. type: keyword @@ -3099,7 +2769,6 @@ - name: text type: text norms: false - default_field: false - name: dns_host_name description: interface_details.dns_host_name - Host name used to identify the local computer for authentication by some utilities. type: keyword @@ -3108,7 +2777,6 @@ - name: text type: text norms: false - default_field: false - name: dns_server_search_order description: interface_details.dns_server_search_order - Array of server IP addresses to be used in querying for DNS servers. type: keyword @@ -3117,7 +2785,6 @@ - name: text type: text norms: false - default_field: false - name: domain description: |- ad_config.domain - Active Directory trust domain @@ -3129,7 +2796,6 @@ - name: text type: text norms: false - default_field: false - name: domain_controller_address description: ntdomains.domain_controller_address - The IP Address of the discovered domain controller.. type: keyword @@ -3138,7 +2804,6 @@ - name: text type: text norms: false - default_field: false - name: domain_controller_name description: ntdomains.domain_controller_name - The name of the discovered domain controller. type: keyword @@ -3147,7 +2812,6 @@ - name: text type: text norms: false - default_field: false - name: domain_name description: ntdomains.domain_name - The name of the domain. type: keyword @@ -3156,7 +2820,6 @@ - name: text type: text norms: false - default_field: false - name: drive_letter description: |- bitlocker_info.drive_letter - Drive letter of the encrypted drive. @@ -3167,7 +2830,6 @@ - name: text type: text norms: false - default_field: false - name: drive_name description: md_drives.drive_name - Drive device name type: keyword @@ -3176,7 +2838,6 @@ - name: text type: text norms: false - default_field: false - name: driver description: |- docker_container_mounts.driver - Driver providing the mount @@ -3192,7 +2853,6 @@ - name: text type: text norms: false - default_field: false - name: driver_date description: video_info.driver_date - The date listed on the installed driver. type: keyword @@ -3200,7 +2860,6 @@ multi_fields: - name: number type: long - default_field: false - name: driver_key description: drivers.driver_key - Driver key type: keyword @@ -3209,7 +2868,6 @@ - name: text type: text norms: false - default_field: false - name: driver_type description: smart_drive_info.driver_type - The explicit device type used to retrieve the SMART information type: keyword @@ -3218,7 +2876,6 @@ - name: text type: text norms: false - default_field: false - name: driver_version description: video_info.driver_version - The version of the installed driver. type: keyword @@ -3227,7 +2884,6 @@ - name: text type: text norms: false - default_field: false - name: dst_ip description: iptables.dst_ip - Destination IP address. type: keyword @@ -3236,7 +2892,6 @@ - name: text type: text norms: false - default_field: false - name: dst_mask description: iptables.dst_mask - Destination IP address mask. type: keyword @@ -3245,7 +2900,6 @@ - name: text type: text norms: false - default_field: false - name: dst_port description: iptables.dst_port - Protocol destination port(s). type: keyword @@ -3254,7 +2908,6 @@ - name: text type: text norms: false - default_field: false - name: dtime description: shared_memory.dtime - Detached time type: keyword @@ -3262,7 +2915,6 @@ multi_fields: - name: number type: long - default_field: false - name: dump_certificate description: curl_certificate.dump_certificate - Set this value to '1' to dump certificate type: keyword @@ -3270,7 +2922,6 @@ multi_fields: - name: number type: long - default_field: false - name: duration description: |- bpf_process_events.duration - How much time was spent inside the syscall (nsecs) @@ -3280,7 +2931,6 @@ multi_fields: - name: number type: long - default_field: false - name: eapi description: portage_packages.eapi - The eapi for the ebuild type: keyword @@ -3288,7 +2938,6 @@ multi_fields: - name: number type: long - default_field: false - name: egid description: |- docker_container_processes.egid - Effective group ID @@ -3322,7 +2971,6 @@ - name: text type: text norms: false - default_field: false - name: ejectable description: disk_events.ejectable - 1 if ejectable, 0 if not type: keyword @@ -3330,7 +2978,6 @@ multi_fields: - name: number type: long - default_field: false - name: elapsed_time description: processes.elapsed_time - Elapsed time in seconds this process has been running. type: keyword @@ -3338,7 +2985,6 @@ multi_fields: - name: number type: long - default_field: false - name: element description: apps.element - Does the app identify as a background agent type: keyword @@ -3347,7 +2993,6 @@ - name: text type: text norms: false - default_field: false - name: elevated_token description: processes.elevated_token - Process uses elevated token yes=1, no=0 type: keyword @@ -3355,7 +3000,6 @@ multi_fields: - name: number type: long - default_field: false - name: enable_ipv6 description: docker_networks.enable_ipv6 - 1 if IPv6 is enabled on this network. 0 otherwise type: keyword @@ -3363,7 +3007,6 @@ multi_fields: - name: number type: long - default_field: false - name: enabled description: |- app_schemes.enabled - 1 if this handler is the OS default, else 0 @@ -3387,7 +3030,6 @@ multi_fields: - name: number type: long - default_field: false - name: encrypted description: |- disk_encryption.encrypted - 1 If encrypted: true (disk is encrypted), else 0 @@ -3397,7 +3039,6 @@ multi_fields: - name: number type: long - default_field: false - name: encryption description: time_machine_destinations.encryption - Last known encrypted state type: keyword @@ -3406,7 +3047,6 @@ - name: text type: text norms: false - default_field: false - name: encryption_method description: bitlocker_info.encryption_method - The encryption type of the device. type: keyword @@ -3415,7 +3055,6 @@ - name: text type: text norms: false - default_field: false - name: encryption_status description: "disk_encryption.encryption_status - Disk encryption status with one of following values: encrypted | not encrypted | undefined" type: keyword @@ -3424,7 +3063,6 @@ - name: text type: text norms: false - default_field: false - name: end description: |- memory_map.end - End address of memory region @@ -3435,7 +3073,6 @@ - name: text type: text norms: false - default_field: false - name: ending_address description: |- memory_array_mapped_addresses.ending_address - Physical ending address of last kilobyte of a range of memory mapped to physical memory array @@ -3446,7 +3083,6 @@ - name: text type: text norms: false - default_field: false - name: endpoint_id description: docker_container_networks.endpoint_id - Endpoint ID type: keyword @@ -3455,7 +3091,6 @@ - name: text type: text norms: false - default_field: false - name: entry description: |- authorization_mechanisms.entry - The whole string entry @@ -3467,7 +3102,6 @@ - name: text type: text norms: false - default_field: false - name: env description: |- es_process_events.env - Environment variables delimited by spaces @@ -3478,7 +3112,6 @@ - name: text type: text norms: false - default_field: false - name: env_count description: |- es_process_events.env_count - Number of environment variables @@ -3488,7 +3121,6 @@ multi_fields: - name: number type: long - default_field: false - name: env_size description: process_events.env_size - Actual size (bytes) of environment list type: keyword @@ -3496,7 +3128,6 @@ multi_fields: - name: number type: long - default_field: false - name: env_variables description: docker_containers.env_variables - Container environmental variables type: keyword @@ -3505,7 +3136,6 @@ - name: text type: text norms: false - default_field: false - name: environment description: apps.environment - Application-set environment variables type: keyword @@ -3514,7 +3144,6 @@ - name: text type: text norms: false - default_field: false - name: ephemeral description: lxd_instances.ephemeral - Whether the instance is ephemeral(1) or not(0) type: keyword @@ -3522,7 +3151,6 @@ multi_fields: - name: number type: long - default_field: false - name: epoch description: rpm_packages.epoch - Package epoch value type: keyword @@ -3530,7 +3158,6 @@ multi_fields: - name: number type: long - default_field: false - name: error description: apparmor_events.error - Error information type: keyword @@ -3539,7 +3166,6 @@ - name: text type: text norms: false - default_field: false - name: error_granularity description: memory_error_info.error_granularity - Granularity to which the error can be resolved type: keyword @@ -3548,7 +3174,6 @@ - name: text type: text norms: false - default_field: false - name: error_operation description: memory_error_info.error_operation - Memory access operation that caused the error type: keyword @@ -3557,7 +3182,6 @@ - name: text type: text norms: false - default_field: false - name: error_resolution description: memory_error_info.error_resolution - Range, in bytes, within which this error can be determined, when an error address is given type: keyword @@ -3566,7 +3190,6 @@ - name: text type: text norms: false - default_field: false - name: error_type description: memory_error_info.error_type - type of error associated with current error status for array or device type: keyword @@ -3575,7 +3198,6 @@ - name: text type: text norms: false - default_field: false - name: euid description: |- docker_container_processes.euid - Effective user ID @@ -3593,7 +3215,6 @@ - name: text type: text norms: false - default_field: false - name: event_queue description: carbon_black_info.event_queue - Size in bytes of Carbon Black event files on disk type: keyword @@ -3601,7 +3222,6 @@ multi_fields: - name: number type: long - default_field: false - name: event_tap_id description: event_taps.event_tap_id - Unique ID for the Tap type: keyword @@ -3609,7 +3229,6 @@ multi_fields: - name: number type: long - default_field: false - name: event_tapped description: event_taps.event_tapped - The mask that identifies the set of events to be observed. type: keyword @@ -3618,7 +3237,6 @@ - name: text type: text norms: false - default_field: false - name: event_type description: es_process_events.event_type - Type of EndpointSecurity event type: keyword @@ -3627,7 +3245,6 @@ - name: text type: text norms: false - default_field: false - name: eventid description: |- windows_eventlog.eventid - Event ID of the event @@ -3637,7 +3254,6 @@ multi_fields: - name: number type: long - default_field: false - name: events description: osquery_events.events - Number of events emitted or received since osquery started type: keyword @@ -3645,7 +3261,6 @@ multi_fields: - name: number type: long - default_field: false - name: exception_address description: windows_crashes.exception_address - Address (in hex) where the exception occurred type: keyword @@ -3654,7 +3269,6 @@ - name: text type: text norms: false - default_field: false - name: exception_code description: windows_crashes.exception_code - The Windows exception code type: keyword @@ -3663,7 +3277,6 @@ - name: text type: text norms: false - default_field: false - name: exception_codes description: crashes.exception_codes - Exception codes from the crash type: keyword @@ -3672,7 +3285,6 @@ - name: text type: text norms: false - default_field: false - name: exception_message description: windows_crashes.exception_message - The NTSTATUS error message associated with the exception code type: keyword @@ -3681,7 +3293,6 @@ - name: text type: text norms: false - default_field: false - name: exception_notes description: crashes.exception_notes - Exception notes from the crash type: keyword @@ -3690,7 +3301,6 @@ - name: text type: text norms: false - default_field: false - name: exception_type description: crashes.exception_type - Exception type of the crash type: keyword @@ -3699,7 +3309,6 @@ - name: text type: text norms: false - default_field: false - name: exe description: seccomp_events.exe - The path to the executable that was used to invoke the analyzed process type: keyword @@ -3708,7 +3317,6 @@ - name: text type: text norms: false - default_field: false - name: executable description: |- appcompat_shims.executable - Name of the executable that is being shimmed. This is pulled from the registry. @@ -3719,7 +3327,6 @@ - name: text type: text norms: false - default_field: false - name: executable_path description: wmi_cli_event_consumers.executable_path - Module to execute. The string can specify the full path and file name of the module to execute, or it can specify a partial name. If a partial name is specified, the current drive and current directory are assumed. type: keyword @@ -3728,7 +3335,6 @@ - name: text type: text norms: false - default_field: false - name: execution_flag description: shimcache.execution_flag - Boolean Execution flag, 1 for execution, 0 for no execution, -1 for missing (this flag does not exist on Windows 10 and higher). type: keyword @@ -3736,7 +3342,6 @@ multi_fields: - name: number type: long - default_field: false - name: executions description: osquery_schedule.executions - Number of times the query was executed type: keyword @@ -3744,7 +3349,6 @@ multi_fields: - name: number type: long - default_field: false - name: exit_code description: |- bpf_process_events.exit_code - Exit code of the system call @@ -3756,7 +3360,6 @@ - name: text type: text norms: false - default_field: false - name: expand description: default_environment.expand - 1 if the variable needs expanding, 0 otherwise type: keyword @@ -3764,7 +3367,6 @@ multi_fields: - name: number type: long - default_field: false - name: expire description: shadow.expire - Number of days since UNIX epoch date until account is disabled type: keyword @@ -3772,7 +3374,6 @@ multi_fields: - name: number type: long - default_field: false - name: expires_at description: lxd_images.expires_at - ISO time of image expiration type: keyword @@ -3781,7 +3382,6 @@ - name: text type: text norms: false - default_field: false - name: extended_key_usage description: curl_certificate.extended_key_usage - Extended usage of key in certificate type: keyword @@ -3790,7 +3390,6 @@ - name: text type: text norms: false - default_field: false - name: extensions description: osquery_info.extensions - osquery extensions status type: keyword @@ -3799,7 +3398,6 @@ - name: text type: text norms: false - default_field: false - name: external description: app_schemes.external - 1 if this handler does NOT exist on OS X by default, else 0 type: keyword @@ -3807,7 +3405,6 @@ multi_fields: - name: number type: long - default_field: false - name: extra description: |- asl.extra - Extra columns, in JSON format. Queries against this column are performed entirely in SQLite, so do not benefit from efficient querying via asl.h. @@ -3818,7 +3415,6 @@ - name: text type: text norms: false - default_field: false - name: facility description: |- asl.facility - Sender's facility. Default is 'user'. @@ -3829,7 +3425,6 @@ - name: text type: text norms: false - default_field: false - name: fahrenheit description: temperature_sensors.fahrenheit - Temperature in Fahrenheit type: keyword @@ -3837,7 +3432,6 @@ multi_fields: - name: number type: double - default_field: false - name: failed_disks description: md_devices.failed_disks - Number of failed disks in array type: keyword @@ -3845,7 +3439,6 @@ multi_fields: - name: number type: long - default_field: false - name: failed_login_count description: account_policy_data.failed_login_count - The number of failed login attempts using an incorrect password. Count resets after a correct password is entered. type: keyword @@ -3853,7 +3446,6 @@ multi_fields: - name: number type: long - default_field: false - name: failed_login_timestamp description: account_policy_data.failed_login_timestamp - The time of the last failed login attempt. Resets after a correct password is entered type: keyword @@ -3861,7 +3453,6 @@ multi_fields: - name: number type: double - default_field: false - name: family description: |- bpf_socket_events.family - The Internet protocol family ID @@ -3873,7 +3464,6 @@ multi_fields: - name: number type: long - default_field: false - name: fan description: fan_speed_sensors.fan - Fan number type: keyword @@ -3882,7 +3472,6 @@ - name: text type: text norms: false - default_field: false - name: faults description: virtual_memory_info.faults - Total number of calls to vm_faults. type: keyword @@ -3890,7 +3479,6 @@ multi_fields: - name: number type: long - default_field: false - name: fd description: |- bpf_socket_events.fd - The file description for the process socket @@ -3905,7 +3493,6 @@ - name: text type: text norms: false - default_field: false - name: feature description: cpuid.feature - Present feature flags type: keyword @@ -3914,7 +3501,6 @@ - name: text type: text norms: false - default_field: false - name: feature_control description: msr.feature_control - Bitfield controlling enabled features. type: keyword @@ -3922,7 +3508,6 @@ multi_fields: - name: number type: long - default_field: false - name: field_name description: system_controls.field_name - Specific attribute of opaque type type: keyword @@ -3931,7 +3516,6 @@ - name: text type: text norms: false - default_field: false - name: file_attributes description: ntfs_journal_events.file_attributes - File attributes type: keyword @@ -3940,7 +3524,6 @@ - name: text type: text norms: false - default_field: false - name: file_backed description: virtual_memory_info.file_backed - Total number of file backed pages. type: keyword @@ -3948,7 +3531,6 @@ multi_fields: - name: number type: long - default_field: false - name: file_id description: file.file_id - file ID type: keyword @@ -3957,7 +3539,6 @@ - name: text type: text norms: false - default_field: false - name: file_sharing description: sharing_preferences.file_sharing - 1 If file sharing is enabled else 0 type: keyword @@ -3965,7 +3546,6 @@ multi_fields: - name: number type: long - default_field: false - name: file_system description: logical_drives.file_system - The file system of the drive. type: keyword @@ -3974,7 +3554,6 @@ - name: text type: text norms: false - default_field: false - name: file_version description: file.file_version - File version type: keyword @@ -3983,7 +3562,6 @@ - name: text type: text norms: false - default_field: false - name: filename description: |- device_file.filename - Name portion of file path @@ -3997,7 +3575,6 @@ - name: text type: text norms: false - default_field: false - name: filepath description: package_bom.filepath - Package file or directory type: keyword @@ -4006,7 +3583,6 @@ - name: text type: text norms: false - default_field: false - name: filesystem description: disk_events.filesystem - Filesystem if available type: keyword @@ -4015,7 +3591,6 @@ - name: text type: text norms: false - default_field: false - name: filetype description: xprotect_entries.filetype - Use this file type to match type: keyword @@ -4024,7 +3599,6 @@ - name: text type: text norms: false - default_field: false - name: filevault_status description: "disk_encryption.filevault_status - FileVault status with one of following values: on | off | unknown" type: keyword @@ -4033,7 +3607,6 @@ - name: text type: text norms: false - default_field: false - name: filter description: wmi_filter_consumer_binding.filter - Reference to an instance of __EventFilter that represents the object path to an event filter which is a query that specifies the type of event to be received. type: keyword @@ -4042,7 +3615,6 @@ - name: text type: text norms: false - default_field: false - name: filter_name description: iptables.filter_name - Packet matching filter table name. type: keyword @@ -4051,7 +3623,6 @@ - name: text type: text norms: false - default_field: false - name: fingerprint description: lxd_certificates.fingerprint - SHA256 hash of the certificate type: keyword @@ -4060,7 +3631,6 @@ - name: text type: text norms: false - default_field: false - name: finished_at description: docker_containers.finished_at - Container finish time as string type: keyword @@ -4069,7 +3639,6 @@ - name: text type: text norms: false - default_field: false - name: firewall description: windows_security_center.firewall - The health of the monitored Firewall (see windows_security_products) type: keyword @@ -4078,7 +3647,6 @@ - name: text type: text norms: false - default_field: false - name: firewall_unload description: alf.firewall_unload - 1 If firewall unloading enabled else 0 type: keyword @@ -4086,7 +3654,6 @@ multi_fields: - name: number type: long - default_field: false - name: firmware_version description: |- ibridge_info.firmware_version - The build version of the firmware @@ -4097,7 +3664,6 @@ - name: text type: text norms: false - default_field: false - name: fix_comments description: patches.fix_comments - Additional comments about the patch. type: keyword @@ -4106,7 +3672,6 @@ - name: text type: text norms: false - default_field: false - name: flag description: shadow.flag - Reserved type: keyword @@ -4114,7 +3679,6 @@ multi_fields: - name: number type: long - default_field: false - name: flags description: "device_partitions.flags - \ndns_cache.flags - DNS record flags\nelf_info.flags - ELF header flags\nelf_sections.flags - Section attributes\nelf_segments.flags - Segment attributes\ninterface_details.flags - Flags (netdevice) for the device\nmounts.flags - Mounted device flags\npipes.flags - The flags indicating whether this pipe connection is a server or client end, and if the pipe for sending messages or bytes\nroutes.flags - Flags to describe route" type: keyword @@ -4126,7 +3690,6 @@ multi_fields: - name: number type: long - default_field: false - name: folder_id description: ycloud_instance_metadata.folder_id - Folder identifier for the VM type: keyword @@ -4135,7 +3698,6 @@ - name: text type: text norms: false - default_field: false - name: following description: systemd_units.following - The name of another unit that this unit follows in state type: keyword @@ -4144,7 +3706,6 @@ - name: text type: text norms: false - default_field: false - name: forced description: preferences.forced - 1 if the value is forced/managed, else 0 type: keyword @@ -4152,7 +3713,6 @@ multi_fields: - name: number type: long - default_field: false - name: form_factor description: |- memory_devices.form_factor - Implementation form factor for this memory device @@ -4163,7 +3723,6 @@ - name: text type: text norms: false - default_field: false - name: format description: cups_jobs.format - The format of the print job type: keyword @@ -4172,7 +3731,6 @@ - name: text type: text norms: false - default_field: false - name: forwarding_enabled description: interface_ipv6.forwarding_enabled - Enable IP forwarding type: keyword @@ -4180,7 +3738,6 @@ multi_fields: - name: number type: long - default_field: false - name: fragment_path description: systemd_units.fragment_path - The unit file path this unit was read from, if there is any type: keyword @@ -4189,7 +3746,6 @@ - name: text type: text norms: false - default_field: false - name: frame_backtrace description: kernel_panics.frame_backtrace - Backtrace of the crashed module type: keyword @@ -4198,7 +3754,6 @@ - name: text type: text norms: false - default_field: false - name: free description: virtual_memory_info.free - Total number of free pages. type: keyword @@ -4206,7 +3761,6 @@ multi_fields: - name: number type: long - default_field: false - name: free_space description: logical_drives.free_space - The amount of free space, in bytes, of the drive (-1 on failure). type: keyword @@ -4214,7 +3768,6 @@ multi_fields: - name: number type: long - default_field: false - name: friendly_name description: |- interface_addresses.friendly_name - The friendly display name of the interface. @@ -4225,7 +3778,6 @@ - name: text type: text norms: false - default_field: false - name: from_webstore description: chrome_extensions.from_webstore - True if this extension was installed from the web store type: keyword @@ -4234,7 +3786,6 @@ - name: text type: text norms: false - default_field: false - name: fs_id description: quicklook_cache.fs_id - Quicklook file fs_id key type: keyword @@ -4243,7 +3794,6 @@ - name: text type: text norms: false - default_field: false - name: fsgid description: |- process_events.fsgid - Filesystem group ID at process start @@ -4268,7 +3818,6 @@ - name: text type: text norms: false - default_field: false - name: gid description: |- asl.gid - GID that sent the log message (set by the server). @@ -4298,7 +3847,6 @@ multi_fields: - name: number type: long - default_field: false - name: git_commit description: docker_version.git_commit - Docker build git commit type: keyword @@ -4307,7 +3855,6 @@ - name: text type: text norms: false - default_field: false - name: global_seq_num description: es_process_events.global_seq_num - Global sequence number type: keyword @@ -4315,7 +3862,6 @@ multi_fields: - name: number type: long - default_field: false - name: global_state description: alf.global_state - 1 If the firewall is enabled with exceptions, 2 if the firewall is configured to block all incoming connections, else 0 type: keyword @@ -4323,7 +3869,6 @@ multi_fields: - name: number type: long - default_field: false - name: go_version description: docker_version.go_version - Go version type: keyword @@ -4332,7 +3877,6 @@ - name: text type: text norms: false - default_field: false - name: gpgcheck description: yum_sources.gpgcheck - Whether packages are GPG checked type: keyword @@ -4341,7 +3885,6 @@ - name: text type: text norms: false - default_field: false - name: gpgkey description: yum_sources.gpgkey - URL to GPG key type: keyword @@ -4350,7 +3893,6 @@ - name: text type: text norms: false - default_field: false - name: grace_period description: screenlock.grace_period - The amount of time in seconds the screen must be asleep or the screensaver on before a password is required on-wake. 0 = immediately; -1 = no password is required on-wake type: keyword @@ -4358,7 +3900,6 @@ multi_fields: - name: number type: long - default_field: false - name: group_sid description: groups.group_sid - Unique group ID type: keyword @@ -4367,7 +3908,6 @@ - name: text type: text norms: false - default_field: false - name: grouping description: windows_firewall_rules.grouping - Group to which an individual rule belongs type: keyword @@ -4376,7 +3916,6 @@ - name: text type: text norms: false - default_field: false - name: groupname description: |- groups.groupname - Canonical local group name @@ -4389,7 +3928,6 @@ - name: text type: text norms: false - default_field: false - name: guest description: cpu_time.guest - Time spent running a virtual CPU for a guest OS under the control of the Linux kernel type: keyword @@ -4397,7 +3935,6 @@ multi_fields: - name: number type: long - default_field: false - name: guest_nice description: "cpu_time.guest_nice - Time spent running a niced guest " type: keyword @@ -4405,7 +3942,6 @@ multi_fields: - name: number type: long - default_field: false - name: handle description: |- memory_array_mapped_addresses.handle - Handle, or instance number, associated with the structure @@ -4421,7 +3957,6 @@ - name: text type: text norms: false - default_field: false - name: handle_count description: processes.handle_count - Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process. type: keyword @@ -4429,7 +3964,6 @@ multi_fields: - name: number type: long - default_field: false - name: handler description: app_schemes.handler - Application label for the handler type: keyword @@ -4438,7 +3972,6 @@ - name: text type: text norms: false - default_field: false - name: hard_limit description: ulimit_info.hard_limit - Maximum limit value type: keyword @@ -4447,7 +3980,6 @@ - name: text type: text norms: false - default_field: false - name: hard_links description: |- device_file.hard_links - Number of hard links @@ -4457,7 +3989,6 @@ multi_fields: - name: number type: long - default_field: false - name: hardware_model description: |- disk_info.hardware_model - Hard drive model. @@ -4468,7 +3999,6 @@ - name: text type: text norms: false - default_field: false - name: hardware_serial description: system_info.hardware_serial - Device serial number type: keyword @@ -4477,7 +4007,6 @@ - name: text type: text norms: false - default_field: false - name: hardware_vendor description: system_info.hardware_vendor - Hardware vendor type: keyword @@ -4486,7 +4015,6 @@ - name: text type: text norms: false - default_field: false - name: hardware_version description: system_info.hardware_version - Hardware version type: keyword @@ -4495,7 +4023,6 @@ - name: text type: text norms: false - default_field: false - name: has_expired description: curl_certificate.has_expired - 1 if the certificate has expired, 0 otherwise type: keyword @@ -4503,7 +4030,6 @@ multi_fields: - name: number type: long - default_field: false - name: hash description: prefetch.hash - Prefetch CRC hash. type: keyword @@ -4512,7 +4038,6 @@ - name: text type: text norms: false - default_field: false - name: hash_alg description: shadow.hash_alg - Password hashing algorithm type: keyword @@ -4521,7 +4046,6 @@ - name: text type: text norms: false - default_field: false - name: hash_resources description: signature.hash_resources - Set to 1 to also hash resources, or 0 otherwise. Default is 1 type: keyword @@ -4529,7 +4053,6 @@ multi_fields: - name: number type: long - default_field: false - name: hashed description: file_events.hashed - 1 if the file was hashed, 0 if not, -1 if hashing failed type: keyword @@ -4537,7 +4060,6 @@ multi_fields: - name: number type: long - default_field: false - name: header description: sudoers.header - Symbol for given rule type: keyword @@ -4546,7 +4068,6 @@ - name: text type: text norms: false - default_field: false - name: header_size description: smbios_tables.header_size - Header size in bytes type: keyword @@ -4554,7 +4075,6 @@ multi_fields: - name: number type: long - default_field: false - name: health description: 'battery.health - One of the following: "Good" describes a well-performing battery, "Fair" describes a functional battery with limited capacity, or "Poor" describes a battery that''s not capable of providing power' type: keyword @@ -4563,7 +4083,6 @@ - name: text type: text norms: false - default_field: false - name: hidden description: |- scheduled_tasks.hidden - Whether or not the task is visible in the UI @@ -4573,7 +4092,6 @@ multi_fields: - name: number type: long - default_field: false - name: history_file description: shell_history.history_file - Path to the .*_history for this user type: keyword @@ -4582,7 +4100,6 @@ - name: text type: text norms: false - default_field: false - name: hit_count description: quicklook_cache.hit_count - Number of cache hits on thumbnail type: keyword @@ -4591,7 +4108,6 @@ - name: text type: text norms: false - default_field: false - name: home_directory description: logon_sessions.home_directory - The home directory for the logon session. type: keyword @@ -4600,7 +4116,6 @@ - name: text type: text norms: false - default_field: false - name: home_directory_drive description: logon_sessions.home_directory_drive - The drive location of the home directory of the logon session. type: keyword @@ -4609,7 +4124,6 @@ - name: text type: text norms: false - default_field: false - name: homepage description: atom_packages.homepage - Package supplied homepage type: keyword @@ -4618,7 +4132,6 @@ - name: text type: text norms: false - default_field: false - name: hop_limit description: interface_ipv6.hop_limit - Current Hop Limit type: keyword @@ -4626,7 +4139,6 @@ multi_fields: - name: number type: long - default_field: false - name: hopcount description: routes.hopcount - Max hops expected type: keyword @@ -4634,7 +4146,6 @@ multi_fields: - name: number type: long - default_field: false - name: host description: |- asl.host - Sender's address (set by the server). @@ -4648,7 +4159,6 @@ - name: text type: text norms: false - default_field: false - name: host_ip description: docker_container_ports.host_ip - Host IP address on which public port is listening type: keyword @@ -4657,7 +4167,6 @@ - name: text type: text norms: false - default_field: false - name: host_port description: docker_container_ports.host_port - Host port type: keyword @@ -4665,7 +4174,6 @@ multi_fields: - name: number type: long - default_field: false - name: hostname description: |- curl_certificate.hostname - Hostname (domain[:port]) to CURL @@ -4678,7 +4186,6 @@ - name: text type: text norms: false - default_field: false - name: hostnames description: etc_hosts.hostnames - Raw hosts mapping type: keyword @@ -4687,7 +4194,6 @@ - name: text type: text norms: false - default_field: false - name: hotfix_id description: patches.hotfix_id - The KB ID of the patch. type: keyword @@ -4696,7 +4202,6 @@ - name: text type: text norms: false - default_field: false - name: hour description: |- crontab.hour - The hour of the day for the job @@ -4707,7 +4212,6 @@ - name: text type: text norms: false - default_field: false - name: hours description: uptime.hours - Hours of uptime type: keyword @@ -4715,7 +4219,6 @@ multi_fields: - name: number type: long - default_field: false - name: http_proxy description: docker_info.http_proxy - HTTP proxy type: keyword @@ -4724,7 +4227,6 @@ - name: text type: text norms: false - default_field: false - name: https_proxy description: docker_info.https_proxy - HTTPS proxy type: keyword @@ -4733,7 +4235,6 @@ - name: text type: text norms: false - default_field: false - name: hwaddr description: lxd_networks.hwaddr - Hardware address for this network type: keyword @@ -4742,7 +4243,6 @@ - name: text type: text norms: false - default_field: false - name: iam_arn description: ec2_instance_metadata.iam_arn - If there is an IAM role associated with the instance, contains instance profile ARN type: keyword @@ -4751,7 +4251,6 @@ - name: text type: text norms: false - default_field: false - name: ibrs_support_enabled description: kva_speculative_info.ibrs_support_enabled - Windows uses IBRS. type: keyword @@ -4759,7 +4258,6 @@ multi_fields: - name: number type: long - default_field: false - name: ibytes description: interface_details.ibytes - Input bytes type: keyword @@ -4767,7 +4265,6 @@ multi_fields: - name: number type: long - default_field: false - name: icmp_types_codes description: windows_firewall_rules.icmp_types_codes - ICMP types and codes for the rule type: keyword @@ -4776,7 +4273,6 @@ - name: text type: text norms: false - default_field: false - name: icon_mode description: quicklook_cache.icon_mode - Thumbnail icon mode type: keyword @@ -4784,7 +4280,6 @@ multi_fields: - name: number type: long - default_field: false - name: icon_path description: shortcut_files.icon_path - Lnk file icon location. type: keyword @@ -4793,7 +4288,6 @@ - name: text type: text norms: false - default_field: false - name: id description: |- disk_info.id - The unique identifier of the drive on the system. @@ -4825,7 +4319,6 @@ - name: text type: text norms: false - default_field: false - name: identifier description: |- browser_plugins.identifier - Plugin identifier @@ -4843,7 +4336,6 @@ - name: text type: text norms: false - default_field: false - name: identifying_number description: programs.identifying_number - Product identification such as a serial number on software, or a die number on a hardware chip. type: keyword @@ -4852,7 +4344,6 @@ - name: text type: text norms: false - default_field: false - name: identity description: xprotect_entries.identity - XProtect identity (SHA1) of content type: keyword @@ -4861,7 +4352,6 @@ - name: text type: text norms: false - default_field: false - name: idle description: cpu_time.idle - Time spent in the idle task type: keyword @@ -4869,7 +4359,6 @@ multi_fields: - name: number type: long - default_field: false - name: idrops description: interface_details.idrops - Input drops type: keyword @@ -4877,7 +4366,6 @@ multi_fields: - name: number type: long - default_field: false - name: idx description: kernel_extensions.idx - Extension load tag or index type: keyword @@ -4885,7 +4373,6 @@ multi_fields: - name: number type: long - default_field: false - name: ierrors description: interface_details.ierrors - Input errors type: keyword @@ -4893,7 +4380,6 @@ multi_fields: - name: number type: long - default_field: false - name: image description: |- docker_containers.image - Docker image (name) used to launch this container @@ -4904,7 +4390,6 @@ - name: text type: text norms: false - default_field: false - name: image_id description: docker_containers.image_id - Docker image ID type: keyword @@ -4913,7 +4398,6 @@ - name: text type: text norms: false - default_field: false - name: images description: docker_info.images - Number of images type: keyword @@ -4921,7 +4405,6 @@ multi_fields: - name: number type: long - default_field: false - name: in_smartctl_db description: smart_drive_info.in_smartctl_db - Boolean value for if drive is recognized type: keyword @@ -4929,7 +4412,6 @@ multi_fields: - name: number type: long - default_field: false - name: inactive description: |- memory_info.inactive - The total amount of buffer or page cache memory, in bytes, that are free and available @@ -4940,7 +4422,6 @@ multi_fields: - name: number type: long - default_field: false - name: inetd_compatibility description: launchd.inetd_compatibility - Run this daemon or agent as it was launched from inetd type: keyword @@ -4949,7 +4430,6 @@ - name: text type: text norms: false - default_field: false - name: inf description: drivers.inf - Associated inf file type: keyword @@ -4958,7 +4438,6 @@ - name: text type: text norms: false - default_field: false - name: info description: apparmor_events.info - Additional information type: keyword @@ -4967,7 +4446,6 @@ - name: text type: text norms: false - default_field: false - name: info_access description: curl_certificate.info_access - Authority Information Access type: keyword @@ -4976,7 +4454,6 @@ - name: text type: text norms: false - default_field: false - name: info_string description: apps.info_string - Info properties CFBundleGetInfoString label type: keyword @@ -4985,7 +4462,6 @@ - name: text type: text norms: false - default_field: false - name: inherited_from description: ntfs_acl_permissions.inherited_from - The inheritance policy of the ACE. type: keyword @@ -4994,7 +4470,6 @@ - name: text type: text norms: false - default_field: false - name: iniface description: iptables.iniface - Input interface for the rule. type: keyword @@ -5003,7 +4478,6 @@ - name: text type: text norms: false - default_field: false - name: iniface_mask description: iptables.iniface_mask - Input interface mask for the rule. type: keyword @@ -5012,7 +4486,6 @@ - name: text type: text norms: false - default_field: false - name: inode description: |- device_file.inode - Filesystem inode number @@ -5027,7 +4500,6 @@ multi_fields: - name: number type: long - default_field: false - name: inodes description: |- device_partitions.inodes - Number of meta nodes @@ -5037,7 +4509,6 @@ multi_fields: - name: number type: long - default_field: false - name: inodes_free description: mounts.inodes_free - Mounted device free inodes type: keyword @@ -5045,7 +4516,6 @@ multi_fields: - name: number type: long - default_field: false - name: inodes_total description: lxd_storage_pools.inodes_total - Total number of inodes available in this storage pool type: keyword @@ -5053,7 +4523,6 @@ multi_fields: - name: number type: long - default_field: false - name: inodes_used description: lxd_storage_pools.inodes_used - Number of inodes used type: keyword @@ -5061,7 +4530,6 @@ multi_fields: - name: number type: long - default_field: false - name: input_eax description: cpuid.input_eax - Value of EAX used type: keyword @@ -5070,7 +4538,6 @@ - name: text type: text norms: false - default_field: false - name: install_date description: "os_version.install_date - The install date of the OS.\npatches.install_date - Indicates when the patch was installed. Lack of a value does not indicate that the patch was not installed.\nprograms.install_date - Date that this product was installed on the system. \nshared_resources.install_date - Indicates when the object was installed. Lack of a value does not indicate that the object is not installed." type: keyword @@ -5083,7 +4550,6 @@ - name: text type: text norms: false - default_field: false - name: install_source description: programs.install_source - The installation source of the product. type: keyword @@ -5092,7 +4558,6 @@ - name: text type: text norms: false - default_field: false - name: install_time description: |- appcompat_shims.install_time - Install time of the SDB @@ -5108,7 +4573,6 @@ multi_fields: - name: number type: long - default_field: false - name: installed_by description: patches.installed_by - The system context in which the patch as installed. type: keyword @@ -5117,7 +4581,6 @@ - name: text type: text norms: false - default_field: false - name: installed_on description: patches.installed_on - The date when the patch was installed. type: keyword @@ -5126,7 +4589,6 @@ - name: text type: text norms: false - default_field: false - name: installer_name description: package_receipts.installer_name - Name of installer process type: keyword @@ -5135,7 +4597,6 @@ - name: text type: text norms: false - default_field: false - name: instance_id description: |- ec2_instance_metadata.instance_id - EC2 instance ID @@ -5148,7 +4609,6 @@ - name: text type: text norms: false - default_field: false - name: instance_identifier description: hvci_status.instance_identifier - The instance ID of Device Guard. type: keyword @@ -5157,7 +4617,6 @@ - name: text type: text norms: false - default_field: false - name: instance_type description: ec2_instance_metadata.instance_type - EC2 instance type type: keyword @@ -5166,7 +4625,6 @@ - name: text type: text norms: false - default_field: false - name: instances description: pipes.instances - Number of instances of the named pipe type: keyword @@ -5174,7 +4632,6 @@ multi_fields: - name: number type: long - default_field: false - name: interface description: |- arp_cache.interface - Interface of the network for the MAC @@ -5191,7 +4648,6 @@ - name: text type: text norms: false - default_field: false - name: interleave_data_depth description: memory_device_mapped_addresses.interleave_data_depth - The max number of consecutive rows from memory device that are accessed in a single interleave transfer; 0 indicates device is non-interleave type: keyword @@ -5199,7 +4655,6 @@ multi_fields: - name: number type: long - default_field: false - name: interleave_position description: memory_device_mapped_addresses.interleave_position - The position of the device in a interleave, i.e. 0 indicates non-interleave, 1 indicates 1st interleave, 2 indicates 2nd interleave, etc. type: keyword @@ -5207,7 +4662,6 @@ multi_fields: - name: number type: long - default_field: false - name: internal description: osquery_registry.internal - 1 If the plugin is internal else 0 type: keyword @@ -5215,7 +4669,6 @@ multi_fields: - name: number type: long - default_field: false - name: internet_settings description: windows_security_center.internet_settings - The health of the Internet Settings type: keyword @@ -5224,7 +4677,6 @@ - name: text type: text norms: false - default_field: false - name: internet_sharing description: sharing_preferences.internet_sharing - 1 If internet sharing is enabled else 0 type: keyword @@ -5232,7 +4684,6 @@ multi_fields: - name: number type: long - default_field: false - name: interval description: |- docker_container_stats.interval - Difference between read and preread in nano-seconds @@ -5242,7 +4693,6 @@ multi_fields: - name: number type: long - default_field: false - name: iowait description: cpu_time.iowait - Time spent waiting for I/O to complete type: keyword @@ -5250,7 +4700,6 @@ multi_fields: - name: number type: long - default_field: false - name: ip description: seccomp_events.ip - Instruction pointer value type: keyword @@ -5259,7 +4708,6 @@ - name: text type: text norms: false - default_field: false - name: ip_address description: docker_container_networks.ip_address - IP address type: keyword @@ -5268,7 +4716,6 @@ - name: text type: text norms: false - default_field: false - name: ip_prefix_len description: docker_container_networks.ip_prefix_len - IP subnet prefix length type: keyword @@ -5276,7 +4723,6 @@ multi_fields: - name: number type: long - default_field: false - name: ipackets description: interface_details.ipackets - Input packets type: keyword @@ -5284,7 +4730,6 @@ multi_fields: - name: number type: long - default_field: false - name: ipc_namespace description: |- docker_containers.ipc_namespace - IPC namespace @@ -5295,7 +4740,6 @@ - name: text type: text norms: false - default_field: false - name: ipv4_address description: lxd_networks.ipv4_address - IPv4 address type: keyword @@ -5304,7 +4748,6 @@ - name: text type: text norms: false - default_field: false - name: ipv4_forwarding description: docker_info.ipv4_forwarding - 1 if IPv4 forwarding is enabled. 0 otherwise type: keyword @@ -5312,7 +4755,6 @@ multi_fields: - name: number type: long - default_field: false - name: ipv4_internet description: connectivity.ipv4_internet - True if any interface is connected to the Internet via IPv4 type: keyword @@ -5320,7 +4762,6 @@ multi_fields: - name: number type: long - default_field: false - name: ipv4_local_network description: connectivity.ipv4_local_network - True if any interface is connected to a routed network via IPv4 type: keyword @@ -5328,7 +4769,6 @@ multi_fields: - name: number type: long - default_field: false - name: ipv4_no_traffic description: connectivity.ipv4_no_traffic - True if any interface is connected via IPv4, but has seen no traffic type: keyword @@ -5336,7 +4776,6 @@ multi_fields: - name: number type: long - default_field: false - name: ipv4_subnet description: connectivity.ipv4_subnet - True if any interface is connected to the local subnet via IPv4 type: keyword @@ -5344,7 +4783,6 @@ multi_fields: - name: number type: long - default_field: false - name: ipv6_address description: |- docker_container_networks.ipv6_address - IPv6 address @@ -5355,7 +4793,6 @@ - name: text type: text norms: false - default_field: false - name: ipv6_gateway description: docker_container_networks.ipv6_gateway - IPv6 gateway type: keyword @@ -5364,7 +4801,6 @@ - name: text type: text norms: false - default_field: false - name: ipv6_internet description: connectivity.ipv6_internet - True if any interface is connected to the Internet via IPv6 type: keyword @@ -5372,7 +4808,6 @@ multi_fields: - name: number type: long - default_field: false - name: ipv6_local_network description: connectivity.ipv6_local_network - True if any interface is connected to a routed network via IPv6 type: keyword @@ -5380,7 +4815,6 @@ multi_fields: - name: number type: long - default_field: false - name: ipv6_no_traffic description: connectivity.ipv6_no_traffic - True if any interface is connected via IPv6, but has seen no traffic type: keyword @@ -5388,7 +4822,6 @@ multi_fields: - name: number type: long - default_field: false - name: ipv6_prefix_len description: docker_container_networks.ipv6_prefix_len - IPv6 subnet prefix length type: keyword @@ -5396,7 +4829,6 @@ multi_fields: - name: number type: long - default_field: false - name: ipv6_subnet description: connectivity.ipv6_subnet - True if any interface is connected to the local subnet via IPv6 type: keyword @@ -5404,7 +4836,6 @@ multi_fields: - name: number type: long - default_field: false - name: irq description: cpu_time.irq - Time spent servicing interrupts type: keyword @@ -5412,7 +4843,6 @@ multi_fields: - name: number type: long - default_field: false - name: is_active description: running_apps.is_active - 1 if the application is in focus, 0 otherwise type: keyword @@ -5420,7 +4850,6 @@ multi_fields: - name: number type: long - default_field: false - name: is_hidden description: |- groups.is_hidden - IsHidden attribute set in OpenDirectory @@ -5430,7 +4859,6 @@ multi_fields: - name: number type: long - default_field: false - name: iso_8601 description: time.iso_8601 - Current time (ISO format) in UTC type: keyword @@ -5439,7 +4867,6 @@ - name: text type: text norms: false - default_field: false - name: issuer description: certificates.issuer - Certificate issuer distinguished name type: keyword @@ -5448,7 +4875,6 @@ - name: text type: text norms: false - default_field: false - name: issuer_alternative_names description: curl_certificate.issuer_alternative_names - Issuer Alternative Name type: keyword @@ -5457,7 +4883,6 @@ - name: text type: text norms: false - default_field: false - name: issuer_common_name description: curl_certificate.issuer_common_name - Issuer common name type: keyword @@ -5466,7 +4891,6 @@ - name: text type: text norms: false - default_field: false - name: issuer_name description: authenticode.issuer_name - The certificate issuer name type: keyword @@ -5475,7 +4899,6 @@ - name: text type: text norms: false - default_field: false - name: issuer_organization description: curl_certificate.issuer_organization - Issuer organization type: keyword @@ -5484,7 +4907,6 @@ - name: text type: text norms: false - default_field: false - name: issuer_organization_unit description: curl_certificate.issuer_organization_unit - Issuer organization unit type: keyword @@ -5493,7 +4915,6 @@ - name: text type: text norms: false - default_field: false - name: job_id description: systemd_units.job_id - Next queued job id type: keyword @@ -5501,7 +4922,6 @@ multi_fields: - name: number type: long - default_field: false - name: job_path description: systemd_units.job_path - The object path for the job type: keyword @@ -5510,7 +4930,6 @@ - name: text type: text norms: false - default_field: false - name: job_type description: systemd_units.job_type - Job type type: keyword @@ -5519,7 +4938,6 @@ - name: text type: text norms: false - default_field: false - name: json_cmdline description: bpf_process_events.json_cmdline - Command line arguments, in JSON format type: keyword @@ -5528,7 +4946,6 @@ - name: text type: text norms: false - default_field: false - name: keep_alive description: launchd.keep_alive - Should the process be restarted if killed type: keyword @@ -5537,7 +4954,6 @@ - name: text type: text norms: false - default_field: false - name: kernel_memory description: docker_info.kernel_memory - 1 if kernel memory limit support is enabled. 0 otherwise type: keyword @@ -5545,7 +4961,6 @@ multi_fields: - name: number type: long - default_field: false - name: kernel_version description: |- docker_info.kernel_version - Kernel version @@ -5557,7 +4972,6 @@ - name: text type: text norms: false - default_field: false - name: key description: |- authorized_keys.key - parsed authorized keys line @@ -5589,7 +5003,6 @@ - name: text type: text norms: false - default_field: false - name: key_algorithm description: certificates.key_algorithm - Key algorithm used type: keyword @@ -5598,7 +5011,6 @@ - name: text type: text norms: false - default_field: false - name: key_file description: |- authorized_keys.key_file - Path to the authorized_keys file @@ -5609,7 +5021,6 @@ - name: text type: text norms: false - default_field: false - name: key_strength description: certificates.key_strength - Key size used for RSA/DSA, or curve name type: keyword @@ -5618,7 +5029,6 @@ - name: text type: text norms: false - default_field: false - name: key_type description: user_ssh_keys.key_type - The type of the private key. One of [rsa, dsa, dh, ec, hmac, cmac], or the empty string. type: keyword @@ -5627,7 +5037,6 @@ - name: text type: text norms: false - default_field: false - name: key_usage description: |- certificates.key_usage - Certificate key usage and extended key usage @@ -5638,7 +5047,6 @@ - name: text type: text norms: false - default_field: false - name: keychain_path description: keychain_acls.keychain_path - The path of the keychain type: keyword @@ -5647,7 +5055,6 @@ - name: text type: text norms: false - default_field: false - name: keyword description: portage_keywords.keyword - The keyword applied to the package type: keyword @@ -5656,7 +5063,6 @@ - name: text type: text norms: false - default_field: false - name: keywords description: |- windows_eventlog.keywords - A bitmask of the keywords defined in the event @@ -5667,7 +5073,6 @@ - name: text type: text norms: false - default_field: false - name: kva_shadow_enabled description: kva_speculative_info.kva_shadow_enabled - Kernel Virtual Address shadowing is enabled. type: keyword @@ -5675,7 +5080,6 @@ multi_fields: - name: number type: long - default_field: false - name: kva_shadow_inv_pcid description: kva_speculative_info.kva_shadow_inv_pcid - Kernel VA INVPCID is enabled. type: keyword @@ -5683,7 +5087,6 @@ multi_fields: - name: number type: long - default_field: false - name: kva_shadow_pcid description: kva_speculative_info.kva_shadow_pcid - Kernel VA PCID flushing optimization is enabled. type: keyword @@ -5691,7 +5094,6 @@ multi_fields: - name: number type: long - default_field: false - name: kva_shadow_user_global description: kva_speculative_info.kva_shadow_user_global - User pages are marked as global. type: keyword @@ -5699,7 +5101,6 @@ multi_fields: - name: number type: long - default_field: false - name: label description: "apparmor_events.label - AppArmor label\naugeas.label - The label of the configuration item\nauthorization_mechanisms.label - Label of the authorization right\nauthorizations.label - Item name, usually in reverse domain format\nblock_devices.label - Block device label string\ndevice_partitions.label - \nkeychain_acls.label - An optional label tag that may be included with the keychain entry\nkeychain_items.label - Generic item name\nlaunchd.label - Daemon or agent service name\nlaunchd_overrides.label - Daemon or agent service name\nquicklook_cache.label - Parsed version 'gen' field\nsandboxes.label - UTI-format bundle or label ID" type: keyword @@ -5708,7 +5109,6 @@ - name: text type: text norms: false - default_field: false - name: language description: programs.language - The language of the product. type: keyword @@ -5717,7 +5117,6 @@ - name: text type: text norms: false - default_field: false - name: last_change description: |- interface_details.last_change - Time of last device modification (optional) @@ -5727,7 +5126,6 @@ multi_fields: - name: number type: long - default_field: false - name: last_connected description: wifi_networks.last_connected - Last time this netword was connected to as a unix_time type: keyword @@ -5735,7 +5133,6 @@ multi_fields: - name: number type: long - default_field: false - name: last_executed description: osquery_schedule.last_executed - UNIX time stamp in seconds of the last completed execution type: keyword @@ -5743,7 +5140,6 @@ multi_fields: - name: number type: long - default_field: false - name: last_execution_time description: |- background_activities_moderator.last_execution_time - Most recent time application was executed. @@ -5753,7 +5149,6 @@ multi_fields: - name: number type: long - default_field: false - name: last_hit_date description: quicklook_cache.last_hit_date - Apple date format for last thumbnail cache hit type: keyword @@ -5761,7 +5156,6 @@ multi_fields: - name: number type: long - default_field: false - name: last_loaded description: kernel_panics.last_loaded - Last loaded module before panic type: keyword @@ -5770,7 +5164,6 @@ - name: text type: text norms: false - default_field: false - name: last_memory description: osquery_schedule.last_memory - Resident memory in bytes left allocated after collecting results of the latest execution type: keyword @@ -5778,7 +5171,6 @@ multi_fields: - name: number type: long - default_field: false - name: last_opened_time description: |- apps.last_opened_time - The time that the app was last used @@ -5793,7 +5185,6 @@ - name: text type: text norms: false - default_field: false - name: last_run_message description: scheduled_tasks.last_run_message - Exit status message of the last task run type: keyword @@ -5802,7 +5193,6 @@ - name: text type: text norms: false - default_field: false - name: last_run_time description: |- prefetch.last_run_time - Most recent time application was run. @@ -5812,7 +5202,6 @@ multi_fields: - name: number type: long - default_field: false - name: last_system_time description: osquery_schedule.last_system_time - System time in milliseconds of the latest execution type: keyword @@ -5820,7 +5209,6 @@ multi_fields: - name: number type: long - default_field: false - name: last_unloaded description: kernel_panics.last_unloaded - Last unloaded module before panic type: keyword @@ -5829,7 +5217,6 @@ - name: text type: text norms: false - default_field: false - name: last_used_at description: lxd_images.last_used_at - ISO time for the most recent use of this image in terms of container spawn type: keyword @@ -5838,7 +5225,6 @@ - name: text type: text norms: false - default_field: false - name: last_user_time description: osquery_schedule.last_user_time - User time in milliseconds of the latest execution type: keyword @@ -5846,7 +5232,6 @@ multi_fields: - name: number type: long - default_field: false - name: last_wall_time_ms description: osquery_schedule.last_wall_time_ms - Wall time in milliseconds of the latest execution type: keyword @@ -5854,7 +5239,6 @@ multi_fields: - name: number type: long - default_field: false - name: launch_type description: xprotect_entries.launch_type - Launch services content type type: keyword @@ -5863,7 +5247,6 @@ - name: text type: text norms: false - default_field: false - name: layer_id description: docker_image_layers.layer_id - Layer ID type: keyword @@ -5872,7 +5255,6 @@ - name: text type: text norms: false - default_field: false - name: layer_order description: docker_image_layers.layer_order - Layer Order (1 = base layer) type: keyword @@ -5880,7 +5262,6 @@ multi_fields: - name: number type: long - default_field: false - name: level description: |- asl.level - Log level number. See levels in asl.h. @@ -5891,7 +5272,6 @@ multi_fields: - name: number type: long - default_field: false - name: license description: |- atom_packages.license - License for package @@ -5904,7 +5284,6 @@ - name: text type: text norms: false - default_field: false - name: link description: elf_sections.link - Link to other section type: keyword @@ -5913,7 +5292,6 @@ - name: text type: text norms: false - default_field: false - name: link_speed description: interface_details.link_speed - Interface speed in Mb/s type: keyword @@ -5921,7 +5299,6 @@ multi_fields: - name: number type: long - default_field: false - name: linked_against description: kernel_extensions.linked_against - Indexes of extensions this extension is linked against type: keyword @@ -5930,7 +5307,6 @@ - name: text type: text norms: false - default_field: false - name: load_state description: systemd_units.load_state - Reflects whether the unit definition was properly loaded type: keyword @@ -5939,7 +5315,6 @@ - name: text type: text norms: false - default_field: false - name: local_address description: |- bpf_socket_events.local_address - Local address associated with socket @@ -5951,7 +5326,6 @@ - name: text type: text norms: false - default_field: false - name: local_addresses description: windows_firewall_rules.local_addresses - Local addresses for the rule type: keyword @@ -5960,7 +5334,6 @@ - name: text type: text norms: false - default_field: false - name: local_hostname description: |- ec2_instance_metadata.local_hostname - Private IPv4 DNS hostname of the first interface of this instance @@ -5971,7 +5344,6 @@ - name: text type: text norms: false - default_field: false - name: local_ipv4 description: ec2_instance_metadata.local_ipv4 - Private IPv4 address of the first interface of this instance type: keyword @@ -5980,7 +5352,6 @@ - name: text type: text norms: false - default_field: false - name: local_path description: shortcut_files.local_path - Local system path to target file. type: keyword @@ -5989,7 +5360,6 @@ - name: text type: text norms: false - default_field: false - name: local_port description: |- bpf_socket_events.local_port - Local network protocol port number @@ -6000,7 +5370,6 @@ multi_fields: - name: number type: long - default_field: false - name: local_ports description: windows_firewall_rules.local_ports - Local ports for the rule type: keyword @@ -6009,7 +5378,6 @@ - name: text type: text norms: false - default_field: false - name: local_timezone description: time.local_timezone - Current local timezone in of the system type: keyword @@ -6018,7 +5386,6 @@ - name: text type: text norms: false - default_field: false - name: location description: |- azure_instance_metadata.location - Azure Region the VM is running in @@ -6031,7 +5398,6 @@ - name: text type: text norms: false - default_field: false - name: lock description: chassis_info.lock - If TRUE, the frame is equipped with a lock. type: keyword @@ -6040,7 +5406,6 @@ - name: text type: text norms: false - default_field: false - name: lock_status description: bitlocker_info.lock_status - The accessibility status of the drive from Windows. type: keyword @@ -6048,7 +5413,6 @@ multi_fields: - name: number type: long - default_field: false - name: locked description: shared_memory.locked - 1 if segment is locked else 0 type: keyword @@ -6056,7 +5420,6 @@ multi_fields: - name: number type: long - default_field: false - name: log_file_disk_quota_mb description: carbon_black_info.log_file_disk_quota_mb - Event file disk quota in MB type: keyword @@ -6064,7 +5427,6 @@ multi_fields: - name: number type: long - default_field: false - name: log_file_disk_quota_percentage description: carbon_black_info.log_file_disk_quota_percentage - Event file disk quota in a percentage type: keyword @@ -6072,7 +5434,6 @@ multi_fields: - name: number type: long - default_field: false - name: logging_driver description: docker_info.logging_driver - Logging driver type: keyword @@ -6081,7 +5442,6 @@ - name: text type: text norms: false - default_field: false - name: logging_enabled description: alf.logging_enabled - 1 If logging mode is enabled else 0 type: keyword @@ -6089,7 +5449,6 @@ multi_fields: - name: number type: long - default_field: false - name: logging_option description: alf.logging_option - Firewall logging option type: keyword @@ -6097,7 +5456,6 @@ multi_fields: - name: number type: long - default_field: false - name: logical_processors description: cpu_info.logical_processors - The number of logical processors of the CPU. type: keyword @@ -6105,7 +5463,6 @@ multi_fields: - name: number type: long - default_field: false - name: logon_domain description: logon_sessions.logon_domain - The name of the domain used to authenticate the owner of the logon session. type: keyword @@ -6114,7 +5471,6 @@ - name: text type: text norms: false - default_field: false - name: logon_id description: logon_sessions.logon_id - A locally unique identifier (LUID) that identifies a logon session. type: keyword @@ -6122,7 +5478,6 @@ multi_fields: - name: number type: long - default_field: false - name: logon_script description: logon_sessions.logon_script - The script used for logging on. type: keyword @@ -6131,7 +5486,6 @@ - name: text type: text norms: false - default_field: false - name: logon_server description: logon_sessions.logon_server - The name of the server used to authenticate the owner of the logon session. type: keyword @@ -6140,7 +5494,6 @@ - name: text type: text norms: false - default_field: false - name: logon_sid description: logon_sessions.logon_sid - The user's security identifier (SID). type: keyword @@ -6149,7 +5502,6 @@ - name: text type: text norms: false - default_field: false - name: logon_time description: logon_sessions.logon_time - The time the session owner logged on. type: keyword @@ -6157,7 +5509,6 @@ multi_fields: - name: number type: long - default_field: false - name: logon_type description: logon_sessions.logon_type - The logon method. type: keyword @@ -6166,7 +5517,6 @@ - name: text type: text norms: false - default_field: false - name: lu_wwn_device_id description: smart_drive_info.lu_wwn_device_id - Device Identifier type: keyword @@ -6175,7 +5525,6 @@ - name: text type: text norms: false - default_field: false - name: mac description: |- arp_cache.mac - MAC address of broadcasted address @@ -6187,7 +5536,6 @@ - name: text type: text norms: false - default_field: false - name: mac_address description: docker_container_networks.mac_address - MAC address type: keyword @@ -6196,7 +5544,6 @@ - name: text type: text norms: false - default_field: false - name: machine description: elf_info.machine - Machine type type: keyword @@ -6204,7 +5551,6 @@ multi_fields: - name: number type: long - default_field: false - name: machine_name description: windows_crashes.machine_name - Name of the machine where the crash happened type: keyword @@ -6213,7 +5559,6 @@ - name: text type: text norms: false - default_field: false - name: magic_db_files description: "magic.magic_db_files - Colon(:) separated list of files where the magic db file can be found. By default one of the following is used: /usr/share/file/magic/magic, /usr/share/misc/magic or /usr/share/misc/magic.mgc" type: keyword @@ -6222,7 +5567,6 @@ - name: text type: text norms: false - default_field: false - name: maintainer description: |- apt_sources.maintainer - Repository maintainer @@ -6233,7 +5577,6 @@ - name: text type: text norms: false - default_field: false - name: major description: os_version.major - Major release version type: keyword @@ -6241,7 +5584,6 @@ multi_fields: - name: number type: long - default_field: false - name: major_version description: windows_crashes.major_version - Windows major version of the machine type: keyword @@ -6249,7 +5591,6 @@ multi_fields: - name: number type: long - default_field: false - name: managed description: lxd_networks.managed - 1 if network created by LXD, 0 otherwise type: keyword @@ -6257,7 +5598,6 @@ multi_fields: - name: number type: long - default_field: false - name: manifest_hash description: chrome_extensions.manifest_hash - The SHA256 hash of the manifest.json file type: keyword @@ -6266,7 +5606,6 @@ - name: text type: text norms: false - default_field: false - name: manifest_json description: chrome_extensions.manifest_json - The manifest file of the extension type: keyword @@ -6275,7 +5614,6 @@ - name: text type: text norms: false - default_field: false - name: manual description: managed_policies.manual - 1 if policy was loaded manually, otherwise 0 type: keyword @@ -6283,7 +5621,6 @@ multi_fields: - name: number type: long - default_field: false - name: manufacture_date description: battery.manufacture_date - The date the battery was manufactured UNIX Epoch type: keyword @@ -6291,7 +5628,6 @@ multi_fields: - name: number type: long - default_field: false - name: manufacturer description: |- battery.manufacturer - The battery manufacturer's name @@ -6308,7 +5644,6 @@ - name: text type: text norms: false - default_field: false - name: manufacturer_id description: tpm_info.manufacturer_id - TPM manufacturers ID type: keyword @@ -6316,7 +5651,6 @@ multi_fields: - name: number type: long - default_field: false - name: manufacturer_name description: tpm_info.manufacturer_name - TPM manufacturers name type: keyword @@ -6325,7 +5659,6 @@ - name: text type: text norms: false - default_field: false - name: manufacturer_version description: tpm_info.manufacturer_version - TPM version type: keyword @@ -6334,7 +5667,6 @@ - name: text type: text norms: false - default_field: false - name: mask description: |- interface_addresses.mask - Interface netmask @@ -6345,7 +5677,6 @@ - name: text type: text norms: false - default_field: false - name: match description: |- chrome_extension_content_scripts.match - The pattern that the script is matched against @@ -6356,7 +5687,6 @@ - name: text type: text norms: false - default_field: false - name: matches description: |- yara.matches - List of YARA matches @@ -6367,7 +5697,6 @@ - name: text type: text norms: false - default_field: false - name: max description: |- fan_speed_sensors.max - Maximum speed @@ -6377,7 +5706,6 @@ multi_fields: - name: number type: long - default_field: false - name: max_capacity description: |- battery.max_capacity - The battery's actual capacity when it is fully charged in mAh @@ -6387,7 +5715,6 @@ multi_fields: - name: number type: long - default_field: false - name: max_clock_speed description: cpu_info.max_clock_speed - The maximum possible frequency of the CPU. type: keyword @@ -6395,7 +5722,6 @@ multi_fields: - name: number type: long - default_field: false - name: max_instances description: pipes.max_instances - The maximum number of instances creatable for this pipe type: keyword @@ -6403,7 +5729,6 @@ multi_fields: - name: number type: long - default_field: false - name: max_speed description: memory_devices.max_speed - Max speed of memory device in megatransfers per second (MT/s) type: keyword @@ -6411,7 +5736,6 @@ multi_fields: - name: number type: long - default_field: false - name: max_voltage description: memory_devices.max_voltage - Maximum operating voltage of device in millivolts type: keyword @@ -6419,7 +5743,6 @@ multi_fields: - name: number type: long - default_field: false - name: maximum_allowed description: shared_resources.maximum_allowed - Limit on the maximum number of users allowed to use this resource concurrently. The value is only valid if the AllowMaximum property is set to FALSE. type: keyword @@ -6427,7 +5750,6 @@ multi_fields: - name: number type: long - default_field: false - name: md5 description: |- acpi_tables.md5 - MD5 hash of table content @@ -6441,7 +5763,6 @@ - name: text type: text norms: false - default_field: false - name: md_device_name description: md_drives.md_device_name - md device name type: keyword @@ -6450,7 +5771,6 @@ - name: text type: text norms: false - default_field: false - name: mdm_managed description: system_extensions.mdm_managed - 1 if managed by MDM system extension payload configuration, 0 otherwise type: keyword @@ -6458,7 +5778,6 @@ multi_fields: - name: number type: long - default_field: false - name: mechanism description: authorization_mechanisms.mechanism - Name of the mechanism that will be called type: keyword @@ -6467,7 +5786,6 @@ - name: text type: text norms: false - default_field: false - name: med_capability_capabilities description: lldp_neighbors.med_capability_capabilities - Is MED capabilities enabled type: keyword @@ -6475,7 +5793,6 @@ multi_fields: - name: number type: long - default_field: false - name: med_capability_inventory description: lldp_neighbors.med_capability_inventory - Is MED inventory capability enabled type: keyword @@ -6483,7 +5800,6 @@ multi_fields: - name: number type: long - default_field: false - name: med_capability_location description: lldp_neighbors.med_capability_location - Is MED location capability enabled type: keyword @@ -6491,7 +5807,6 @@ multi_fields: - name: number type: long - default_field: false - name: med_capability_mdi_pd description: lldp_neighbors.med_capability_mdi_pd - Is MED MDI PD capability enabled type: keyword @@ -6499,7 +5814,6 @@ multi_fields: - name: number type: long - default_field: false - name: med_capability_mdi_pse description: lldp_neighbors.med_capability_mdi_pse - Is MED MDI PSE capability enabled type: keyword @@ -6507,7 +5821,6 @@ multi_fields: - name: number type: long - default_field: false - name: med_capability_policy description: lldp_neighbors.med_capability_policy - Is MED policy capability enabled type: keyword @@ -6515,7 +5828,6 @@ multi_fields: - name: number type: long - default_field: false - name: med_device_type description: lldp_neighbors.med_device_type - Chassis MED type type: keyword @@ -6524,7 +5836,6 @@ - name: text type: text norms: false - default_field: false - name: med_policies description: lldp_neighbors.med_policies - Comma delimited list of MED policies type: keyword @@ -6533,7 +5844,6 @@ - name: text type: text norms: false - default_field: false - name: media_name description: disk_events.media_name - Disk event media name string type: keyword @@ -6542,7 +5852,6 @@ - name: text type: text norms: false - default_field: false - name: mem description: docker_container_processes.mem - Memory utilization as percentage type: keyword @@ -6550,7 +5859,6 @@ multi_fields: - name: number type: double - default_field: false - name: member_config_description description: lxd_cluster.member_config_description - Config description type: keyword @@ -6559,7 +5867,6 @@ - name: text type: text norms: false - default_field: false - name: member_config_entity description: lxd_cluster.member_config_entity - Type of configuration parameter for this node type: keyword @@ -6568,7 +5875,6 @@ - name: text type: text norms: false - default_field: false - name: member_config_key description: lxd_cluster.member_config_key - Config key type: keyword @@ -6577,7 +5883,6 @@ - name: text type: text norms: false - default_field: false - name: member_config_name description: lxd_cluster.member_config_name - Name of configuration parameter type: keyword @@ -6586,7 +5891,6 @@ - name: text type: text norms: false - default_field: false - name: member_config_value description: lxd_cluster.member_config_value - Config value type: keyword @@ -6595,7 +5899,6 @@ - name: text type: text norms: false - default_field: false - name: memory description: docker_info.memory - Total memory type: keyword @@ -6603,7 +5906,6 @@ multi_fields: - name: number type: long - default_field: false - name: memory_array_error_address description: memory_error_info.memory_array_error_address - 32 bit physical address of the error based on the addressing of the bus to which the memory array is connected type: keyword @@ -6612,7 +5914,6 @@ - name: text type: text norms: false - default_field: false - name: memory_array_handle description: memory_array_mapped_addresses.memory_array_handle - Handle of the memory array associated with this structure type: keyword @@ -6621,7 +5922,6 @@ - name: text type: text norms: false - default_field: false - name: memory_array_mapped_address_handle description: memory_device_mapped_addresses.memory_array_mapped_address_handle - Handle of the memory array mapped address to which this device range is mapped to type: keyword @@ -6630,7 +5930,6 @@ - name: text type: text norms: false - default_field: false - name: memory_device_handle description: memory_device_mapped_addresses.memory_device_handle - Handle of the memory device structure associated with this structure type: keyword @@ -6639,7 +5938,6 @@ - name: text type: text norms: false - default_field: false - name: memory_error_correction description: memory_arrays.memory_error_correction - Primary hardware error correction or detection method supported type: keyword @@ -6648,7 +5946,6 @@ - name: text type: text norms: false - default_field: false - name: memory_error_info_handle description: memory_arrays.memory_error_info_handle - Handle, or instance number, associated with any error that was detected for the array type: keyword @@ -6657,7 +5954,6 @@ - name: text type: text norms: false - default_field: false - name: memory_free description: memory_info.memory_free - The amount of physical RAM, in bytes, left unused by the system type: keyword @@ -6665,7 +5961,6 @@ multi_fields: - name: number type: long - default_field: false - name: memory_limit description: |- docker_container_stats.memory_limit - Memory limit @@ -6675,7 +5970,6 @@ multi_fields: - name: number type: long - default_field: false - name: memory_max_usage description: docker_container_stats.memory_max_usage - Memory maximum usage type: keyword @@ -6683,7 +5977,6 @@ multi_fields: - name: number type: long - default_field: false - name: memory_total description: memory_info.memory_total - Total amount of physical RAM, in bytes type: keyword @@ -6691,7 +5984,6 @@ multi_fields: - name: number type: long - default_field: false - name: memory_type description: memory_devices.memory_type - Type of memory used type: keyword @@ -6700,7 +5992,6 @@ - name: text type: text norms: false - default_field: false - name: memory_type_details description: memory_devices.memory_type_details - Additional details for memory device type: keyword @@ -6709,7 +6000,6 @@ - name: text type: text norms: false - default_field: false - name: memory_usage description: docker_container_stats.memory_usage - Memory usage type: keyword @@ -6717,7 +6007,6 @@ multi_fields: - name: number type: long - default_field: false - name: message description: |- apparmor_events.message - Raw audit message @@ -6732,7 +6021,6 @@ - name: text type: text norms: false - default_field: false - name: metadata_endpoint description: ycloud_instance_metadata.metadata_endpoint - Endpoint used to fetch VM metadata type: keyword @@ -6741,7 +6029,6 @@ - name: text type: text norms: false - default_field: false - name: method description: curl.method - The HTTP method for the request type: keyword @@ -6750,7 +6037,6 @@ - name: text type: text norms: false - default_field: false - name: metric description: |- interface_details.metric - Metric based on the speed of the interface @@ -6760,7 +6046,6 @@ multi_fields: - name: number type: long - default_field: false - name: metric_name description: prometheus_metrics.metric_name - Name of collected Prometheus metric type: keyword @@ -6769,7 +6054,6 @@ - name: text type: text norms: false - default_field: false - name: metric_value description: prometheus_metrics.metric_value - Value of collected Prometheus metric type: keyword @@ -6777,7 +6061,6 @@ multi_fields: - name: number type: double - default_field: false - name: mft_entry description: |- shellbags.mft_entry - Directory master file table entry. @@ -6787,7 +6070,6 @@ multi_fields: - name: number type: long - default_field: false - name: mft_sequence description: |- shellbags.mft_sequence - Directory master file table sequence. @@ -6797,7 +6079,6 @@ multi_fields: - name: number type: long - default_field: false - name: mime_encoding description: magic.mime_encoding - MIME encoding data from libmagic type: keyword @@ -6806,7 +6087,6 @@ - name: text type: text norms: false - default_field: false - name: mime_type description: magic.mime_type - MIME type data from libmagic type: keyword @@ -6815,7 +6095,6 @@ - name: text type: text norms: false - default_field: false - name: min description: |- fan_speed_sensors.min - Minimum speed @@ -6825,7 +6104,6 @@ multi_fields: - name: number type: long - default_field: false - name: min_api_version description: docker_version.min_api_version - Minimum API version supported type: keyword @@ -6834,7 +6112,6 @@ - name: text type: text norms: false - default_field: false - name: min_version description: xprotect_meta.min_version - The minimum allowed plugin version. type: keyword @@ -6843,7 +6120,6 @@ - name: text type: text norms: false - default_field: false - name: min_voltage description: memory_devices.min_voltage - Minimum operating voltage of device in millivolts type: keyword @@ -6851,7 +6127,6 @@ multi_fields: - name: number type: long - default_field: false - name: minimum_system_version description: apps.minimum_system_version - Minimum version of OS X required for the app to run type: keyword @@ -6860,7 +6135,6 @@ - name: text type: text norms: false - default_field: false - name: minor description: os_version.minor - Minor release version type: keyword @@ -6868,7 +6142,6 @@ multi_fields: - name: number type: long - default_field: false - name: minor_version description: windows_crashes.minor_version - Windows minor version of the machine type: keyword @@ -6876,7 +6149,6 @@ multi_fields: - name: number type: long - default_field: false - name: minute description: crontab.minute - The exact minute for the job type: keyword @@ -6885,7 +6157,6 @@ - name: text type: text norms: false - default_field: false - name: minutes description: |- time.minutes - Current minutes in UTC @@ -6895,7 +6166,6 @@ multi_fields: - name: number type: long - default_field: false - name: minutes_to_full_charge description: battery.minutes_to_full_charge - The number of minutes until the battery is fully charged. This value is -1 if this time is still being calculated type: keyword @@ -6903,7 +6173,6 @@ multi_fields: - name: number type: long - default_field: false - name: minutes_until_empty description: battery.minutes_until_empty - The number of minutes until the battery is fully depleted. This value is -1 if this time is still being calculated type: keyword @@ -6911,7 +6180,6 @@ multi_fields: - name: number type: long - default_field: false - name: mirrorlist description: yum_sources.mirrorlist - Mirrorlist URL type: keyword @@ -6920,7 +6188,6 @@ - name: text type: text norms: false - default_field: false - name: mnt_namespace description: |- docker_containers.mnt_namespace - Mount namespace @@ -6931,7 +6198,6 @@ - name: text type: text norms: false - default_field: false - name: mode description: |- apparmor_profiles.mode - How the policy is applied. @@ -6950,7 +6216,6 @@ - name: text type: text norms: false - default_field: false - name: model description: |- battery.model - The battery's model number @@ -6967,7 +6232,6 @@ - name: text type: text norms: false - default_field: false - name: model_family description: smart_drive_info.model_family - Drive model family type: keyword @@ -6976,7 +6240,6 @@ - name: text type: text norms: false - default_field: false - name: model_id description: |- hardware_events.model_id - Hex encoded Hardware model identifier @@ -6988,7 +6251,6 @@ - name: text type: text norms: false - default_field: false - name: modified description: |- authorizations.modified - Label top-level key @@ -6999,7 +6261,6 @@ - name: text type: text norms: false - default_field: false - name: modified_time description: |- package_bom.modified_time - Timestamp the file was installed @@ -7010,7 +6271,6 @@ multi_fields: - name: number type: long - default_field: false - name: module description: windows_crashes.module - Path of the crashed module within the process type: keyword @@ -7019,7 +6279,6 @@ - name: text type: text norms: false - default_field: false - name: module_backtrace description: kernel_panics.module_backtrace - Modules appearing in the crashed module's backtrace type: keyword @@ -7028,7 +6287,6 @@ - name: text type: text norms: false - default_field: false - name: module_path description: services.module_path - Path to ServiceDll type: keyword @@ -7037,7 +6295,6 @@ - name: text type: text norms: false - default_field: false - name: month description: |- crontab.month - The month of the year for the job @@ -7048,7 +6305,6 @@ - name: text type: text norms: false - default_field: false - name: mount_namespace_id description: |- deb_packages.mount_namespace_id - Mount namespace id @@ -7063,7 +6319,6 @@ - name: text type: text norms: false - default_field: false - name: mount_point description: docker_volumes.mount_point - Mount point type: keyword @@ -7072,7 +6327,6 @@ - name: text type: text norms: false - default_field: false - name: mountable description: disk_events.mountable - 1 if mountable, 0 if not type: keyword @@ -7080,7 +6334,6 @@ multi_fields: - name: number type: long - default_field: false - name: msize description: elf_segments.msize - Segment offset in memory type: keyword @@ -7088,7 +6341,6 @@ multi_fields: - name: number type: long - default_field: false - name: mtime description: |- device_file.mtime - Last modification time @@ -7110,7 +6362,6 @@ multi_fields: - name: number type: long - default_field: false - name: name description: "acpi_tables.name - ACPI table name\nad_config.name - The OS X-specific configuration name\napparmor_events.name - Process name\napparmor_profiles.name - Policy name.\napps.name - Name of the Name.app folder\napt_sources.name - Repository name\natom_packages.name - Package display name\nautoexec.name - Name of the program\nazure_instance_metadata.name - Name of the VM\nblock_devices.name - Block device name\nbrowser_plugins.name - Plugin display name\nchocolatey_packages.name - Package display name\nchrome_extensions.name - Extension display name\ncups_destinations.name - Name of the printer\ndeb_packages.name - Package name\ndisk_encryption.name - Disk name\ndisk_events.name - Disk event name\ndisk_info.name - The label of the disk object.\ndns_cache.name - DNS record name\ndocker_container_mounts.name - Optional mount name\ndocker_container_networks.name - Network name\ndocker_container_processes.name - The process path or shorthand argv[0]\ndocker_container_stats.name - Container name\ndocker_containers.name - Container name\ndocker_info.name - Name of the docker host\ndocker_networks.name - Network name\ndocker_volume_labels.name - Volume name\ndocker_volumes.name - Volume name\nelf_sections.name - Section name\nelf_segments.name - Segment type/name\nelf_symbols.name - Symbol name\netc_protocols.name - Protocol name\netc_services.name - Service name\nexample.name - Description for name column\nfan_speed_sensors.name - Fan name\nfbsd_kmods.name - Module name\nfirefox_addons.name - Addon display name\nhomebrew_packages.name - Package name\nie_extensions.name - Extension display name\niokit_devicetree.name - Device node name\niokit_registry.name - Default name of the node\nkernel_extensions.name - Extension label\nkernel_modules.name - Module name\nkernel_panics.name - Process name corresponding to crashed thread\nlaunchd.name - File name of plist (used by launchd)\nlxd_certificates.name - Name of the certificate\nlxd_instance_config.name - Instance name\nlxd_instance_devices.name - Instance name\nlxd_instances.name - Instance name\nlxd_networks.name - Name of the network\nlxd_storage_pools.name - Name of the storage pool\nmanaged_policies.name - Policy key name\nmd_personalities.name - Name of personality supported by kernel\nmemory_map.name - Region name\nnpm_packages.name - Package display name\nntdomains.name - The label by which the object is known.\nnvram.name - Variable name\nos_version.name - Distribution or product name\nosquery_events.name - Event publisher or subscriber name\nosquery_extensions.name - Extension's name\nosquery_flags.name - Flag name\nosquery_packs.name - The given name for this query pack\nosquery_registry.name - Name of the plugin item\nosquery_schedule.name - The given name for this query\npackage_install_history.name - Package display name\nphysical_disk_performance.name - Name of the physical disk\npipes.name - Name of the pipe\npkg_packages.name - Package name\npower_sensors.name - Name of power source\nprocesses.name - The process path or shorthand argv[0]\nprograms.name - Commonly used product name.\npython_packages.name - Package display name\nregistry.name - Name of the registry value entry\nrpm_packages.name - RPM package name\nsafari_extensions.name - Extension display name\nscheduled_tasks.name - Name of the scheduled task\nservices.name - Service name\nshared_folders.name - The shared name of the folder as it appears to other users\nshared_resources.name - Alias given to a path set up as a share on a computer system running Windows.\nstartup_items.name - Name of startup item\nsystem_controls.name - Full sysctl MIB name\ntemperature_sensors.name - Name of temperature source\nwindows_firewall_rules.name - Friendly name of the rule\nwindows_optional_features.name - Name of the feature\nwindows_security_products.name - Name of product\nwmi_bios_info.name - Name of the Bios setting\nwmi_cli_event_consumers.name - Unique name of a consumer.\nwmi_event_filters.name - Unique identifier of an event filter.\nwmi_script_event_consumers.name - Unique identifier for the event consumer. \nxprotect_entries.name - Description of XProtected malware\nxprotect_reports.name - Description of XProtected malware\nycloud_instance_metadata.name - Name of the VM\nyum_sources.name - Repository name" type: keyword @@ -7119,7 +6370,6 @@ - name: text type: text norms: false - default_field: false - name: name_constraints description: curl_certificate.name_constraints - Name Constraints type: keyword @@ -7128,7 +6378,6 @@ - name: text type: text norms: false - default_field: false - name: namespace description: apparmor_events.namespace - AppArmor namespace type: keyword @@ -7137,7 +6386,6 @@ - name: text type: text norms: false - default_field: false - name: native description: |- browser_plugins.native - Plugin requires native execution @@ -7147,7 +6395,6 @@ multi_fields: - name: number type: long - default_field: false - name: net_namespace description: |- docker_containers.net_namespace - Network namespace @@ -7160,7 +6407,6 @@ - name: text type: text norms: false - default_field: false - name: netmask description: |- dns_resolvers.netmask - Address (sortlist) netmask length @@ -7171,7 +6417,6 @@ - name: text type: text norms: false - default_field: false - name: network_id description: docker_container_networks.network_id - Network ID type: keyword @@ -7180,7 +6425,6 @@ - name: text type: text norms: false - default_field: false - name: network_name description: |- wifi_networks.network_name - Name of the network @@ -7192,7 +6436,6 @@ - name: text type: text norms: false - default_field: false - name: network_rx_bytes description: docker_container_stats.network_rx_bytes - Total network bytes read type: keyword @@ -7200,7 +6443,6 @@ multi_fields: - name: number type: long - default_field: false - name: network_tx_bytes description: docker_container_stats.network_tx_bytes - Total network bytes transmitted type: keyword @@ -7208,7 +6450,6 @@ multi_fields: - name: number type: long - default_field: false - name: next_run_time description: scheduled_tasks.next_run_time - Timestamp the task is scheduled to run next type: keyword @@ -7216,7 +6457,6 @@ multi_fields: - name: number type: long - default_field: false - name: nice description: |- cpu_time.nice - Time spent in user mode with low priority (nice) @@ -7227,7 +6467,6 @@ multi_fields: - name: number type: long - default_field: false - name: no_proxy description: docker_info.no_proxy - Comma-separated list of domain extensions proxy should not be used for type: keyword @@ -7236,7 +6475,6 @@ - name: text type: text norms: false - default_field: false - name: node description: augeas.node - The node path of the configuration item type: keyword @@ -7245,7 +6483,6 @@ - name: text type: text norms: false - default_field: false - name: node_ref_number description: ntfs_journal_events.node_ref_number - The ordinal that associates a journal record with a filename type: keyword @@ -7254,7 +6491,6 @@ - name: text type: text norms: false - default_field: false - name: noise description: |- wifi_status.noise - The current noise measurement (dBm) @@ -7264,7 +6500,6 @@ multi_fields: - name: number type: long - default_field: false - name: not_valid_after description: certificates.not_valid_after - Certificate expiration data type: keyword @@ -7273,7 +6508,6 @@ - name: text type: text norms: false - default_field: false - name: not_valid_before description: certificates.not_valid_before - Lower bound of valid date type: keyword @@ -7282,7 +6516,6 @@ - name: text type: text norms: false - default_field: false - name: nr_raid_disks description: md_devices.nr_raid_disks - Number of partitions or disk devices to comprise the array type: keyword @@ -7290,7 +6523,6 @@ multi_fields: - name: number type: long - default_field: false - name: ntime description: |- bpf_process_events.ntime - The nsecs uptime timestamp as obtained from BPF @@ -7301,7 +6533,6 @@ - name: text type: text norms: false - default_field: false - name: num_procs description: docker_container_stats.num_procs - Number of processors type: keyword @@ -7309,7 +6540,6 @@ multi_fields: - name: number type: long - default_field: false - name: number description: |- etc_protocols.number - Protocol number @@ -7320,7 +6550,6 @@ multi_fields: - name: number type: long - default_field: false - name: number_memory_devices description: memory_arrays.number_memory_devices - Number of memory devices on array type: keyword @@ -7328,7 +6557,6 @@ multi_fields: - name: number type: long - default_field: false - name: number_of_cores description: cpu_info.number_of_cores - The number of cores of the CPU. type: keyword @@ -7337,7 +6565,6 @@ - name: text type: text norms: false - default_field: false - name: object_name description: winbaseobj.object_name - Object Name type: keyword @@ -7346,7 +6573,6 @@ - name: text type: text norms: false - default_field: false - name: object_path description: systemd_units.object_path - The object path for this unit type: keyword @@ -7355,7 +6581,6 @@ - name: text type: text norms: false - default_field: false - name: object_type description: winbaseobj.object_type - Object Type type: keyword @@ -7364,7 +6589,6 @@ - name: text type: text norms: false - default_field: false - name: obytes description: interface_details.obytes - Output bytes type: keyword @@ -7372,7 +6596,6 @@ multi_fields: - name: number type: long - default_field: false - name: odrops description: interface_details.odrops - Output drops type: keyword @@ -7380,7 +6603,6 @@ multi_fields: - name: number type: long - default_field: false - name: oerrors description: interface_details.oerrors - Output errors type: keyword @@ -7388,7 +6610,6 @@ multi_fields: - name: number type: long - default_field: false - name: offer description: azure_instance_metadata.offer - Offer information for the VM image (Azure image gallery VMs only) type: keyword @@ -7397,7 +6618,6 @@ - name: text type: text norms: false - default_field: false - name: offset description: "device_partitions.offset - \nelf_sections.offset - Offset of section in file\nelf_segments.offset - Segment offset in file\nelf_symbols.offset - Section table index\nprocess_memory_map.offset - Offset into mapped path" type: keyword @@ -7405,7 +6625,6 @@ multi_fields: - name: number type: long - default_field: false - name: oid description: system_controls.oid - Control MIB type: keyword @@ -7414,7 +6633,6 @@ - name: text type: text norms: false - default_field: false - name: old_path description: ntfs_journal_events.old_path - Old path (renames only) type: keyword @@ -7423,7 +6641,6 @@ - name: text type: text norms: false - default_field: false - name: on_demand description: launchd.on_demand - Deprecated key, replaced by keep_alive type: keyword @@ -7432,7 +6649,6 @@ - name: text type: text norms: false - default_field: false - name: on_disk description: processes.on_disk - The process path exists yes=1, no=0, unknown=-1 type: keyword @@ -7440,7 +6656,6 @@ multi_fields: - name: number type: long - default_field: false - name: online_cpus description: docker_container_stats.online_cpus - Online CPUs type: keyword @@ -7448,7 +6663,6 @@ multi_fields: - name: number type: long - default_field: false - name: oom_kill_disable description: docker_info.oom_kill_disable - 1 if Out-of-memory kill is disabled. 0 otherwise type: keyword @@ -7456,7 +6670,6 @@ multi_fields: - name: number type: long - default_field: false - name: opackets description: interface_details.opackets - Output packets type: keyword @@ -7464,7 +6677,6 @@ multi_fields: - name: number type: long - default_field: false - name: opaque_version description: gatekeeper.opaque_version - Version of Gatekeeper's gkopaque.bundle type: keyword @@ -7473,7 +6685,6 @@ - name: text type: text norms: false - default_field: false - name: operation description: |- apparmor_events.operation - Permission requested by the process @@ -7484,7 +6695,6 @@ - name: text type: text norms: false - default_field: false - name: option description: |- ad_config.option - Canonical name of option @@ -7495,7 +6705,6 @@ - name: text type: text norms: false - default_field: false - name: option_name description: cups_destinations.option_name - Option name type: keyword @@ -7504,7 +6713,6 @@ - name: text type: text norms: false - default_field: false - name: option_value description: cups_destinations.option_value - Option value type: keyword @@ -7513,7 +6721,6 @@ - name: text type: text norms: false - default_field: false - name: optional description: xprotect_entries.optional - Match any of the identities/patterns for this XProtect name type: keyword @@ -7521,7 +6728,6 @@ multi_fields: - name: number type: long - default_field: false - name: optional_permissions description: chrome_extensions.optional_permissions - The permissions optionally required by the extensions type: keyword @@ -7530,7 +6736,6 @@ - name: text type: text norms: false - default_field: false - name: optional_permissions_json description: chrome_extensions.optional_permissions_json - The JSON-encoded permissions optionally required by the extensions type: keyword @@ -7539,7 +6744,6 @@ - name: text type: text norms: false - default_field: false - name: options description: |- dns_resolvers.options - Resolver options @@ -7554,7 +6758,6 @@ - name: text type: text norms: false - default_field: false - name: organization_unit description: curl_certificate.organization_unit - Organization unit issued to type: keyword @@ -7563,7 +6766,6 @@ - name: text type: text norms: false - default_field: false - name: original_parent description: es_process_events.original_parent - Original parent process ID in case of reparenting type: keyword @@ -7571,7 +6773,6 @@ multi_fields: - name: number type: long - default_field: false - name: original_program_name description: authenticode.original_program_name - The original program name that the publisher has signed type: keyword @@ -7580,7 +6781,6 @@ - name: text type: text norms: false - default_field: false - name: os description: |- docker_info.os - Operating system @@ -7593,7 +6793,6 @@ - name: text type: text norms: false - default_field: false - name: os_type description: |- azure_instance_metadata.os_type - Linux or Windows @@ -7604,7 +6803,6 @@ - name: text type: text norms: false - default_field: false - name: os_version description: kernel_panics.os_version - Version of the operating system type: keyword @@ -7613,7 +6811,6 @@ - name: text type: text norms: false - default_field: false - name: other description: md_devices.other - Other information associated with array from /proc/mdstat type: keyword @@ -7622,7 +6819,6 @@ - name: text type: text norms: false - default_field: false - name: other_run_times description: prefetch.other_run_times - Other execution times in prefetch file. type: keyword @@ -7631,7 +6827,6 @@ - name: text type: text norms: false - default_field: false - name: ouid description: apparmor_events.ouid - Object owner's user ID type: keyword @@ -7639,7 +6834,6 @@ multi_fields: - name: number type: long - default_field: false - name: outiface description: iptables.outiface - Output interface for the rule. type: keyword @@ -7648,7 +6842,6 @@ - name: text type: text norms: false - default_field: false - name: outiface_mask description: iptables.outiface_mask - Output interface mask for the rule. type: keyword @@ -7657,7 +6850,6 @@ - name: text type: text norms: false - default_field: false - name: output_bit description: cpuid.output_bit - Bit in register value for feature value type: keyword @@ -7665,7 +6857,6 @@ multi_fields: - name: number type: long - default_field: false - name: output_register description: cpuid.output_register - Register used to for feature value type: keyword @@ -7674,7 +6865,6 @@ - name: text type: text norms: false - default_field: false - name: output_size description: osquery_schedule.output_size - Cumulative total number of bytes generated by the resultant rows of the query type: keyword @@ -7682,7 +6872,6 @@ multi_fields: - name: number type: long - default_field: false - name: overflows description: process_events.overflows - List of structures that overflowed type: keyword @@ -7691,7 +6880,6 @@ - name: text type: text norms: false - default_field: false - name: owned description: tpm_info.owned - TPM is ownned type: keyword @@ -7699,7 +6887,6 @@ multi_fields: - name: number type: long - default_field: false - name: owner_gid description: process_events.owner_gid - File owner group ID type: keyword @@ -7707,7 +6894,6 @@ multi_fields: - name: number type: long - default_field: false - name: owner_uid description: |- process_events.owner_uid - File owner user ID @@ -7717,7 +6903,6 @@ multi_fields: - name: number type: long - default_field: false - name: owner_uuid description: osquery_registry.owner_uuid - Extension route UUID (0 for core) type: keyword @@ -7725,7 +6910,6 @@ multi_fields: - name: number type: long - default_field: false - name: package description: |- portage_keywords.package - Package name @@ -7738,7 +6922,6 @@ - name: text type: text norms: false - default_field: false - name: package_filename description: package_receipts.package_filename - Filename of original .pkg file type: keyword @@ -7747,7 +6930,6 @@ - name: text type: text norms: false - default_field: false - name: package_group description: rpm_packages.package_group - Package group type: keyword @@ -7756,7 +6938,6 @@ - name: text type: text norms: false - default_field: false - name: package_id description: |- package_install_history.package_id - Label packageIdentifiers @@ -7767,7 +6948,6 @@ - name: text type: text norms: false - default_field: false - name: packet_device_type description: smart_drive_info.packet_device_type - Packet device type type: keyword @@ -7776,7 +6956,6 @@ - name: text type: text norms: false - default_field: false - name: packets description: iptables.packets - Number of matching packets for this rule. type: keyword @@ -7784,7 +6963,6 @@ multi_fields: - name: number type: long - default_field: false - name: packets_received description: lxd_networks.packets_received - Number of packets received on this network type: keyword @@ -7792,7 +6970,6 @@ multi_fields: - name: number type: long - default_field: false - name: packets_sent description: lxd_networks.packets_sent - Number of packets sent on this network type: keyword @@ -7800,7 +6977,6 @@ multi_fields: - name: number type: long - default_field: false - name: page_ins description: virtual_memory_info.page_ins - The total number of requests for pages from a pager. type: keyword @@ -7808,7 +6984,6 @@ multi_fields: - name: number type: long - default_field: false - name: page_outs description: virtual_memory_info.page_outs - Total number of pages paged out. type: keyword @@ -7816,7 +6991,6 @@ multi_fields: - name: number type: long - default_field: false - name: parent description: |- apparmor_events.parent - Parent process PID @@ -7840,7 +7014,6 @@ - name: text type: text norms: false - default_field: false - name: part_number description: memory_devices.part_number - Manufacturer specific serial number of memory device type: keyword @@ -7849,7 +7022,6 @@ - name: text type: text norms: false - default_field: false - name: partial description: |- ntfs_journal_events.partial - Set to 1 if either path or old_path only contains the file or folder name @@ -7867,7 +7039,6 @@ - name: text type: text norms: false - default_field: false - name: partition_row_position description: memory_device_mapped_addresses.partition_row_position - Identifies the position of the referenced memory device in a row of the address partition type: keyword @@ -7875,7 +7046,6 @@ multi_fields: - name: number type: long - default_field: false - name: partition_width description: memory_array_mapped_addresses.partition_width - Number of memory devices that form a single row of memory for the address partition of this structure type: keyword @@ -7883,7 +7053,6 @@ multi_fields: - name: number type: long - default_field: false - name: partitions description: disk_info.partitions - Number of detected partitions on disk. type: keyword @@ -7891,7 +7060,6 @@ multi_fields: - name: number type: long - default_field: false - name: partner_fd description: process_open_pipes.partner_fd - File descriptor of shared pipe at partner's end type: keyword @@ -7899,7 +7067,6 @@ multi_fields: - name: number type: long - default_field: false - name: partner_mode description: process_open_pipes.partner_mode - Mode of shared pipe at partner's end type: keyword @@ -7908,7 +7075,6 @@ - name: text type: text norms: false - default_field: false - name: partner_pid description: process_open_pipes.partner_pid - Process ID of partner process sharing a particular pipe type: keyword @@ -7916,7 +7082,6 @@ multi_fields: - name: number type: long - default_field: false - name: passpoint description: wifi_networks.passpoint - 1 if Passpoint is supported, 0 otherwise type: keyword @@ -7924,7 +7089,6 @@ multi_fields: - name: number type: long - default_field: false - name: password_last_set_time description: account_policy_data.password_last_set_time - The time the password was last changed type: keyword @@ -7932,7 +7096,6 @@ multi_fields: - name: number type: double - default_field: false - name: password_status description: shadow.password_status - Password status type: keyword @@ -7941,7 +7104,6 @@ - name: text type: text norms: false - default_field: false - name: patch description: os_version.patch - Optional patch release type: keyword @@ -7949,7 +7111,6 @@ multi_fields: - name: number type: long - default_field: false - name: path description: |- alf_exceptions.path - Path to the executable that is excepted @@ -8046,7 +7207,6 @@ - name: text type: text norms: false - default_field: false - name: pci_class description: pci_devices.pci_class - PCI Device class type: keyword @@ -8055,7 +7215,6 @@ - name: text type: text norms: false - default_field: false - name: pci_class_id description: pci_devices.pci_class_id - PCI Device class ID in hex format type: keyword @@ -8064,7 +7223,6 @@ - name: text type: text norms: false - default_field: false - name: pci_slot description: |- interface_details.pci_slot - PCI slot number @@ -8075,7 +7233,6 @@ - name: text type: text norms: false - default_field: false - name: pci_subclass description: pci_devices.pci_subclass - PCI Device subclass type: keyword @@ -8084,7 +7241,6 @@ - name: text type: text norms: false - default_field: false - name: pci_subclass_id description: pci_devices.pci_subclass_id - PCI Device subclass in hex format type: keyword @@ -8093,7 +7249,6 @@ - name: text type: text norms: false - default_field: false - name: pem description: curl_certificate.pem - Certificate PEM format type: keyword @@ -8102,7 +7257,6 @@ - name: text type: text norms: false - default_field: false - name: percent_disk_read_time description: physical_disk_performance.percent_disk_read_time - Percentage of elapsed time that the selected disk drive is busy servicing read requests type: keyword @@ -8110,7 +7264,6 @@ multi_fields: - name: number type: long - default_field: false - name: percent_disk_time description: physical_disk_performance.percent_disk_time - Percentage of elapsed time that the selected disk drive is busy servicing read or write requests type: keyword @@ -8118,7 +7271,6 @@ multi_fields: - name: number type: long - default_field: false - name: percent_disk_write_time description: physical_disk_performance.percent_disk_write_time - Percentage of elapsed time that the selected disk drive is busy servicing write requests type: keyword @@ -8126,7 +7278,6 @@ multi_fields: - name: number type: long - default_field: false - name: percent_idle_time description: physical_disk_performance.percent_idle_time - Percentage of time during the sample interval that the disk was idle type: keyword @@ -8134,7 +7285,6 @@ multi_fields: - name: number type: long - default_field: false - name: percent_processor_time description: processes.percent_processor_time - Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks. type: keyword @@ -8142,7 +7292,6 @@ multi_fields: - name: number type: long - default_field: false - name: percent_remaining description: battery.percent_remaining - The percentage of battery remaining before it is drained type: keyword @@ -8150,7 +7299,6 @@ multi_fields: - name: number type: long - default_field: false - name: percentage_encrypted description: bitlocker_info.percentage_encrypted - The percentage of the drive that is encrypted. type: keyword @@ -8158,7 +7306,6 @@ multi_fields: - name: number type: long - default_field: false - name: perf_ctl description: msr.perf_ctl - Performance setting for the processor. type: keyword @@ -8166,7 +7313,6 @@ multi_fields: - name: number type: long - default_field: false - name: perf_status description: msr.perf_status - Performance status for the processor. type: keyword @@ -8174,7 +7320,6 @@ multi_fields: - name: number type: long - default_field: false - name: period description: load_average.period - Period over which the average is calculated. type: keyword @@ -8183,7 +7328,6 @@ - name: text type: text norms: false - default_field: false - name: permanent description: arp_cache.permanent - 1 for true, 0 for false type: keyword @@ -8192,7 +7336,6 @@ - name: text type: text norms: false - default_field: false - name: permissions description: |- chrome_extensions.permissions - The permissions required by the extension @@ -8205,7 +7348,6 @@ - name: text type: text norms: false - default_field: false - name: permissions_json description: chrome_extensions.permissions_json - The JSON-encoded permissions required by the extension type: keyword @@ -8214,7 +7356,6 @@ - name: text type: text norms: false - default_field: false - name: persistent description: chrome_extensions.persistent - 1 If extension is persistent across all tabs else 0 type: keyword @@ -8222,7 +7363,6 @@ multi_fields: - name: number type: long - default_field: false - name: persistent_volume_id description: bitlocker_info.persistent_volume_id - Persistent ID of the drive. type: keyword @@ -8231,7 +7371,6 @@ - name: text type: text norms: false - default_field: false - name: pgroup description: |- docker_container_processes.pgroup - Process group @@ -8241,7 +7380,6 @@ multi_fields: - name: number type: long - default_field: false - name: physical_adapter description: interface_details.physical_adapter - Indicates whether the adapter is a physical or a logical adapter. type: keyword @@ -8249,7 +7387,6 @@ multi_fields: - name: number type: long - default_field: false - name: physical_memory description: system_info.physical_memory - Total physical memory in bytes type: keyword @@ -8257,7 +7394,6 @@ multi_fields: - name: number type: long - default_field: false - name: physical_presence_version description: tpm_info.physical_presence_version - Version of the Physical Presence Interface type: keyword @@ -8266,7 +7402,6 @@ - name: text type: text norms: false - default_field: false - name: pid description: |- apparmor_events.pid - Process ID @@ -8305,7 +7440,6 @@ multi_fields: - name: number type: long - default_field: false - name: pid_namespace description: |- docker_containers.pid_namespace - PID namespace @@ -8316,7 +7450,6 @@ - name: text type: text norms: false - default_field: false - name: pid_with_namespace description: |- apt_sources.pid_with_namespace - Pids that contain a namespace @@ -8341,7 +7474,6 @@ multi_fields: - name: number type: long - default_field: false - name: pids description: |- docker_container_stats.pids - Number of processes @@ -8356,7 +7488,6 @@ - name: text type: text norms: false - default_field: false - name: platform description: |- os_version.platform - OS Platform or ID @@ -8367,7 +7498,6 @@ - name: text type: text norms: false - default_field: false - name: platform_binary description: es_process_events.platform_binary - Indicates if the binary is Apple signed binary (1) or not (0) type: keyword @@ -8375,7 +7505,6 @@ multi_fields: - name: number type: long - default_field: false - name: platform_fault_domain description: azure_instance_metadata.platform_fault_domain - Fault domain the VM is running in type: keyword @@ -8384,7 +7513,6 @@ - name: text type: text norms: false - default_field: false - name: platform_info description: msr.platform_info - Platform information. type: keyword @@ -8392,7 +7520,6 @@ multi_fields: - name: number type: long - default_field: false - name: platform_like description: os_version.platform_like - Closely related platforms type: keyword @@ -8401,7 +7528,6 @@ - name: text type: text norms: false - default_field: false - name: platform_mask description: osquery_info.platform_mask - The osquery platform bitmask type: keyword @@ -8409,7 +7535,6 @@ multi_fields: - name: number type: long - default_field: false - name: platform_update_domain description: azure_instance_metadata.platform_update_domain - Update domain the VM is running in type: keyword @@ -8418,7 +7543,6 @@ - name: text type: text norms: false - default_field: false - name: plugin description: authorization_mechanisms.plugin - Authorization plugin name type: keyword @@ -8427,7 +7551,6 @@ - name: text type: text norms: false - default_field: false - name: pnp_device_id description: disk_info.pnp_device_id - The unique identifier of the drive on the system. type: keyword @@ -8436,7 +7559,6 @@ - name: text type: text norms: false - default_field: false - name: point_to_point description: interface_addresses.point_to_point - PtP address for the interface type: keyword @@ -8445,7 +7567,6 @@ - name: text type: text norms: false - default_field: false - name: points description: example.points - This is a signed SQLite int column type: keyword @@ -8453,7 +7574,6 @@ multi_fields: - name: number type: long - default_field: false - name: policies description: curl_certificate.policies - Certificate Policies type: keyword @@ -8462,7 +7582,6 @@ - name: text type: text norms: false - default_field: false - name: policy description: iptables.policy - Policy that applies for this rule. type: keyword @@ -8471,7 +7590,6 @@ - name: text type: text norms: false - default_field: false - name: policy_constraints description: curl_certificate.policy_constraints - Policy Constraints type: keyword @@ -8480,7 +7598,6 @@ - name: text type: text norms: false - default_field: false - name: policy_mappings description: curl_certificate.policy_mappings - Policy Mappings type: keyword @@ -8489,7 +7606,6 @@ - name: text type: text norms: false - default_field: false - name: port description: |- docker_container_ports.port - Port inside the container @@ -8500,7 +7616,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_aggregation_id description: lldp_neighbors.port_aggregation_id - Port aggregation ID type: keyword @@ -8509,7 +7624,6 @@ - name: text type: text norms: false - default_field: false - name: port_autoneg_1000baset_fd_enabled description: lldp_neighbors.port_autoneg_1000baset_fd_enabled - 1000Base-T FD auto negotiation enabled type: keyword @@ -8517,7 +7631,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_autoneg_1000baset_hd_enabled description: lldp_neighbors.port_autoneg_1000baset_hd_enabled - 1000Base-T HD auto negotiation enabled type: keyword @@ -8525,7 +7638,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_autoneg_1000basex_fd_enabled description: lldp_neighbors.port_autoneg_1000basex_fd_enabled - 1000Base-X FD auto negotiation enabled type: keyword @@ -8533,7 +7645,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_autoneg_1000basex_hd_enabled description: lldp_neighbors.port_autoneg_1000basex_hd_enabled - 1000Base-X HD auto negotiation enabled type: keyword @@ -8541,7 +7652,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_autoneg_100baset2_fd_enabled description: lldp_neighbors.port_autoneg_100baset2_fd_enabled - 100Base-T2 FD auto negotiation enabled type: keyword @@ -8549,7 +7659,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_autoneg_100baset2_hd_enabled description: lldp_neighbors.port_autoneg_100baset2_hd_enabled - 100Base-T2 HD auto negotiation enabled type: keyword @@ -8557,7 +7666,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_autoneg_100baset4_fd_enabled description: lldp_neighbors.port_autoneg_100baset4_fd_enabled - 100Base-T4 FD auto negotiation enabled type: keyword @@ -8565,7 +7673,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_autoneg_100baset4_hd_enabled description: lldp_neighbors.port_autoneg_100baset4_hd_enabled - 100Base-T4 HD auto negotiation enabled type: keyword @@ -8573,7 +7680,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_autoneg_100basetx_fd_enabled description: lldp_neighbors.port_autoneg_100basetx_fd_enabled - 100Base-TX FD auto negotiation enabled type: keyword @@ -8581,7 +7687,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_autoneg_100basetx_hd_enabled description: lldp_neighbors.port_autoneg_100basetx_hd_enabled - 100Base-TX HD auto negotiation enabled type: keyword @@ -8589,7 +7694,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_autoneg_10baset_fd_enabled description: lldp_neighbors.port_autoneg_10baset_fd_enabled - 10Base-T FD auto negotiation enabled type: keyword @@ -8597,7 +7701,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_autoneg_10baset_hd_enabled description: lldp_neighbors.port_autoneg_10baset_hd_enabled - 10Base-T HD auto negotiation enabled type: keyword @@ -8605,7 +7708,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_autoneg_enabled description: lldp_neighbors.port_autoneg_enabled - Is auto negotiation enabled type: keyword @@ -8613,7 +7715,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_autoneg_supported description: lldp_neighbors.port_autoneg_supported - Auto negotiation supported type: keyword @@ -8621,7 +7722,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_description description: lldp_neighbors.port_description - Port description type: keyword @@ -8630,7 +7730,6 @@ - name: text type: text norms: false - default_field: false - name: port_id description: lldp_neighbors.port_id - Port ID value type: keyword @@ -8639,7 +7738,6 @@ - name: text type: text norms: false - default_field: false - name: port_id_type description: lldp_neighbors.port_id_type - Port ID type type: keyword @@ -8648,7 +7746,6 @@ - name: text type: text norms: false - default_field: false - name: port_mau_type description: lldp_neighbors.port_mau_type - MAU type type: keyword @@ -8657,7 +7754,6 @@ - name: text type: text norms: false - default_field: false - name: port_mfs description: lldp_neighbors.port_mfs - Port max frame size type: keyword @@ -8665,7 +7761,6 @@ multi_fields: - name: number type: long - default_field: false - name: port_ttl description: lldp_neighbors.port_ttl - Age of neighbor port type: keyword @@ -8673,7 +7768,6 @@ multi_fields: - name: number type: long - default_field: false - name: possibly_hidden description: wifi_networks.possibly_hidden - 1 if network is possibly a hidden network, 0 otherwise type: keyword @@ -8681,7 +7775,6 @@ multi_fields: - name: number type: long - default_field: false - name: power_8023at_enabled description: lldp_neighbors.power_8023at_enabled - Is 802.3at enabled type: keyword @@ -8689,7 +7782,6 @@ multi_fields: - name: number type: long - default_field: false - name: power_8023at_power_allocated description: lldp_neighbors.power_8023at_power_allocated - 802.3at power allocated type: keyword @@ -8698,7 +7790,6 @@ - name: text type: text norms: false - default_field: false - name: power_8023at_power_priority description: lldp_neighbors.power_8023at_power_priority - 802.3at power priority type: keyword @@ -8707,7 +7798,6 @@ - name: text type: text norms: false - default_field: false - name: power_8023at_power_requested description: lldp_neighbors.power_8023at_power_requested - 802.3at power requested type: keyword @@ -8716,7 +7806,6 @@ - name: text type: text norms: false - default_field: false - name: power_8023at_power_source description: lldp_neighbors.power_8023at_power_source - 802.3at power source type: keyword @@ -8725,7 +7814,6 @@ - name: text type: text norms: false - default_field: false - name: power_8023at_power_type description: lldp_neighbors.power_8023at_power_type - 802.3at power type type: keyword @@ -8734,7 +7822,6 @@ - name: text type: text norms: false - default_field: false - name: power_class description: lldp_neighbors.power_class - Power class type: keyword @@ -8743,7 +7830,6 @@ - name: text type: text norms: false - default_field: false - name: power_device_type description: lldp_neighbors.power_device_type - Dot3 power device type type: keyword @@ -8752,7 +7838,6 @@ - name: text type: text norms: false - default_field: false - name: power_mdi_enabled description: lldp_neighbors.power_mdi_enabled - Is MDI power enabled type: keyword @@ -8760,7 +7845,6 @@ multi_fields: - name: number type: long - default_field: false - name: power_mdi_supported description: lldp_neighbors.power_mdi_supported - MDI power supported type: keyword @@ -8768,7 +7852,6 @@ multi_fields: - name: number type: long - default_field: false - name: power_mode description: smart_drive_info.power_mode - Device power mode type: keyword @@ -8777,7 +7860,6 @@ - name: text type: text norms: false - default_field: false - name: power_paircontrol_enabled description: lldp_neighbors.power_paircontrol_enabled - Is power pair control enabled type: keyword @@ -8785,7 +7867,6 @@ multi_fields: - name: number type: long - default_field: false - name: power_pairs description: lldp_neighbors.power_pairs - Dot3 power pairs type: keyword @@ -8794,7 +7875,6 @@ - name: text type: text norms: false - default_field: false - name: ppid description: process_file_events.ppid - Parent process ID type: keyword @@ -8802,7 +7882,6 @@ multi_fields: - name: number type: long - default_field: false - name: ppvids_enabled description: lldp_neighbors.ppvids_enabled - Comma delimited list of enabled PPVIDs type: keyword @@ -8811,7 +7890,6 @@ - name: text type: text norms: false - default_field: false - name: ppvids_supported description: lldp_neighbors.ppvids_supported - Comma delimited list of supported PPVIDs type: keyword @@ -8820,7 +7898,6 @@ - name: text type: text norms: false - default_field: false - name: pre_cpu_kernelmode_usage description: docker_container_stats.pre_cpu_kernelmode_usage - Last read CPU kernel mode usage type: keyword @@ -8828,7 +7905,6 @@ multi_fields: - name: number type: long - default_field: false - name: pre_cpu_total_usage description: docker_container_stats.pre_cpu_total_usage - Last read total CPU usage type: keyword @@ -8836,7 +7912,6 @@ multi_fields: - name: number type: long - default_field: false - name: pre_cpu_usermode_usage description: docker_container_stats.pre_cpu_usermode_usage - Last read CPU user mode usage type: keyword @@ -8844,7 +7919,6 @@ multi_fields: - name: number type: long - default_field: false - name: pre_online_cpus description: docker_container_stats.pre_online_cpus - Last read online CPUs type: keyword @@ -8852,7 +7926,6 @@ multi_fields: - name: number type: long - default_field: false - name: pre_system_cpu_usage description: docker_container_stats.pre_system_cpu_usage - Last read CPU system usage type: keyword @@ -8860,7 +7933,6 @@ multi_fields: - name: number type: long - default_field: false - name: prefix description: homebrew_packages.prefix - Homebrew install prefix type: keyword @@ -8869,7 +7941,6 @@ - name: text type: text norms: false - default_field: false - name: preread description: docker_container_stats.preread - UNIX time when stats were last read type: keyword @@ -8877,7 +7948,6 @@ multi_fields: - name: number type: long - default_field: false - name: principal description: ntfs_acl_permissions.principal - User or group to which the ACE applies. type: keyword @@ -8886,7 +7956,6 @@ - name: text type: text norms: false - default_field: false - name: printer_sharing description: sharing_preferences.printer_sharing - 1 If printer sharing is enabled else 0 type: keyword @@ -8894,7 +7963,6 @@ multi_fields: - name: number type: long - default_field: false - name: priority description: deb_packages.priority - Package priority type: keyword @@ -8903,7 +7971,6 @@ - name: text type: text norms: false - default_field: false - name: privileged description: |- authorization_mechanisms.privileged - If privileged it will run as root, else as an anonymous user @@ -8914,7 +7981,6 @@ - name: text type: text norms: false - default_field: false - name: probe_error description: |- bpf_process_events.probe_error - Set to 1 if one or more buffers could not be captured @@ -8924,7 +7990,6 @@ multi_fields: - name: number type: long - default_field: false - name: process description: alf_explicit_auths.process - Process name explicitly allowed type: keyword @@ -8933,7 +7998,6 @@ - name: text type: text norms: false - default_field: false - name: process_being_tapped description: event_taps.process_being_tapped - The process ID of the target application type: keyword @@ -8941,7 +8005,6 @@ multi_fields: - name: number type: long - default_field: false - name: process_type description: launchd.process_type - Key describes the intended purpose of the job type: keyword @@ -8950,7 +8013,6 @@ - name: text type: text norms: false - default_field: false - name: process_uptime description: windows_crashes.process_uptime - Uptime of the process in seconds type: keyword @@ -8958,7 +8020,6 @@ multi_fields: - name: number type: long - default_field: false - name: processes description: lxd_instances.processes - Number of processes running inside this instance type: keyword @@ -8966,7 +8027,6 @@ multi_fields: - name: number type: long - default_field: false - name: processing_time description: cups_jobs.processing_time - How long the job took to process type: keyword @@ -8974,7 +8034,6 @@ multi_fields: - name: number type: long - default_field: false - name: processor_number description: msr.processor_number - The processor number as reported in /proc/cpuinfo type: keyword @@ -8982,7 +8041,6 @@ multi_fields: - name: number type: long - default_field: false - name: processor_type description: cpu_info.processor_type - The processor type, such as Central, Math, or Video. type: keyword @@ -8991,7 +8049,6 @@ - name: text type: text norms: false - default_field: false - name: product_name description: tpm_info.product_name - Product name of the TPM type: keyword @@ -9000,7 +8057,6 @@ - name: text type: text norms: false - default_field: false - name: product_version description: file.product_version - File product version type: keyword @@ -9009,7 +8065,6 @@ - name: text type: text norms: false - default_field: false - name: profile description: |- apparmor_events.profile - Apparmor profile name @@ -9020,7 +8075,6 @@ - name: text type: text norms: false - default_field: false - name: profile_domain description: windows_firewall_rules.profile_domain - 1 if the rule profile type is domain type: keyword @@ -9028,7 +8082,6 @@ multi_fields: - name: number type: long - default_field: false - name: profile_path description: |- chrome_extension_content_scripts.profile_path - The profile path @@ -9040,7 +8093,6 @@ - name: text type: text norms: false - default_field: false - name: profile_private description: windows_firewall_rules.profile_private - 1 if the rule profile type is private type: keyword @@ -9048,7 +8100,6 @@ multi_fields: - name: number type: long - default_field: false - name: profile_public description: windows_firewall_rules.profile_public - 1 if the rule profile type is public type: keyword @@ -9056,7 +8107,6 @@ multi_fields: - name: number type: long - default_field: false - name: program description: launchd.program - Path to target program type: keyword @@ -9065,7 +8115,6 @@ - name: text type: text norms: false - default_field: false - name: program_arguments description: launchd.program_arguments - Command line arguments passed to program type: keyword @@ -9074,7 +8123,6 @@ - name: text type: text norms: false - default_field: false - name: propagation description: docker_container_mounts.propagation - Mount propagation type: keyword @@ -9083,7 +8131,6 @@ - name: text type: text norms: false - default_field: false - name: protected description: app_schemes.protected - 1 if this handler is protected (reserved) by OS X, else 0 type: keyword @@ -9091,7 +8138,6 @@ multi_fields: - name: number type: long - default_field: false - name: protection_disabled description: carbon_black_info.protection_disabled - If the sensor is configured to report tamper events type: keyword @@ -9099,7 +8145,6 @@ multi_fields: - name: number type: long - default_field: false - name: protection_status description: bitlocker_info.protection_status - The bitlocker protection status of the drive. type: keyword @@ -9107,7 +8152,6 @@ multi_fields: - name: number type: long - default_field: false - name: protection_type description: processes.protection_type - The protection type of the process type: keyword @@ -9116,7 +8160,6 @@ - name: text type: text norms: false - default_field: false - name: protocol description: |- bpf_socket_events.protocol - The network protocol ID @@ -9137,7 +8180,6 @@ - name: text type: text norms: false - default_field: false - name: provider_guid description: |- windows_eventlog.provider_guid - Provider guid of the event @@ -9148,7 +8190,6 @@ - name: text type: text norms: false - default_field: false - name: provider_name description: |- windows_eventlog.provider_name - Provider name of the event @@ -9159,7 +8200,6 @@ - name: text type: text norms: false - default_field: false - name: pseudo description: process_memory_map.pseudo - 1 If path is a pseudo path, else 0 type: keyword @@ -9167,7 +8207,6 @@ multi_fields: - name: number type: long - default_field: false - name: psize description: elf_segments.psize - Size of segment in file type: keyword @@ -9175,7 +8214,6 @@ multi_fields: - name: number type: long - default_field: false - name: public description: lxd_images.public - Whether image is public (1) or not (0) type: keyword @@ -9183,7 +8221,6 @@ multi_fields: - name: number type: long - default_field: false - name: publisher description: |- azure_instance_metadata.publisher - Publisher of the VM image @@ -9195,7 +8232,6 @@ - name: text type: text norms: false - default_field: false - name: purgeable description: virtual_memory_info.purgeable - Total number of purgeable pages. type: keyword @@ -9203,7 +8239,6 @@ multi_fields: - name: number type: long - default_field: false - name: purged description: virtual_memory_info.purged - Total number of purged pages. type: keyword @@ -9211,7 +8246,6 @@ multi_fields: - name: number type: long - default_field: false - name: pvid description: lldp_neighbors.pvid - Primary VLAN id type: keyword @@ -9220,7 +8254,6 @@ - name: text type: text norms: false - default_field: false - name: query description: |- mdfind.query - The query that was run to find the file @@ -9232,7 +8265,6 @@ - name: text type: text norms: false - default_field: false - name: query_language description: wmi_event_filters.query_language - Query language that the query is written in. type: keyword @@ -9241,7 +8273,6 @@ - name: text type: text norms: false - default_field: false - name: queue_directories description: launchd.queue_directories - Similar to watch_paths but only with non-empty directories type: keyword @@ -9250,7 +8281,6 @@ - name: text type: text norms: false - default_field: false - name: raid_disks description: md_devices.raid_disks - Number of configured RAID disks in array type: keyword @@ -9258,7 +8288,6 @@ multi_fields: - name: number type: long - default_field: false - name: raid_level description: md_devices.raid_level - Current raid level of the array type: keyword @@ -9266,7 +8295,6 @@ multi_fields: - name: number type: long - default_field: false - name: rapl_energy_status description: msr.rapl_energy_status - Run Time Average Power Limiting energy status. type: keyword @@ -9274,7 +8302,6 @@ multi_fields: - name: number type: long - default_field: false - name: rapl_power_limit description: msr.rapl_power_limit - Run Time Average Power Limiting power limit. type: keyword @@ -9282,7 +8309,6 @@ multi_fields: - name: number type: long - default_field: false - name: rapl_power_units description: msr.rapl_power_units - Run Time Average Power Limiting power units. type: keyword @@ -9290,7 +8316,6 @@ multi_fields: - name: number type: long - default_field: false - name: reactivated description: virtual_memory_info.reactivated - Total number of reactivated pages. type: keyword @@ -9298,7 +8323,6 @@ multi_fields: - name: number type: long - default_field: false - name: read description: docker_container_stats.read - UNIX time when stats were read type: keyword @@ -9306,7 +8330,6 @@ multi_fields: - name: number type: long - default_field: false - name: read_device_identity_failure description: smart_drive_info.read_device_identity_failure - Error string for device id read, if any type: keyword @@ -9315,7 +8338,6 @@ - name: text type: text norms: false - default_field: false - name: readonly description: nfs_shares.readonly - 1 if the share is exported readonly else 0 type: keyword @@ -9323,7 +8345,6 @@ multi_fields: - name: number type: long - default_field: false - name: readonly_rootfs description: docker_containers.readonly_rootfs - Is the root filesystem mounted as read only type: keyword @@ -9331,7 +8352,6 @@ multi_fields: - name: number type: long - default_field: false - name: record_timestamp description: ntfs_journal_events.record_timestamp - Journal record timestamp type: keyword @@ -9340,7 +8360,6 @@ - name: text type: text norms: false - default_field: false - name: record_usn description: ntfs_journal_events.record_usn - The update sequence number that identifies the journal record type: keyword @@ -9349,7 +8368,6 @@ - name: text type: text norms: false - default_field: false - name: recovery_finish description: md_devices.recovery_finish - Estimated duration of recovery activity type: keyword @@ -9358,7 +8376,6 @@ - name: text type: text norms: false - default_field: false - name: recovery_progress description: md_devices.recovery_progress - Progress of the recovery activity type: keyword @@ -9367,7 +8384,6 @@ - name: text type: text norms: false - default_field: false - name: recovery_speed description: md_devices.recovery_speed - Speed of recovery activity type: keyword @@ -9376,7 +8392,6 @@ - name: text type: text norms: false - default_field: false - name: redirect_accept description: interface_ipv6.redirect_accept - Accept ICMP redirect messages type: keyword @@ -9384,7 +8399,6 @@ multi_fields: - name: number type: long - default_field: false - name: ref_pid description: asl.ref_pid - Reference PID for messages proxied by launchd type: keyword @@ -9392,7 +8406,6 @@ multi_fields: - name: number type: long - default_field: false - name: ref_proc description: asl.ref_proc - Reference process for messages proxied by launchd type: keyword @@ -9401,7 +8414,6 @@ - name: text type: text norms: false - default_field: false - name: referenced description: |- chrome_extension_content_scripts.referenced - 1 if this extension is referenced by the Preferences file of the profile @@ -9411,7 +8423,6 @@ multi_fields: - name: number type: long - default_field: false - name: referenced_identifier description: chrome_extensions.referenced_identifier - Extension identifier, as specified by the preferences file. Empty if the extension is not in the profile. type: keyword @@ -9420,7 +8431,6 @@ - name: text type: text norms: false - default_field: false - name: refreshes description: "osquery_events.refreshes - Publisher only: number of runloop restarts" type: keyword @@ -9428,7 +8438,6 @@ multi_fields: - name: number type: long - default_field: false - name: refs description: |- fbsd_kmods.refs - Module reverse dependencies @@ -9438,7 +8447,6 @@ multi_fields: - name: number type: long - default_field: false - name: region description: ec2_instance_metadata.region - AWS region in which this instance launched type: keyword @@ -9447,7 +8455,6 @@ - name: text type: text norms: false - default_field: false - name: registers description: |- crashes.registers - The value of the system registers @@ -9459,7 +8466,6 @@ - name: text type: text norms: false - default_field: false - name: registry description: osquery_registry.registry - Name of the osquery registry type: keyword @@ -9468,7 +8474,6 @@ - name: text type: text norms: false - default_field: false - name: registry_hive description: logged_in_users.registry_hive - HKEY_USERS registry hive type: keyword @@ -9477,7 +8482,6 @@ - name: text type: text norms: false - default_field: false - name: registry_path description: ie_extensions.registry_path - Extension identifier type: keyword @@ -9486,7 +8490,6 @@ - name: text type: text norms: false - default_field: false - name: relative_path description: |- shortcut_files.relative_path - Relative path to target file from lnk file. @@ -9500,7 +8503,6 @@ - name: text type: text norms: false - default_field: false - name: release description: |- apt_sources.release - Release name @@ -9512,7 +8514,6 @@ - name: text type: text norms: false - default_field: false - name: remediation_path description: windows_security_products.remediation_path - Remediation path type: keyword @@ -9521,7 +8522,6 @@ - name: text type: text norms: false - default_field: false - name: remote_address description: |- bpf_socket_events.remote_address - Remote address associated with socket @@ -9533,7 +8533,6 @@ - name: text type: text norms: false - default_field: false - name: remote_addresses description: windows_firewall_rules.remote_addresses - Remote addresses for the rule type: keyword @@ -9542,7 +8541,6 @@ - name: text type: text norms: false - default_field: false - name: remote_apple_events description: sharing_preferences.remote_apple_events - 1 If remote apple events are enabled else 0 type: keyword @@ -9550,7 +8548,6 @@ multi_fields: - name: number type: long - default_field: false - name: remote_login description: sharing_preferences.remote_login - 1 If remote login is enabled else 0 type: keyword @@ -9558,7 +8555,6 @@ multi_fields: - name: number type: long - default_field: false - name: remote_management description: sharing_preferences.remote_management - 1 If remote management is enabled else 0 type: keyword @@ -9566,7 +8562,6 @@ multi_fields: - name: number type: long - default_field: false - name: remote_port description: |- bpf_socket_events.remote_port - Remote network protocol port number @@ -9577,7 +8572,6 @@ multi_fields: - name: number type: long - default_field: false - name: remote_ports description: windows_firewall_rules.remote_ports - Remote ports for the rule type: keyword @@ -9586,7 +8580,6 @@ - name: text type: text norms: false - default_field: false - name: removable description: usb_devices.removable - 1 If USB device is removable else 0 type: keyword @@ -9594,7 +8587,6 @@ multi_fields: - name: number type: long - default_field: false - name: repository description: portage_packages.repository - From which repository the ebuild was used type: keyword @@ -9603,7 +8595,6 @@ - name: text type: text norms: false - default_field: false - name: request_id description: carves.request_id - Identifying value of the carve request (e.g., scheduled query name, distributed request, etc) type: keyword @@ -9612,7 +8603,6 @@ - name: text type: text norms: false - default_field: false - name: requested_mask description: apparmor_events.requested_mask - Requested access mask type: keyword @@ -9621,7 +8611,6 @@ - name: text type: text norms: false - default_field: false - name: requirement description: gatekeeper_approved_apps.requirement - Code signing requirement language type: keyword @@ -9630,7 +8619,6 @@ - name: text type: text norms: false - default_field: false - name: reservation_id description: ec2_instance_metadata.reservation_id - ID of the reservation type: keyword @@ -9639,7 +8627,6 @@ - name: text type: text norms: false - default_field: false - name: reshape_finish description: md_devices.reshape_finish - Estimated duration of reshape activity type: keyword @@ -9648,7 +8635,6 @@ - name: text type: text norms: false - default_field: false - name: reshape_progress description: md_devices.reshape_progress - Progress of the reshape activity type: keyword @@ -9657,7 +8643,6 @@ - name: text type: text norms: false - default_field: false - name: reshape_speed description: md_devices.reshape_speed - Speed of reshape activity type: keyword @@ -9666,7 +8651,6 @@ - name: text type: text norms: false - default_field: false - name: resident_size description: |- docker_container_processes.resident_size - Bytes of private memory used by process @@ -9676,7 +8660,6 @@ multi_fields: - name: number type: long - default_field: false - name: resource_group_name description: azure_instance_metadata.resource_group_name - Resource group for the VM type: keyword @@ -9685,7 +8668,6 @@ - name: text type: text norms: false - default_field: false - name: response_code description: curl.response_code - The HTTP status code for the response type: keyword @@ -9693,7 +8675,6 @@ multi_fields: - name: number type: long - default_field: false - name: responsible description: crashes.responsible - Process responsible for the crashed process type: keyword @@ -9702,7 +8683,6 @@ - name: text type: text norms: false - default_field: false - name: result description: |- authenticode.result - The signature check result @@ -9713,7 +8693,6 @@ - name: text type: text norms: false - default_field: false - name: resync_finish description: md_devices.resync_finish - Estimated duration of resync activity type: keyword @@ -9722,7 +8701,6 @@ - name: text type: text norms: false - default_field: false - name: resync_progress description: md_devices.resync_progress - Progress of the resync activity type: keyword @@ -9731,7 +8709,6 @@ - name: text type: text norms: false - default_field: false - name: resync_speed description: md_devices.resync_speed - Speed of resync activity type: keyword @@ -9740,7 +8717,6 @@ - name: text type: text norms: false - default_field: false - name: retain_count description: |- iokit_devicetree.retain_count - The device reference count @@ -9750,7 +8726,6 @@ multi_fields: - name: number type: long - default_field: false - name: revision description: |- deb_packages.revision - Package revision @@ -9762,7 +8737,6 @@ - name: text type: text norms: false - default_field: false - name: rid description: lldp_neighbors.rid - Neighbor chassis index type: keyword @@ -9770,7 +8744,6 @@ multi_fields: - name: number type: long - default_field: false - name: roaming description: wifi_networks.roaming - 1 if roaming is supported, 0 otherwise type: keyword @@ -9778,7 +8751,6 @@ multi_fields: - name: number type: long - default_field: false - name: roaming_profile description: wifi_networks.roaming_profile - Describe the roaming profile, usually one of Single, Dual or Multi type: keyword @@ -9787,7 +8759,6 @@ - name: text type: text norms: false - default_field: false - name: root description: processes.root - Process virtual root directory type: keyword @@ -9796,7 +8767,6 @@ - name: text type: text norms: false - default_field: false - name: root_dir description: docker_info.root_dir - Docker root directory type: keyword @@ -9805,7 +8775,6 @@ - name: text type: text norms: false - default_field: false - name: root_directory description: launchd.root_directory - Key used to specify a directory to chroot to before launch type: keyword @@ -9814,7 +8783,6 @@ - name: text type: text norms: false - default_field: false - name: root_volume_uuid description: time_machine_destinations.root_volume_uuid - Root UUID of backup volume type: keyword @@ -9823,7 +8791,6 @@ - name: text type: text norms: false - default_field: false - name: rotation_rate description: smart_drive_info.rotation_rate - Drive RPM type: keyword @@ -9832,7 +8799,6 @@ - name: text type: text norms: false - default_field: false - name: round_trip_time description: curl.round_trip_time - Time taken to complete the request type: keyword @@ -9840,7 +8806,6 @@ multi_fields: - name: number type: long - default_field: false - name: rowid description: quicklook_cache.rowid - Quicklook file rowid key type: keyword @@ -9848,7 +8813,6 @@ multi_fields: - name: number type: long - default_field: false - name: rssi description: |- wifi_status.rssi - The current received signal strength indication (dbm) @@ -9858,7 +8822,6 @@ multi_fields: - name: number type: long - default_field: false - name: rtadv_accept description: interface_ipv6.rtadv_accept - Accept ICMP Router Advertisement type: keyword @@ -9866,7 +8829,6 @@ multi_fields: - name: number type: long - default_field: false - name: rule_details description: sudoers.rule_details - Rule definition type: keyword @@ -9875,7 +8837,6 @@ - name: text type: text norms: false - default_field: false - name: run_at_load description: launchd.run_at_load - Should the program run on launch load type: keyword @@ -9884,7 +8845,6 @@ - name: text type: text norms: false - default_field: false - name: run_count description: prefetch.run_count - Number of times the application has been run. type: keyword @@ -9892,7 +8852,6 @@ multi_fields: - name: number type: long - default_field: false - name: rw description: docker_container_mounts.rw - 1 if read/write. 0 otherwise type: keyword @@ -9900,7 +8859,6 @@ multi_fields: - name: number type: long - default_field: false - name: sata_version description: smart_drive_info.sata_version - SATA version, if any type: keyword @@ -9909,7 +8867,6 @@ - name: text type: text norms: false - default_field: false - name: scheme description: app_schemes.scheme - Name of the scheme/protocol type: keyword @@ -9918,7 +8875,6 @@ - name: text type: text norms: false - default_field: false - name: scope description: selinux_settings.scope - Where the key is located inside the SELinuxFS mount point. type: keyword @@ -9927,7 +8883,6 @@ - name: text type: text norms: false - default_field: false - name: screen_sharing description: sharing_preferences.screen_sharing - 1 If screen sharing is enabled else 0 type: keyword @@ -9935,7 +8890,6 @@ multi_fields: - name: number type: long - default_field: false - name: script description: chrome_extension_content_scripts.script - The content script used by the extension type: keyword @@ -9944,7 +8898,6 @@ - name: text type: text norms: false - default_field: false - name: script_block_count description: powershell_events.script_block_count - The total number of script blocks for this script type: keyword @@ -9952,7 +8905,6 @@ multi_fields: - name: number type: long - default_field: false - name: script_block_id description: powershell_events.script_block_id - The unique GUID of the powershell script to which this block belongs type: keyword @@ -9961,7 +8913,6 @@ - name: text type: text norms: false - default_field: false - name: script_file_name description: wmi_script_event_consumers.script_file_name - Name of the file from which the script text is read, intended as an alternative to specifying the text of the script in the ScriptText property. type: keyword @@ -9970,7 +8921,6 @@ - name: text type: text norms: false - default_field: false - name: script_name description: powershell_events.script_name - The name of the Powershell script type: keyword @@ -9979,7 +8929,6 @@ - name: text type: text norms: false - default_field: false - name: script_path description: powershell_events.script_path - The path for the Powershell script type: keyword @@ -9988,7 +8937,6 @@ - name: text type: text norms: false - default_field: false - name: script_text description: |- powershell_events.script_text - The text content of the Powershell script @@ -9999,7 +8947,6 @@ - name: text type: text norms: false - default_field: false - name: scripting_engine description: wmi_script_event_consumers.scripting_engine - Name of the scripting engine to use, for example, 'VBScript'. This property cannot be NULL. type: keyword @@ -10008,7 +8955,6 @@ - name: text type: text norms: false - default_field: false - name: sdb_id description: appcompat_shims.sdb_id - Unique GUID of the SDB. type: keyword @@ -10017,7 +8963,6 @@ - name: text type: text norms: false - default_field: false - name: sdk description: |- browser_plugins.sdk - Build SDK used to compile plugin @@ -10028,7 +8973,6 @@ - name: text type: text norms: false - default_field: false - name: sdk_version description: osquery_extensions.sdk_version - osquery SDK version used to build the extension type: keyword @@ -10037,7 +8981,6 @@ - name: text type: text norms: false - default_field: false - name: seconds description: |- time.seconds - Current seconds in UTC @@ -10047,7 +8990,6 @@ multi_fields: - name: number type: long - default_field: false - name: section description: deb_packages.section - Package section type: keyword @@ -10056,7 +8998,6 @@ - name: text type: text norms: false - default_field: false - name: sector_sizes description: smart_drive_info.sector_sizes - Bytes of drive sector sizes type: keyword @@ -10065,7 +9006,6 @@ - name: text type: text norms: false - default_field: false - name: secure_boot description: secureboot.secure_boot - Whether secure boot is enabled type: keyword @@ -10073,7 +9013,6 @@ multi_fields: - name: number type: long - default_field: false - name: secure_process description: processes.secure_process - Process is secure (IUM) yes=1, no=0 type: keyword @@ -10081,7 +9020,6 @@ multi_fields: - name: number type: long - default_field: false - name: security_breach description: chassis_info.security_breach - The physical status of the chassis such as Breach Successful, Breach Attempted, etc. type: keyword @@ -10090,7 +9028,6 @@ - name: text type: text norms: false - default_field: false - name: security_groups description: ec2_instance_metadata.security_groups - Comma separated list of security group names type: keyword @@ -10099,7 +9036,6 @@ - name: text type: text norms: false - default_field: false - name: security_options description: docker_containers.security_options - List of container security options type: keyword @@ -10108,7 +9044,6 @@ - name: text type: text norms: false - default_field: false - name: security_type description: |- wifi_networks.security_type - Type of security on this network @@ -10119,7 +9054,6 @@ - name: text type: text norms: false - default_field: false - name: self_signed description: certificates.self_signed - 1 if self-signed, else 0 type: keyword @@ -10127,7 +9061,6 @@ multi_fields: - name: number type: long - default_field: false - name: sender description: asl.sender - Sender's identification string. Default is process name. type: keyword @@ -10136,7 +9069,6 @@ - name: text type: text norms: false - default_field: false - name: sensor_backend_server description: carbon_black_info.sensor_backend_server - Carbon Black server type: keyword @@ -10145,7 +9077,6 @@ - name: text type: text norms: false - default_field: false - name: sensor_id description: carbon_black_info.sensor_id - Sensor ID of the Carbon Black sensor type: keyword @@ -10153,7 +9084,6 @@ multi_fields: - name: number type: long - default_field: false - name: sensor_ip_addr description: carbon_black_info.sensor_ip_addr - IP address of the sensor type: keyword @@ -10162,7 +9092,6 @@ - name: text type: text norms: false - default_field: false - name: seq_num description: es_process_events.seq_num - Per event sequence number type: keyword @@ -10170,7 +9099,6 @@ multi_fields: - name: number type: long - default_field: false - name: serial description: |- certificates.serial - Certificate serial number @@ -10184,7 +9112,6 @@ - name: text type: text norms: false - default_field: false - name: serial_number description: |- authenticode.serial_number - The certificate serial number @@ -10198,7 +9125,6 @@ - name: text type: text norms: false - default_field: false - name: serial_port_enabled description: ycloud_instance_metadata.serial_port_enabled - Indicates if serial port is enabled for the VM type: keyword @@ -10207,7 +9133,6 @@ - name: text type: text norms: false - default_field: false - name: series description: video_info.series - The series of the gpu. type: keyword @@ -10216,7 +9141,6 @@ - name: text type: text norms: false - default_field: false - name: server_name description: |- lxd_cluster.server_name - Name of the LXD server node @@ -10227,7 +9151,6 @@ - name: text type: text norms: false - default_field: false - name: server_version description: docker_info.server_version - Server version type: keyword @@ -10236,7 +9159,6 @@ - name: text type: text norms: false - default_field: false - name: service description: |- drivers.service - Driver service name, if one exists @@ -10248,7 +9170,6 @@ - name: text type: text norms: false - default_field: false - name: service_exit_code description: services.service_exit_code - The service-specific error code that the service returns when an error occurs while the service is starting or stopping type: keyword @@ -10256,7 +9177,6 @@ multi_fields: - name: number type: long - default_field: false - name: service_key description: drivers.service_key - Driver service registry key type: keyword @@ -10265,7 +9185,6 @@ - name: text type: text norms: false - default_field: false - name: service_name description: windows_firewall_rules.service_name - Service name property of the application type: keyword @@ -10274,7 +9193,6 @@ - name: text type: text norms: false - default_field: false - name: service_type description: "services.service_type - Service Type: OWN_PROCESS, SHARE_PROCESS and maybe Interactive (can interact with the desktop)" type: keyword @@ -10283,7 +9201,6 @@ - name: text type: text norms: false - default_field: false - name: ses description: seccomp_events.ses - Session ID of the session from which the analyzed process was invoked type: keyword @@ -10291,7 +9208,6 @@ multi_fields: - name: number type: long - default_field: false - name: session_id description: |- logon_sessions.session_id - The Terminal Services session identifier. @@ -10301,7 +9217,6 @@ multi_fields: - name: number type: long - default_field: false - name: session_owner description: authorizations.session_owner - Label top-level key type: keyword @@ -10310,7 +9225,6 @@ - name: text type: text norms: false - default_field: false - name: set description: memory_devices.set - Identifies if memory device is one of a set of devices. A value of 0 indicates no set affiliation. type: keyword @@ -10318,7 +9232,6 @@ multi_fields: - name: number type: long - default_field: false - name: setup_mode description: secureboot.setup_mode - Whether setup mode is enabled type: keyword @@ -10326,7 +9239,6 @@ multi_fields: - name: number type: long - default_field: false - name: severity description: syslog_events.severity - Syslog severity type: keyword @@ -10334,7 +9246,6 @@ multi_fields: - name: number type: long - default_field: false - name: sgid description: |- docker_container_processes.sgid - Saved group ID @@ -10357,7 +9268,6 @@ - name: text type: text norms: false - default_field: false - name: sha1_fingerprint description: curl_certificate.sha1_fingerprint - SHA1 fingerprint type: keyword @@ -10366,7 +9276,6 @@ - name: text type: text norms: false - default_field: false - name: sha256 description: |- carves.sha256 - A SHA256 sum of the carved archive @@ -10380,7 +9289,6 @@ - name: text type: text norms: false - default_field: false - name: sha256_fingerprint description: curl_certificate.sha256_fingerprint - SHA-256 fingerprint type: keyword @@ -10389,7 +9297,6 @@ - name: text type: text norms: false - default_field: false - name: shard description: osquery_packs.shard - Shard restriction limit, 1-100, 0 meaning no restriction type: keyword @@ -10397,7 +9304,6 @@ multi_fields: - name: number type: long - default_field: false - name: share description: nfs_shares.share - Filesystem path to the share type: keyword @@ -10406,7 +9312,6 @@ - name: text type: text norms: false - default_field: false - name: share_name description: shortcut_files.share_name - Share name of the target file. type: keyword @@ -10415,7 +9320,6 @@ - name: text type: text norms: false - default_field: false - name: shared description: authorizations.shared - Label top-level key type: keyword @@ -10424,7 +9328,6 @@ - name: text type: text norms: false - default_field: false - name: shell description: users.shell - User's configured default shell type: keyword @@ -10433,7 +9336,6 @@ - name: text type: text norms: false - default_field: false - name: shell_only description: osquery_flags.shell_only - Is the flag shell only? type: keyword @@ -10441,7 +9343,6 @@ multi_fields: - name: number type: long - default_field: false - name: shmid description: shared_memory.shmid - Shared memory segment ID type: keyword @@ -10449,7 +9350,6 @@ multi_fields: - name: number type: long - default_field: false - name: sid description: |- background_activities_moderator.sid - User SID. @@ -10464,7 +9364,6 @@ - name: text type: text norms: false - default_field: false - name: sig description: seccomp_events.sig - Signal value sent to process by seccomp type: keyword @@ -10472,7 +9371,6 @@ multi_fields: - name: number type: long - default_field: false - name: sig_group description: yara.sig_group - Signature group used type: keyword @@ -10481,7 +9379,6 @@ - name: text type: text norms: false - default_field: false - name: sigfile description: yara.sigfile - Signature file used type: keyword @@ -10490,7 +9387,6 @@ - name: text type: text norms: false - default_field: false - name: signature description: curl_certificate.signature - Signature type: keyword @@ -10499,7 +9395,6 @@ - name: text type: text norms: false - default_field: false - name: signature_algorithm description: curl_certificate.signature_algorithm - Signature Algorithm type: keyword @@ -10508,7 +9403,6 @@ - name: text type: text norms: false - default_field: false - name: signatures_up_to_date description: windows_security_products.signatures_up_to_date - 1 if product signatures are up to date, else 0 type: keyword @@ -10516,7 +9410,6 @@ multi_fields: - name: number type: long - default_field: false - name: signed description: |- drivers.signed - Whether the driver is signed or not @@ -10526,7 +9419,6 @@ multi_fields: - name: number type: long - default_field: false - name: signing_algorithm description: certificates.signing_algorithm - Signing algorithm used type: keyword @@ -10535,7 +9427,6 @@ - name: text type: text norms: false - default_field: false - name: signing_id description: es_process_events.signing_id - Signature identifier of the process type: keyword @@ -10544,7 +9435,6 @@ - name: text type: text norms: false - default_field: false - name: sigrule description: yara.sigrule - Signature strings used type: keyword @@ -10553,7 +9443,6 @@ - name: text type: text norms: false - default_field: false - name: sigurl description: yara.sigurl - Signature url type: keyword @@ -10562,7 +9451,6 @@ - name: text type: text norms: false - default_field: false - name: size description: |- acpi_tables.size - Size of compiled table data @@ -10605,7 +9493,6 @@ multi_fields: - name: number type: long - default_field: false - name: sku description: |- azure_instance_metadata.sku - SKU for the VM image @@ -10616,7 +9503,6 @@ - name: text type: text norms: false - default_field: false - name: slot description: |- md_drives.slot - Slot position of disk @@ -10631,7 +9517,6 @@ - name: text type: text norms: false - default_field: false - name: smart_supported description: smart_drive_info.smart_supported - SMART support status type: keyword @@ -10640,7 +9525,6 @@ - name: text type: text norms: false - default_field: false - name: smbios_tag description: chassis_info.smbios_tag - The assigned asset tag number of the chassis. type: keyword @@ -10649,7 +9533,6 @@ - name: text type: text norms: false - default_field: false - name: socket description: |- listening_ports.socket - Socket handle or inode number @@ -10665,7 +9548,6 @@ - name: text type: text norms: false - default_field: false - name: soft_limit description: ulimit_info.soft_limit - Current limit value type: keyword @@ -10674,7 +9556,6 @@ - name: text type: text norms: false - default_field: false - name: softirq description: cpu_time.softirq - Time spent servicing softirqs type: keyword @@ -10682,7 +9563,6 @@ multi_fields: - name: number type: long - default_field: false - name: source description: |- apt_sources.source - Source file @@ -10703,7 +9583,6 @@ - name: text type: text norms: false - default_field: false - name: source_path description: systemd_units.source_path - Path to the (possibly generated) unit configuration file type: keyword @@ -10712,7 +9591,6 @@ - name: text type: text norms: false - default_field: false - name: source_url description: firefox_addons.source_url - URL that installed the addon type: keyword @@ -10721,7 +9599,6 @@ - name: text type: text norms: false - default_field: false - name: space_total description: lxd_storage_pools.space_total - Total available storage space in bytes for this storage pool type: keyword @@ -10729,7 +9606,6 @@ multi_fields: - name: number type: long - default_field: false - name: space_used description: lxd_storage_pools.space_used - Storage space used in bytes type: keyword @@ -10737,7 +9613,6 @@ multi_fields: - name: number type: long - default_field: false - name: spare_disks description: md_devices.spare_disks - Number of idle disks in array type: keyword @@ -10745,7 +9620,6 @@ multi_fields: - name: number type: long - default_field: false - name: spec_version description: tpm_info.spec_version - Trusted Computing Group specification that the TPM supports type: keyword @@ -10754,7 +9628,6 @@ - name: text type: text norms: false - default_field: false - name: speculative description: virtual_memory_info.speculative - Total number of speculative pages. type: keyword @@ -10762,7 +9635,6 @@ multi_fields: - name: number type: long - default_field: false - name: speed description: interface_details.speed - Estimate of the current bandwidth in bits per second. type: keyword @@ -10770,7 +9642,6 @@ multi_fields: - name: number type: long - default_field: false - name: src_ip description: iptables.src_ip - Source IP address. type: keyword @@ -10779,7 +9650,6 @@ - name: text type: text norms: false - default_field: false - name: src_mask description: iptables.src_mask - Source IP address mask. type: keyword @@ -10788,7 +9658,6 @@ - name: text type: text norms: false - default_field: false - name: src_port description: iptables.src_port - Protocol source port(s). type: keyword @@ -10797,7 +9666,6 @@ - name: text type: text norms: false - default_field: false - name: ssdeep description: hash.ssdeep - ssdeep hash of provided filesystem data type: keyword @@ -10806,7 +9674,6 @@ - name: text type: text norms: false - default_field: false - name: ssh_config_file description: ssh_configs.ssh_config_file - Path to the ssh_config file type: keyword @@ -10815,7 +9682,6 @@ - name: text type: text norms: false - default_field: false - name: ssh_public_key description: |- ec2_instance_metadata.ssh_public_key - SSH public key. Only available if supplied at instance launch time @@ -10826,7 +9692,6 @@ - name: text type: text norms: false - default_field: false - name: ssid description: |- wifi_networks.ssid - SSID octets of the network @@ -10838,7 +9703,6 @@ - name: text type: text norms: false - default_field: false - name: stack_trace description: |- crashes.stack_trace - Most recent frame from the stack trace @@ -10849,7 +9713,6 @@ - name: text type: text norms: false - default_field: false - name: start description: |- memory_map.start - Start address of memory region @@ -10860,7 +9723,6 @@ - name: text type: text norms: false - default_field: false - name: start_interval description: launchd.start_interval - Frequency to run in seconds type: keyword @@ -10869,7 +9731,6 @@ - name: text type: text norms: false - default_field: false - name: start_on_mount description: launchd.start_on_mount - Run daemon or agent every time a filesystem is mounted type: keyword @@ -10878,7 +9739,6 @@ - name: text type: text norms: false - default_field: false - name: start_time description: |- docker_container_processes.start_time - Process start in seconds since boot (non-sleeping) @@ -10889,7 +9749,6 @@ multi_fields: - name: number type: long - default_field: false - name: start_type description: "services.start_type - Service start type: BOOT_START, SYSTEM_START, AUTO_START, DEMAND_START, DISABLED" type: keyword @@ -10898,7 +9757,6 @@ - name: text type: text norms: false - default_field: false - name: started_at description: docker_containers.started_at - Container start time as string type: keyword @@ -10907,7 +9765,6 @@ - name: text type: text norms: false - default_field: false - name: starting_address description: |- memory_array_mapped_addresses.starting_address - Physical stating address, in kilobytes, of a range of memory mapped to physical memory array @@ -10918,7 +9775,6 @@ - name: text type: text norms: false - default_field: false - name: state description: |- alf_exceptions.state - Firewall exception state @@ -10944,7 +9800,6 @@ - name: text type: text norms: false - default_field: false - name: stateful description: lxd_instances.stateful - Whether the instance is stateful(1) or not(0) type: keyword @@ -10952,7 +9807,6 @@ multi_fields: - name: number type: long - default_field: false - name: statename description: windows_optional_features.statename - Installation state name. 'Enabled','Disabled','Absent' type: keyword @@ -10961,7 +9815,6 @@ - name: text type: text norms: false - default_field: false - name: status description: |- carves.status - Status of the carve, can be STARTING, PENDING, SUCCESS, or FAILED @@ -10985,7 +9838,6 @@ - name: text type: text norms: false - default_field: false - name: stderr_path description: launchd.stderr_path - Pipe stderr to a target path type: keyword @@ -10994,7 +9846,6 @@ - name: text type: text norms: false - default_field: false - name: stdout_path description: launchd.stdout_path - Pipe stdout to a target path type: keyword @@ -11003,7 +9854,6 @@ - name: text type: text norms: false - default_field: false - name: steal description: cpu_time.steal - Time spent in other operating systems when running in a virtualized environment type: keyword @@ -11011,7 +9861,6 @@ multi_fields: - name: number type: long - default_field: false - name: stealth_enabled description: alf.stealth_enabled - 1 If stealth mode is enabled else 0 type: keyword @@ -11019,7 +9868,6 @@ multi_fields: - name: number type: long - default_field: false - name: stibp_support_enabled description: kva_speculative_info.stibp_support_enabled - Windows uses STIBP. type: keyword @@ -11027,7 +9875,6 @@ multi_fields: - name: number type: long - default_field: false - name: storage_driver description: docker_info.storage_driver - Storage driver type: keyword @@ -11036,7 +9883,6 @@ - name: text type: text norms: false - default_field: false - name: store description: certificates.store - Certificate system store type: keyword @@ -11045,7 +9891,6 @@ - name: text type: text norms: false - default_field: false - name: store_id description: certificates.store_id - Exists for service/user stores. Contains raw store id provided by WinAPI. type: keyword @@ -11054,7 +9899,6 @@ - name: text type: text norms: false - default_field: false - name: store_location description: certificates.store_location - Certificate system store location type: keyword @@ -11063,7 +9907,6 @@ - name: text type: text norms: false - default_field: false - name: strings description: |- yara.strings - Matching strings @@ -11074,7 +9917,6 @@ - name: text type: text norms: false - default_field: false - name: sub_state description: systemd_units.sub_state - The low-level unit activation state, values depend on unit type type: keyword @@ -11083,7 +9925,6 @@ - name: text type: text norms: false - default_field: false - name: subclass description: usb_devices.subclass - USB Device subclass type: keyword @@ -11092,7 +9933,6 @@ - name: text type: text norms: false - default_field: false - name: subject description: certificates.subject - Certificate distinguished name type: keyword @@ -11101,7 +9941,6 @@ - name: text type: text norms: false - default_field: false - name: subject_alternative_names description: curl_certificate.subject_alternative_names - Subject Alternative Name type: keyword @@ -11110,7 +9949,6 @@ - name: text type: text norms: false - default_field: false - name: subject_info_access description: curl_certificate.subject_info_access - Subject Information Access type: keyword @@ -11119,7 +9957,6 @@ - name: text type: text norms: false - default_field: false - name: subject_key_id description: certificates.subject_key_id - SKID an optionally included SHA1 type: keyword @@ -11128,7 +9965,6 @@ - name: text type: text norms: false - default_field: false - name: subject_key_identifier description: curl_certificate.subject_key_identifier - Subject Key Identifier type: keyword @@ -11137,7 +9973,6 @@ - name: text type: text norms: false - default_field: false - name: subject_name description: authenticode.subject_name - The certificate subject name type: keyword @@ -11146,7 +9981,6 @@ - name: text type: text norms: false - default_field: false - name: subkey description: |- plist.subkey - Intermediate key path, includes lists/dicts @@ -11157,7 +9991,6 @@ - name: text type: text norms: false - default_field: false - name: subnet description: docker_networks.subnet - Network subnet type: keyword @@ -11166,7 +9999,6 @@ - name: text type: text norms: false - default_field: false - name: subscription_id description: azure_instance_metadata.subscription_id - Azure subscription for the VM type: keyword @@ -11175,7 +10007,6 @@ - name: text type: text norms: false - default_field: false - name: subscriptions description: osquery_events.subscriptions - Number of subscriptions the publisher received or subscriber used type: keyword @@ -11183,7 +10014,6 @@ multi_fields: - name: number type: long - default_field: false - name: subsystem description: system_controls.subsystem - Subsystem ID, control type type: keyword @@ -11192,7 +10022,6 @@ - name: text type: text norms: false - default_field: false - name: subsystem_model description: pci_devices.subsystem_model - Device description of PCI device subsystem type: keyword @@ -11201,7 +10030,6 @@ - name: text type: text norms: false - default_field: false - name: subsystem_model_id description: pci_devices.subsystem_model_id - Model ID of PCI device subsystem type: keyword @@ -11210,7 +10038,6 @@ - name: text type: text norms: false - default_field: false - name: subsystem_vendor description: pci_devices.subsystem_vendor - Vendor of PCI device subsystem type: keyword @@ -11219,7 +10046,6 @@ - name: text type: text norms: false - default_field: false - name: subsystem_vendor_id description: pci_devices.subsystem_vendor_id - Vendor ID of PCI device subsystem type: keyword @@ -11228,7 +10054,6 @@ - name: text type: text norms: false - default_field: false - name: success description: socket_events.success - Deprecated. Use the 'status' column instead type: keyword @@ -11236,7 +10061,6 @@ multi_fields: - name: number type: long - default_field: false - name: suid description: |- docker_container_processes.suid - Saved user ID @@ -11255,7 +10079,6 @@ - name: text type: text norms: false - default_field: false - name: superblock_state description: md_devices.superblock_state - State of the superblock type: keyword @@ -11264,7 +10087,6 @@ - name: text type: text norms: false - default_field: false - name: superblock_update_time description: md_devices.superblock_update_time - Unix timestamp of last update type: keyword @@ -11272,7 +10094,6 @@ multi_fields: - name: number type: long - default_field: false - name: superblock_version description: md_devices.superblock_version - Version of the superblock type: keyword @@ -11281,7 +10102,6 @@ - name: text type: text norms: false - default_field: false - name: swap_cached description: memory_info.swap_cached - The amount of swap, in bytes, used as cache memory type: keyword @@ -11289,7 +10109,6 @@ multi_fields: - name: number type: long - default_field: false - name: swap_free description: memory_info.swap_free - The total amount of swap free, in bytes type: keyword @@ -11297,7 +10116,6 @@ multi_fields: - name: number type: long - default_field: false - name: swap_ins description: virtual_memory_info.swap_ins - The total number of compressed pages that have been swapped out to disk. type: keyword @@ -11305,7 +10123,6 @@ multi_fields: - name: number type: long - default_field: false - name: swap_limit description: docker_info.swap_limit - 1 if swap limit support is enabled. 0 otherwise type: keyword @@ -11313,7 +10130,6 @@ multi_fields: - name: number type: long - default_field: false - name: swap_outs description: virtual_memory_info.swap_outs - The total number of compressed pages that have been swapped back in from disk. type: keyword @@ -11321,7 +10137,6 @@ multi_fields: - name: number type: long - default_field: false - name: swap_total description: memory_info.swap_total - The total amount of swap available, in bytes type: keyword @@ -11329,7 +10144,6 @@ multi_fields: - name: number type: long - default_field: false - name: symlink description: file.symlink - 1 if the path is a symlink, otherwise 0 type: keyword @@ -11337,7 +10151,6 @@ multi_fields: - name: number type: long - default_field: false - name: syscall description: |- bpf_process_events.syscall - System call name @@ -11350,7 +10163,6 @@ - name: text type: text norms: false - default_field: false - name: system description: cpu_time.system - Time spent in system mode type: keyword @@ -11358,7 +10170,6 @@ multi_fields: - name: number type: long - default_field: false - name: system_cpu_usage description: docker_container_stats.system_cpu_usage - CPU system usage type: keyword @@ -11366,7 +10177,6 @@ multi_fields: - name: number type: long - default_field: false - name: system_model description: kernel_panics.system_model - Physical system model, for example 'MacBookPro12,1 (Mac-E43C1C25D4880AD6)' type: keyword @@ -11375,7 +10185,6 @@ - name: text type: text norms: false - default_field: false - name: system_time description: |- osquery_schedule.system_time - Total system time in milliseconds spent executing @@ -11385,7 +10194,6 @@ multi_fields: - name: number type: long - default_field: false - name: table description: elf_symbols.table - Table name containing symbol type: keyword @@ -11394,7 +10202,6 @@ - name: text type: text norms: false - default_field: false - name: tag description: |- elf_dynamic.tag - Tag ID @@ -11413,7 +10220,6 @@ - name: text type: text norms: false - default_field: false - name: tapping_process description: event_taps.tapping_process - The process ID of the application that created the event tap. type: keyword @@ -11421,7 +10227,6 @@ multi_fields: - name: number type: long - default_field: false - name: target description: |- fan_speed_sensors.target - Target speed @@ -11435,7 +10240,6 @@ multi_fields: - name: number type: long - default_field: false - name: target_created description: shortcut_files.target_created - Target Created time. type: keyword @@ -11443,7 +10247,6 @@ multi_fields: - name: number type: long - default_field: false - name: target_modified description: shortcut_files.target_modified - Target Modified time. type: keyword @@ -11451,7 +10254,6 @@ multi_fields: - name: number type: long - default_field: false - name: target_name description: prometheus_metrics.target_name - Address of prometheus target type: keyword @@ -11460,7 +10262,6 @@ - name: text type: text norms: false - default_field: false - name: target_path description: |- file_events.target_path - The path associated with the event @@ -11472,7 +10273,6 @@ - name: text type: text norms: false - default_field: false - name: target_size description: shortcut_files.target_size - Size of target file. type: keyword @@ -11480,7 +10280,6 @@ multi_fields: - name: number type: long - default_field: false - name: task description: |- windows_eventlog.task - Task value associated with the event @@ -11490,7 +10289,6 @@ multi_fields: - name: number type: long - default_field: false - name: team description: system_extensions.team - Signing team ID type: keyword @@ -11499,7 +10297,6 @@ - name: text type: text norms: false - default_field: false - name: team_id description: es_process_events.team_id - Team identifier of thd process type: keyword @@ -11508,7 +10305,6 @@ - name: text type: text norms: false - default_field: false - name: team_identifier description: signature.team_identifier - The team signing identifier sealed into the signature type: keyword @@ -11517,7 +10313,6 @@ - name: text type: text norms: false - default_field: false - name: temporarily_disabled description: wifi_networks.temporarily_disabled - 1 if this network is temporarily disabled, 0 otherwise type: keyword @@ -11525,7 +10320,6 @@ multi_fields: - name: number type: long - default_field: false - name: terminal description: user_events.terminal - The network protocol ID type: keyword @@ -11534,7 +10328,6 @@ - name: text type: text norms: false - default_field: false - name: threads description: |- docker_container_processes.threads - Number of threads used by process @@ -11544,7 +10337,6 @@ multi_fields: - name: number type: long - default_field: false - name: throttled description: virtual_memory_info.throttled - Total number of throttled pages. type: keyword @@ -11552,7 +10344,6 @@ multi_fields: - name: number type: long - default_field: false - name: tid description: |- bpf_process_events.tid - Thread ID @@ -11564,7 +10355,6 @@ multi_fields: - name: number type: long - default_field: false - name: time description: |- apparmor_events.time - Time of execution in UNIX time @@ -11604,7 +10394,6 @@ multi_fields: - name: number type: long - default_field: false - name: time_range description: windows_eventlog.time_range - System time to selectively filter the events type: keyword @@ -11613,7 +10402,6 @@ - name: text type: text norms: false - default_field: false - name: timeout description: |- authorizations.timeout - Label top-level key @@ -11624,7 +10412,6 @@ - name: text type: text norms: false - default_field: false - name: timestamp description: |- time.timestamp - Current timestamp (log format) in UTC @@ -11635,7 +10422,6 @@ - name: text type: text norms: false - default_field: false - name: timestamp_ms description: prometheus_metrics.timestamp_ms - Unix timestamp of collected data in MS type: keyword @@ -11643,7 +10429,6 @@ multi_fields: - name: number type: long - default_field: false - name: timezone description: time.timezone - Timezone for reported time (hardcoded to UTC) type: keyword @@ -11652,7 +10437,6 @@ - name: text type: text norms: false - default_field: false - name: title description: cups_jobs.title - Title of the printed job type: keyword @@ -11661,7 +10445,6 @@ - name: text type: text norms: false - default_field: false - name: total_seconds description: uptime.total_seconds - Total uptime seconds type: keyword @@ -11669,7 +10452,6 @@ multi_fields: - name: number type: long - default_field: false - name: total_size description: |- docker_container_processes.total_size - Total virtual memory size @@ -11679,7 +10461,6 @@ multi_fields: - name: number type: long - default_field: false - name: total_width description: memory_devices.total_width - Total width, in bits, of this memory device, including any check or error-correction bits type: keyword @@ -11687,7 +10468,6 @@ multi_fields: - name: number type: long - default_field: false - name: transaction_id description: |- file_events.transaction_id - ID used during bulk update @@ -11697,7 +10477,6 @@ multi_fields: - name: number type: long - default_field: false - name: transmit_rate description: wifi_status.transmit_rate - The current transmit rate type: keyword @@ -11706,7 +10485,6 @@ - name: text type: text norms: false - default_field: false - name: transport_type description: smart_drive_info.transport_type - Drive transport type type: keyword @@ -11715,7 +10493,6 @@ - name: text type: text norms: false - default_field: false - name: tries description: authorizations.tries - Label top-level key type: keyword @@ -11724,7 +10501,6 @@ - name: text type: text norms: false - default_field: false - name: tty description: |- last.tty - Entry terminal @@ -11735,7 +10511,6 @@ - name: text type: text norms: false - default_field: false - name: turbo_disabled description: msr.turbo_disabled - Whether the turbo feature is disabled. type: keyword @@ -11743,7 +10518,6 @@ multi_fields: - name: number type: long - default_field: false - name: turbo_ratio_limit description: msr.turbo_ratio_limit - The turbo feature ratio limit. type: keyword @@ -11751,7 +10525,6 @@ multi_fields: - name: number type: long - default_field: false - name: type description: "apparmor_events.type - Event type\nappcompat_shims.type - Type of the SDB database.\nblock_devices.type - Block device type string\nbpf_socket_events.type - The socket type\ncrashes.type - Type of crash log\ndevice_file.type - File status\ndevice_firmware.type - Type of device\ndevice_partitions.type - \ndisk_encryption.type - Description of cipher type and mode if available\ndisk_info.type - The interface type of the disk.\ndns_cache.type - DNS record type\ndns_resolvers.type - Address type: sortlist, nameserver, search\ndocker_container_mounts.type - Type of mount (bind, volume)\ndocker_container_ports.type - Protocol (tcp, udp)\ndocker_volumes.type - Volume type\nelf_info.type - Offset of section in file\nelf_sections.type - Section type\nelf_symbols.type - Symbol type\nfile.type - File status\nfirefox_addons.type - Extension, addon, webapp\nhardware_events.type - Type of hardware and hardware event\ninterface_addresses.type - Type of address. One of dhcp, manual, auto, other, unknown\ninterface_details.type - Interface type (includes virtual)\nkeychain_items.type - Keychain item type (class)\nlast.type - Entry type, according to ut_type types (utmp.h)\nlogged_in_users.type - Login type\nlogical_drives.type - Deprecated (always 'Unknown').\nlxd_certificates.type - Type of the certificate\nlxd_networks.type - Type of network\nmounts.type - Mounted device type\nntfs_acl_permissions.type - Type of access mode for the access control entry.\nnvram.type - Data type (CFData, CFString, etc)\nosquery_events.type - Either publisher or subscriber\nosquery_extensions.type - SDK extension type: extension or module\nosquery_flags.type - Flag type\nprocess_open_pipes.type - Pipe Type: named vs unnamed/anonymous\nregistry.type - Type of the registry value, or 'subkey' if item is a subkey\nroutes.type - Type of route\nselinux_events.type - Event type\nshared_resources.type - Type of resource being shared. Types include: disk drives, print queues, interprocess communications (IPC), and general devices.\nsmbios_tables.type - Table entry type\nsmc_keys.type - SMC-reported type literal type\nstartup_items.type - Startup Item or Login Item\nsystem_controls.type - Data type\nulimit_info.type - System resource to be limited\nuser_events.type - The file description for the process socket\nusers.type - Whether the account is roaming (domain), local, or a system profile\nwindows_crashes.type - Type of crash log\nwindows_security_products.type - Type of security product\nxprotect_meta.type - Either plugin or extension" type: keyword @@ -11760,7 +10533,6 @@ - name: text type: text norms: false - default_field: false - name: type_name description: last.type_name - Entry type name, according to ut_type types (utmp.h) type: keyword @@ -11769,7 +10541,6 @@ - name: text type: text norms: false - default_field: false - name: uid description: |- account_policy_data.uid - User ID @@ -11812,7 +10583,6 @@ multi_fields: - name: number type: long - default_field: false - name: umci_policy_status description: hvci_status.umci_policy_status - The status of the User Mode Code Integrity security settings. Returns UNKNOWN if an error is encountered. type: keyword @@ -11821,7 +10591,6 @@ - name: text type: text norms: false - default_field: false - name: uncompressed description: virtual_memory_info.uncompressed - Total number of uncompressed pages. type: keyword @@ -11829,7 +10598,6 @@ multi_fields: - name: number type: long - default_field: false - name: uninstall_string description: programs.uninstall_string - Path and filename of the uninstaller. type: keyword @@ -11838,7 +10606,6 @@ - name: text type: text norms: false - default_field: false - name: unique_chip_id description: ibridge_info.unique_chip_id - Unique id of the iBridge controller type: keyword @@ -11847,7 +10614,6 @@ - name: text type: text norms: false - default_field: false - name: unix_time description: time.unix_time - Current UNIX time in UTC type: keyword @@ -11855,7 +10621,6 @@ multi_fields: - name: number type: long - default_field: false - name: unmask description: portage_keywords.unmask - If the package is unmasked type: keyword @@ -11863,7 +10628,6 @@ multi_fields: - name: number type: long - default_field: false - name: unused_devices description: md_devices.unused_devices - Unused devices type: keyword @@ -11872,7 +10636,6 @@ - name: text type: text norms: false - default_field: false - name: update_source_alias description: lxd_images.update_source_alias - Alias of image at update source server type: keyword @@ -11881,7 +10644,6 @@ - name: text type: text norms: false - default_field: false - name: update_source_certificate description: lxd_images.update_source_certificate - Certificate for update source server type: keyword @@ -11890,7 +10652,6 @@ - name: text type: text norms: false - default_field: false - name: update_source_protocol description: lxd_images.update_source_protocol - Protocol used for image information update and image import from source server type: keyword @@ -11899,7 +10660,6 @@ - name: text type: text norms: false - default_field: false - name: update_source_server description: lxd_images.update_source_server - Server for image update type: keyword @@ -11908,7 +10668,6 @@ - name: text type: text norms: false - default_field: false - name: update_url description: |- chrome_extensions.update_url - Extension-supplied update URI @@ -11919,7 +10678,6 @@ - name: text type: text norms: false - default_field: false - name: upid description: processes.upid - A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system. type: keyword @@ -11927,7 +10685,6 @@ multi_fields: - name: number type: long - default_field: false - name: uploaded_at description: lxd_images.uploaded_at - ISO time of image upload type: keyword @@ -11936,7 +10693,6 @@ - name: text type: text norms: false - default_field: false - name: upn description: logon_sessions.upn - The user principal name (UPN) for the owner of the logon session. type: keyword @@ -11945,7 +10701,6 @@ - name: text type: text norms: false - default_field: false - name: uppid description: processes.uppid - The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system. type: keyword @@ -11953,7 +10708,6 @@ multi_fields: - name: number type: long - default_field: false - name: uptime description: |- apparmor_events.uptime - Time of execution in system uptime @@ -11969,7 +10723,6 @@ multi_fields: - name: number type: long - default_field: false - name: url description: |- curl.url - The url for the request @@ -11980,7 +10733,6 @@ - name: text type: text norms: false - default_field: false - name: usb_address description: usb_devices.usb_address - USB Device used address type: keyword @@ -11988,7 +10740,6 @@ multi_fields: - name: number type: long - default_field: false - name: usb_port description: usb_devices.usb_port - USB Device used port type: keyword @@ -11996,7 +10747,6 @@ multi_fields: - name: number type: long - default_field: false - name: use description: |- memory_arrays.use - Function for which the array is used @@ -12007,7 +10757,6 @@ - name: text type: text norms: false - default_field: false - name: used_by description: |- kernel_modules.used_by - Module reverse dependencies @@ -12018,7 +10767,6 @@ - name: text type: text norms: false - default_field: false - name: user description: |- cpu_time.user - Time spent in user mode @@ -12038,7 +10786,6 @@ - name: text type: text norms: false - default_field: false - name: user_account_control description: windows_security_center.user_account_control - The health of the User Account Control (UAC) capability in Windows type: keyword @@ -12047,7 +10794,6 @@ - name: text type: text norms: false - default_field: false - name: user_action description: xprotect_reports.user_action - Action taken by user after prompted type: keyword @@ -12056,7 +10802,6 @@ - name: text type: text norms: false - default_field: false - name: user_agent description: curl.user_agent - The user-agent string to use for the request type: keyword @@ -12065,7 +10810,6 @@ - name: text type: text norms: false - default_field: false - name: user_capacity description: smart_drive_info.user_capacity - Bytes of drive capacity type: keyword @@ -12074,7 +10818,6 @@ - name: text type: text norms: false - default_field: false - name: user_namespace description: |- docker_containers.user_namespace - User namespace @@ -12085,7 +10828,6 @@ - name: text type: text norms: false - default_field: false - name: user_time description: |- osquery_schedule.user_time - Total user time in milliseconds spent executing @@ -12095,7 +10837,6 @@ multi_fields: - name: number type: long - default_field: false - name: user_uuid description: disk_encryption.user_uuid - UUID of authenticated user if available type: keyword @@ -12104,7 +10845,6 @@ - name: text type: text norms: false - default_field: false - name: username description: |- certificates.username - Username @@ -12125,7 +10865,6 @@ - name: text type: text norms: false - default_field: false - name: uses_pattern description: xprotect_entries.uses_pattern - Uses a match pattern instead of identity type: keyword @@ -12133,7 +10872,6 @@ multi_fields: - name: number type: long - default_field: false - name: uts_namespace description: |- docker_containers.uts_namespace - UTS namespace @@ -12144,7 +10882,6 @@ - name: text type: text norms: false - default_field: false - name: uuid description: |- block_devices.uuid - Block device Universally Unique Identifier @@ -12161,7 +10898,6 @@ - name: text type: text norms: false - default_field: false - name: vaddr description: |- elf_sections.vaddr - Section virtual address in memory @@ -12171,7 +10907,6 @@ multi_fields: - name: number type: long - default_field: false - name: valid_from description: curl_certificate.valid_from - Period of validity start date type: keyword @@ -12180,7 +10915,6 @@ - name: text type: text norms: false - default_field: false - name: valid_to description: curl_certificate.valid_to - Period of validity end date type: keyword @@ -12189,7 +10923,6 @@ - name: text type: text norms: false - default_field: false - name: value description: |- ad_config.value - Variable typed option value @@ -12226,7 +10959,6 @@ - name: text type: text norms: false - default_field: false - name: valuetype description: mdls.valuetype - CoreFoundation type of data stored in value type: keyword @@ -12235,7 +10967,6 @@ - name: text type: text norms: false - default_field: false - name: variable description: default_environment.variable - Name of the environment variable type: keyword @@ -12244,7 +10975,6 @@ - name: text type: text norms: false - default_field: false - name: vbs_status description: hvci_status.vbs_status - The status of the virtualization based security settings. Returns UNKNOWN if an error is encountered. type: keyword @@ -12253,7 +10983,6 @@ - name: text type: text norms: false - default_field: false - name: vendor description: |- block_devices.vendor - Block device vendor string @@ -12269,7 +10998,6 @@ - name: text type: text norms: false - default_field: false - name: vendor_id description: |- hardware_events.vendor_id - Hex encoded Hardware vendor identifier @@ -12281,7 +11009,6 @@ - name: text type: text norms: false - default_field: false - name: vendor_syndrome description: memory_error_info.vendor_syndrome - Vendor specific ECC syndrome or CRC data associated with the erroneous access type: keyword @@ -12290,7 +11017,6 @@ - name: text type: text norms: false - default_field: false - name: version description: |- alf.version - Application Layer Firewall version @@ -12345,7 +11071,6 @@ - name: text type: text norms: false - default_field: false - name: video_mode description: video_info.video_mode - The current resolution of the display. type: keyword @@ -12354,7 +11079,6 @@ - name: text type: text norms: false - default_field: false - name: virtual_process description: processes.virtual_process - Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0 type: keyword @@ -12362,7 +11086,6 @@ multi_fields: - name: number type: long - default_field: false - name: visible description: firefox_addons.visible - 1 If the addon is shown in browser else 0 type: keyword @@ -12370,7 +11093,6 @@ multi_fields: - name: number type: long - default_field: false - name: visible_alarm description: chassis_info.visible_alarm - If TRUE, the frame is equipped with a visual alarm. type: keyword @@ -12379,7 +11101,6 @@ - name: text type: text norms: false - default_field: false - name: vlans description: lldp_neighbors.vlans - Comma delimited list of vlan ids type: keyword @@ -12388,7 +11109,6 @@ - name: text type: text norms: false - default_field: false - name: vm_id description: |- azure_instance_metadata.vm_id - Unique identifier for the VM @@ -12399,7 +11119,6 @@ - name: text type: text norms: false - default_field: false - name: vm_scale_set_name description: azure_instance_metadata.vm_scale_set_name - VM scale set name type: keyword @@ -12408,7 +11127,6 @@ - name: text type: text norms: false - default_field: false - name: vm_size description: azure_instance_metadata.vm_size - VM size type: keyword @@ -12417,7 +11135,6 @@ - name: text type: text norms: false - default_field: false - name: voltage description: battery.voltage - The battery's current voltage in mV type: keyword @@ -12425,7 +11142,6 @@ multi_fields: - name: number type: long - default_field: false - name: volume_creation description: prefetch.volume_creation - Volume creation time. type: keyword @@ -12434,7 +11150,6 @@ - name: text type: text norms: false - default_field: false - name: volume_id description: quicklook_cache.volume_id - Parsed volume ID from fs_id type: keyword @@ -12442,7 +11157,6 @@ multi_fields: - name: number type: long - default_field: false - name: volume_serial description: |- file.volume_serial - Volume serial number @@ -12454,7 +11168,6 @@ - name: text type: text norms: false - default_field: false - name: volume_size description: platform_info.volume_size - (Optional) size of firmware volume type: keyword @@ -12462,7 +11175,6 @@ multi_fields: - name: number type: long - default_field: false - name: wall_time description: osquery_schedule.wall_time - Total wall time in seconds spent executing (deprecated), hidden=True type: keyword @@ -12470,7 +11182,6 @@ multi_fields: - name: number type: long - default_field: false - name: wall_time_ms description: osquery_schedule.wall_time_ms - Total wall time in milliseconds spent executing type: keyword @@ -12478,7 +11189,6 @@ multi_fields: - name: number type: long - default_field: false - name: warning description: shadow.warning - Number of days before password expires to warn user about it type: keyword @@ -12486,7 +11196,6 @@ multi_fields: - name: number type: long - default_field: false - name: warnings description: smart_drive_info.warnings - Warning messages from SMART controller type: keyword @@ -12495,7 +11204,6 @@ - name: text type: text norms: false - default_field: false - name: watch_paths description: launchd.watch_paths - Key that launches daemon or agent if path is modified type: keyword @@ -12504,7 +11212,6 @@ - name: text type: text norms: false - default_field: false - name: watcher description: osquery_info.watcher - Process (or thread/handle) ID of optional watcher process type: keyword @@ -12512,7 +11219,6 @@ multi_fields: - name: number type: long - default_field: false - name: weekday description: time.weekday - Current weekday in UTC type: keyword @@ -12521,7 +11227,6 @@ - name: text type: text norms: false - default_field: false - name: win32_exit_code description: services.win32_exit_code - The error code that the service uses to report an error that occurs when it is starting or stopping type: keyword @@ -12529,7 +11234,6 @@ multi_fields: - name: number type: long - default_field: false - name: win_timestamp description: time.win_timestamp - Timestamp value in 100 nanosecond units type: keyword @@ -12537,7 +11241,6 @@ multi_fields: - name: number type: long - default_field: false - name: windows_security_center_service description: windows_security_center.windows_security_center_service - The health of the Windows Security Center Service type: keyword @@ -12546,7 +11249,6 @@ - name: text type: text norms: false - default_field: false - name: wired description: virtual_memory_info.wired - Total number of wired down pages. type: keyword @@ -12554,7 +11256,6 @@ multi_fields: - name: number type: long - default_field: false - name: wired_size description: |- docker_container_processes.wired_size - Bytes of unpageable memory used by process @@ -12564,7 +11265,6 @@ multi_fields: - name: number type: long - default_field: false - name: working_directory description: launchd.working_directory - Key used to specify a directory to chdir to before launch type: keyword @@ -12573,7 +11273,6 @@ - name: text type: text norms: false - default_field: false - name: working_disks description: md_devices.working_disks - Number of working disks in array type: keyword @@ -12581,7 +11280,6 @@ multi_fields: - name: number type: long - default_field: false - name: working_path description: shortcut_files.working_path - Target file directory. type: keyword @@ -12590,7 +11288,6 @@ - name: text type: text norms: false - default_field: false - name: world description: portage_packages.world - If package is in the world file type: keyword @@ -12598,7 +11295,6 @@ multi_fields: - name: number type: long - default_field: false - name: writable description: disk_events.writable - 1 if writable, 0 if not type: keyword @@ -12606,7 +11302,6 @@ multi_fields: - name: number type: long - default_field: false - name: xpath description: windows_eventlog.xpath - The custom query to filter events type: keyword @@ -12615,7 +11310,6 @@ - name: text type: text norms: false - default_field: false - name: year description: time.year - Current year in UTC type: keyword @@ -12623,7 +11317,6 @@ multi_fields: - name: number type: long - default_field: false - name: zero_fill description: virtual_memory_info.zero_fill - Total number of zero filled pages. type: keyword @@ -12631,7 +11324,6 @@ multi_fields: - name: number type: long - default_field: false - name: zone description: |- azure_instance_metadata.zone - Availability zone of the VM @@ -12642,4 +11334,3 @@ - name: text type: text norms: false - default_field: false diff --git a/packages/osquery_manager/manifest.yml b/packages/osquery_manager/manifest.yml index c8c99eddd68..64fe36a950c 100755 --- a/packages/osquery_manager/manifest.yml +++ b/packages/osquery_manager/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: osquery_manager title: Osquery Manager -version: 1.2.1 +version: "1.2.2" license: basic description: Deploy osquery with Elastic Agent, then run and schedule queries in Kibana type: integration diff --git a/packages/panw/changelog.yml b/packages/panw/changelog.yml index fcd98b7a4a5..a98cf69d7a1 100644 --- a/packages/panw/changelog.yml +++ b/packages/panw/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.6.0" changes: - description: Update to ECS 8.2 diff --git a/packages/panw/data_stream/panos/fields/agent.yml b/packages/panw/data_stream/panos/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/panw/data_stream/panos/fields/agent.yml +++ b/packages/panw/data_stream/panos/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/panw/data_stream/panos/fields/ecs.yml b/packages/panw/data_stream/panos/fields/ecs.yml index bf4cc4f094d..5972ec45208 100644 --- a/packages/panw/data_stream/panos/fields/ecs.yml +++ b/packages/panw/data_stream/panos/fields/ecs.yml @@ -31,7 +31,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -165,7 +164,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/panw/manifest.yml b/packages/panw/manifest.yml index b8441a8f6e9..2ffed101994 100644 --- a/packages/panw/manifest.yml +++ b/packages/panw/manifest.yml @@ -1,6 +1,6 @@ name: panw title: Palo Alto Networks Logs -version: 1.6.0 +version: "1.6.1" release: ga description: Collect PAN-OS firewall monitoring logs from Palo Alto Networks devices with Elastic Agent. type: integration diff --git a/packages/panw_cortex_xdr/changelog.yml b/packages/panw_cortex_xdr/changelog.yml index 8c70991118a..0670e99281c 100644 --- a/packages/panw_cortex_xdr/changelog.yml +++ b/packages/panw_cortex_xdr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.2.0" changes: - description: Update to ECS 8.2 to use new email field set. diff --git a/packages/panw_cortex_xdr/data_stream/alerts/fields/agent.yml b/packages/panw_cortex_xdr/data_stream/alerts/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/fields/agent.yml +++ b/packages/panw_cortex_xdr/data_stream/alerts/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/panw_cortex_xdr/data_stream/alerts/fields/ecs.yml b/packages/panw_cortex_xdr/data_stream/alerts/fields/ecs.yml index e303f5b2082..58e5be8c11b 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/fields/ecs.yml +++ b/packages/panw_cortex_xdr/data_stream/alerts/fields/ecs.yml @@ -64,7 +64,6 @@ external: ecs - name: destination.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: source.ip external: ecs @@ -82,7 +81,6 @@ external: ecs - name: source.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: process.hash.sha256 external: ecs diff --git a/packages/panw_cortex_xdr/manifest.yml b/packages/panw_cortex_xdr/manifest.yml index 9bf158448b7..be0531ad171 100644 --- a/packages/panw_cortex_xdr/manifest.yml +++ b/packages/panw_cortex_xdr/manifest.yml @@ -1,6 +1,6 @@ name: panw_cortex_xdr title: Palo Alto Cortex XDR Logs -version: 1.2.0 +version: "1.2.1" release: ga description: Collect and parse logs from Palo Alto Cortex XDR API with Elastic Agent. type: integration diff --git a/packages/pfsense/changelog.yml b/packages/pfsense/changelog.yml index cef3558998f..a572da09ab4 100644 --- a/packages/pfsense/changelog.yml +++ b/packages/pfsense/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.0.0" changes: - description: Add OPNsense support. Add PHP-FPM log parsing. diff --git a/packages/pfsense/data_stream/log/fields/agent.yml b/packages/pfsense/data_stream/log/fields/agent.yml index c961daeee16..a6cd68be0bc 100644 --- a/packages/pfsense/data_stream/log/fields/agent.yml +++ b/packages/pfsense/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/pfsense/data_stream/log/fields/ecs.yml b/packages/pfsense/data_stream/log/fields/ecs.yml index 51773f7009e..bc003c16bd7 100644 --- a/packages/pfsense/data_stream/log/fields/ecs.yml +++ b/packages/pfsense/data_stream/log/fields/ecs.yml @@ -21,7 +21,6 @@ external: ecs - name: client.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: client.geo.region_name external: ecs @@ -51,7 +50,6 @@ external: ecs - name: destination.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: destination.geo.name external: ecs @@ -119,7 +117,6 @@ external: ecs - name: source.geo.location description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' type: geo_point - name: source.geo.name external: ecs diff --git a/packages/pfsense/manifest.yml b/packages/pfsense/manifest.yml index 9e4c591c7f9..69b14b9e330 100644 --- a/packages/pfsense/manifest.yml +++ b/packages/pfsense/manifest.yml @@ -1,6 +1,6 @@ name: pfsense title: pfSense Logs -version: 1.0.0 +version: "1.0.1" release: ga description: Collect and parse logs from pfSense and OPNsense devices with Elastic Agent. type: integration diff --git a/packages/postgresql/changelog.yml b/packages/postgresql/changelog.yml index e9957f04f54..fb2a14541b2 100644 --- a/packages/postgresql/changelog.yml +++ b/packages/postgresql/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.1" changes: - description: Add documentation for multi-fields diff --git a/packages/postgresql/data_stream/activity/fields/agent.yml b/packages/postgresql/data_stream/activity/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/postgresql/data_stream/activity/fields/agent.yml +++ b/packages/postgresql/data_stream/activity/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/postgresql/data_stream/bgwriter/fields/agent.yml b/packages/postgresql/data_stream/bgwriter/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/postgresql/data_stream/bgwriter/fields/agent.yml +++ b/packages/postgresql/data_stream/bgwriter/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/postgresql/data_stream/database/fields/agent.yml b/packages/postgresql/data_stream/database/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/postgresql/data_stream/database/fields/agent.yml +++ b/packages/postgresql/data_stream/database/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/postgresql/data_stream/log/fields/agent.yml b/packages/postgresql/data_stream/log/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/postgresql/data_stream/log/fields/agent.yml +++ b/packages/postgresql/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/postgresql/data_stream/statement/fields/agent.yml b/packages/postgresql/data_stream/statement/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/postgresql/data_stream/statement/fields/agent.yml +++ b/packages/postgresql/data_stream/statement/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/postgresql/manifest.yml b/packages/postgresql/manifest.yml index 45048246a15..04a9c8a3415 100644 --- a/packages/postgresql/manifest.yml +++ b/packages/postgresql/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: postgresql title: PostgreSQL -version: 1.3.1 +version: "1.3.2" license: basic description: Collect logs and metrics from PostgreSQL servers with Elastic Agent. type: integration diff --git a/packages/prometheus/changelog.yml b/packages/prometheus/changelog.yml index bc5ce2fa7a9..8799cb90b1e 100644 --- a/packages/prometheus/changelog.yml +++ b/packages/prometheus/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.9.1" changes: - description: Add documentation for multi-fields diff --git a/packages/prometheus/data_stream/collector/fields/agent.yml b/packages/prometheus/data_stream/collector/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/prometheus/data_stream/collector/fields/agent.yml +++ b/packages/prometheus/data_stream/collector/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/prometheus/data_stream/query/fields/agent.yml b/packages/prometheus/data_stream/query/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/prometheus/data_stream/query/fields/agent.yml +++ b/packages/prometheus/data_stream/query/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/prometheus/data_stream/remote_write/fields/agent.yml b/packages/prometheus/data_stream/remote_write/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/prometheus/data_stream/remote_write/fields/agent.yml +++ b/packages/prometheus/data_stream/remote_write/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/prometheus/manifest.yml b/packages/prometheus/manifest.yml index a46b051c9b3..93b903ea4ce 100644 --- a/packages/prometheus/manifest.yml +++ b/packages/prometheus/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: prometheus title: Prometheus Metrics -version: 0.9.1 +version: "0.9.2" license: basic description: Collect metrics from Prometheus servers with Elastic Agent. type: integration diff --git a/packages/proofpoint/changelog.yml b/packages/proofpoint/changelog.yml index 190acf9f69b..038272a4c0f 100644 --- a/packages/proofpoint/changelog.yml +++ b/packages/proofpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.7.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.7.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/proofpoint/data_stream/emailsecurity/fields/base-fields.yml b/packages/proofpoint/data_stream/emailsecurity/fields/base-fields.yml index a8d761fd165..04e4d6ef92c 100644 --- a/packages/proofpoint/data_stream/emailsecurity/fields/base-fields.yml +++ b/packages/proofpoint/data_stream/emailsecurity/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/proofpoint/data_stream/emailsecurity/fields/ecs.yml b/packages/proofpoint/data_stream/emailsecurity/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/proofpoint/data_stream/emailsecurity/fields/ecs.yml +++ b/packages/proofpoint/data_stream/emailsecurity/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/proofpoint/manifest.yml b/packages/proofpoint/manifest.yml index 48391488a56..4fd53b95351 100644 --- a/packages/proofpoint/manifest.yml +++ b/packages/proofpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: proofpoint title: Proofpoint Email Security Logs -version: 0.7.0 +version: "0.7.1" description: Collect logs from Proofpoint Email Security devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/pulse_connect_secure/changelog.yml b/packages/pulse_connect_secure/changelog.yml index 5f7a43a2ef8..9ef95c57e61 100644 --- a/packages/pulse_connect_secure/changelog.yml +++ b/packages/pulse_connect_secure/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.3.0" changes: - description: Update to ECS 8.2 diff --git a/packages/pulse_connect_secure/data_stream/log/fields/agent.yml b/packages/pulse_connect_secure/data_stream/log/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/pulse_connect_secure/data_stream/log/fields/agent.yml +++ b/packages/pulse_connect_secure/data_stream/log/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/pulse_connect_secure/data_stream/log/fields/ecs.yml b/packages/pulse_connect_secure/data_stream/log/fields/ecs.yml index cd455914c85..a6555680429 100644 --- a/packages/pulse_connect_secure/data_stream/log/fields/ecs.yml +++ b/packages/pulse_connect_secure/data_stream/log/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: client.geo.country_name - description: Longitude and latitude. - level: core name: client.geo.location type: geo_point - external: ecs @@ -43,7 +42,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs @@ -95,7 +93,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/pulse_connect_secure/manifest.yml b/packages/pulse_connect_secure/manifest.yml index d7e17200b55..a2103b63ad2 100644 --- a/packages/pulse_connect_secure/manifest.yml +++ b/packages/pulse_connect_secure/manifest.yml @@ -1,6 +1,6 @@ name: pulse_connect_secure title: Pulse Connect Secure -version: 0.3.0 +version: "0.3.1" release: experimental description: Collect logs from Pulse Connect Secure with Elastic Agent. type: integration diff --git a/packages/qnap_nas/changelog.yml b/packages/qnap_nas/changelog.yml index 078184d468c..8cd8e3aa2b5 100644 --- a/packages/qnap_nas/changelog.yml +++ b/packages/qnap_nas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/qnap_nas/data_stream/log/fields/ecs.yml b/packages/qnap_nas/data_stream/log/fields/ecs.yml index 0c72fccafe0..6c1be28538b 100644 --- a/packages/qnap_nas/data_stream/log/fields/ecs.yml +++ b/packages/qnap_nas/data_stream/log/fields/ecs.yml @@ -39,7 +39,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/qnap_nas/manifest.yml b/packages/qnap_nas/manifest.yml index 9206ed820b4..a8a56e4f858 100644 --- a/packages/qnap_nas/manifest.yml +++ b/packages/qnap_nas/manifest.yml @@ -1,6 +1,6 @@ name: qnap_nas title: QNAP NAS -version: 1.2.0 +version: "1.2.1" release: ga description: Collect logs from QNAP NAS devices with Elastic Agent. type: integration diff --git a/packages/rabbitmq/changelog.yml b/packages/rabbitmq/changelog.yml index aeea79c5a56..2992a366a41 100644 --- a/packages/rabbitmq/changelog.yml +++ b/packages/rabbitmq/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.1" changes: - description: Add documentation for multi-fields diff --git a/packages/rabbitmq/data_stream/connection/fields/agent.yml b/packages/rabbitmq/data_stream/connection/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/rabbitmq/data_stream/connection/fields/agent.yml +++ b/packages/rabbitmq/data_stream/connection/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/rabbitmq/data_stream/exchange/fields/agent.yml b/packages/rabbitmq/data_stream/exchange/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/rabbitmq/data_stream/exchange/fields/agent.yml +++ b/packages/rabbitmq/data_stream/exchange/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/rabbitmq/data_stream/log/fields/agent.yml b/packages/rabbitmq/data_stream/log/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/rabbitmq/data_stream/log/fields/agent.yml +++ b/packages/rabbitmq/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/rabbitmq/data_stream/node/fields/agent.yml b/packages/rabbitmq/data_stream/node/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/rabbitmq/data_stream/node/fields/agent.yml +++ b/packages/rabbitmq/data_stream/node/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/rabbitmq/data_stream/queue/fields/agent.yml b/packages/rabbitmq/data_stream/queue/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/rabbitmq/data_stream/queue/fields/agent.yml +++ b/packages/rabbitmq/data_stream/queue/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/rabbitmq/manifest.yml b/packages/rabbitmq/manifest.yml index a7ccdc6d8b1..0d923507099 100644 --- a/packages/rabbitmq/manifest.yml +++ b/packages/rabbitmq/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: rabbitmq title: RabbitMQ Logs -version: 1.3.1 +version: "1.3.2" license: basic description: Collect and parse logs from RabbitMQ servers with Elastic Agent. type: integration diff --git a/packages/radware/changelog.yml b/packages/radware/changelog.yml index 8bfaf111c92..3ed670f6ca0 100644 --- a/packages/radware/changelog.yml +++ b/packages/radware/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.7.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.7.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/radware/data_stream/defensepro/fields/base-fields.yml b/packages/radware/data_stream/defensepro/fields/base-fields.yml index 2070b87dc06..3800744b1de 100644 --- a/packages/radware/data_stream/defensepro/fields/base-fields.yml +++ b/packages/radware/data_stream/defensepro/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/radware/data_stream/defensepro/fields/ecs.yml b/packages/radware/data_stream/defensepro/fields/ecs.yml index 1da8c39a341..8500697a629 100644 --- a/packages/radware/data_stream/defensepro/fields/ecs.yml +++ b/packages/radware/data_stream/defensepro/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/radware/manifest.yml b/packages/radware/manifest.yml index df4b23bad95..03ffbd4fd42 100644 --- a/packages/radware/manifest.yml +++ b/packages/radware/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: radware title: Radware DefensePro Logs -version: 0.7.0 +version: "0.7.1" description: Collect defensePro logs from Radware devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/redis/changelog.yml b/packages/redis/changelog.yml index 7f8fe612778..a0cacd199a0 100644 --- a/packages/redis/changelog.yml +++ b/packages/redis/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.1" changes: - description: Add documentation for multi-fields diff --git a/packages/redis/data_stream/info/fields/agent.yml b/packages/redis/data_stream/info/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/redis/data_stream/info/fields/agent.yml +++ b/packages/redis/data_stream/info/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/redis/data_stream/key/fields/agent.yml b/packages/redis/data_stream/key/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/redis/data_stream/key/fields/agent.yml +++ b/packages/redis/data_stream/key/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/redis/data_stream/keyspace/fields/agent.yml b/packages/redis/data_stream/keyspace/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/redis/data_stream/keyspace/fields/agent.yml +++ b/packages/redis/data_stream/keyspace/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/redis/data_stream/log/fields/agent.yml b/packages/redis/data_stream/log/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/redis/data_stream/log/fields/agent.yml +++ b/packages/redis/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/redis/data_stream/slowlog/fields/agent.yml b/packages/redis/data_stream/slowlog/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/redis/data_stream/slowlog/fields/agent.yml +++ b/packages/redis/data_stream/slowlog/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/redis/manifest.yml b/packages/redis/manifest.yml index f98d7bec300..97a622d7483 100644 --- a/packages/redis/manifest.yml +++ b/packages/redis/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: redis title: Redis -version: 1.3.1 +version: "1.3.2" license: basic description: Collect logs and metrics from Redis servers with Elastic Agent. type: integration diff --git a/packages/santa/changelog.yml b/packages/santa/changelog.yml index 1902d1b4c93..42f89ba9269 100644 --- a/packages/santa/changelog.yml +++ b/packages/santa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "2.1.0" changes: - description: Update to ECS 8.2 diff --git a/packages/santa/data_stream/log/fields/agent.yml b/packages/santa/data_stream/log/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/santa/data_stream/log/fields/agent.yml +++ b/packages/santa/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/santa/manifest.yml b/packages/santa/manifest.yml index bf20151914b..bbe07b89572 100644 --- a/packages/santa/manifest.yml +++ b/packages/santa/manifest.yml @@ -1,6 +1,6 @@ name: santa title: Google Santa Logs -version: 2.1.0 +version: "2.1.1" release: ga description: Collect and parse logs from Google Santa instances with Elastic Agent. type: integration diff --git a/packages/snort/changelog.yml b/packages/snort/changelog.yml index f4c786b4c49..4b848548817 100644 --- a/packages/snort/changelog.yml +++ b/packages/snort/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.3.0" changes: - description: Update to ECS 8.2 diff --git a/packages/snort/data_stream/log/fields/agent.yml b/packages/snort/data_stream/log/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/snort/data_stream/log/fields/agent.yml +++ b/packages/snort/data_stream/log/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/snort/data_stream/log/fields/ecs.yml b/packages/snort/data_stream/log/fields/ecs.yml index df23393a900..46dd1ea7a3c 100644 --- a/packages/snort/data_stream/log/fields/ecs.yml +++ b/packages/snort/data_stream/log/fields/ecs.yml @@ -19,7 +19,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -79,7 +78,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/snort/manifest.yml b/packages/snort/manifest.yml index 7418522fa76..d1e61c02cfd 100644 --- a/packages/snort/manifest.yml +++ b/packages/snort/manifest.yml @@ -1,6 +1,6 @@ name: snort title: Snort -version: 0.3.0 +version: "0.3.1" release: experimental description: Collect logs from Snort with Elastic Agent. type: integration diff --git a/packages/snyk/changelog.yml b/packages/snyk/changelog.yml index 5ac030d0c12..3d5a4367162 100644 --- a/packages/snyk/changelog.yml +++ b/packages/snyk/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/snyk/data_stream/audit/fields/agent.yml b/packages/snyk/data_stream/audit/fields/agent.yml index 4d9a6f7b362..d71780611d2 100644 --- a/packages/snyk/data_stream/audit/fields/agent.yml +++ b/packages/snyk/data_stream/audit/fields/agent.yml @@ -1,35 +1,26 @@ - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -38,58 +29,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -102,13 +78,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/snyk/data_stream/audit/fields/package-fields.yml b/packages/snyk/data_stream/audit/fields/package-fields.yml index a6f1fda959b..d145f7df11f 100644 --- a/packages/snyk/data_stream/audit/fields/package-fields.yml +++ b/packages/snyk/data_stream/audit/fields/package-fields.yml @@ -1,6 +1,5 @@ - name: snyk type: group - release: beta description: > Module for parsing Snyk project vulnerabilities. diff --git a/packages/snyk/data_stream/vulnerabilities/fields/agent.yml b/packages/snyk/data_stream/vulnerabilities/fields/agent.yml index 4d9a6f7b362..d71780611d2 100644 --- a/packages/snyk/data_stream/vulnerabilities/fields/agent.yml +++ b/packages/snyk/data_stream/vulnerabilities/fields/agent.yml @@ -1,35 +1,26 @@ - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -38,58 +29,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -102,13 +78,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/snyk/data_stream/vulnerabilities/fields/package-fields.yml b/packages/snyk/data_stream/vulnerabilities/fields/package-fields.yml index a6f1fda959b..d145f7df11f 100644 --- a/packages/snyk/data_stream/vulnerabilities/fields/package-fields.yml +++ b/packages/snyk/data_stream/vulnerabilities/fields/package-fields.yml @@ -1,6 +1,5 @@ - name: snyk type: group - release: beta description: > Module for parsing Snyk project vulnerabilities. diff --git a/packages/snyk/manifest.yml b/packages/snyk/manifest.yml index deb85b92650..5d3f13c30e2 100644 --- a/packages/snyk/manifest.yml +++ b/packages/snyk/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: snyk title: "Snyk" -version: 1.2.0 +version: "1.2.1" license: basic description: "Collect logs from Snyk API with Elastic Agent." type: integration diff --git a/packages/sonicwall/changelog.yml b/packages/sonicwall/changelog.yml index 55eeff9654f..2eb4358f094 100644 --- a/packages/sonicwall/changelog.yml +++ b/packages/sonicwall/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/sonicwall/data_stream/firewall/fields/base-fields.yml b/packages/sonicwall/data_stream/firewall/fields/base-fields.yml index a73f5492de5..fec6add5faf 100644 --- a/packages/sonicwall/data_stream/firewall/fields/base-fields.yml +++ b/packages/sonicwall/data_stream/firewall/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/sonicwall/data_stream/firewall/fields/ecs.yml b/packages/sonicwall/data_stream/firewall/fields/ecs.yml index 2d3915d8619..f68b9ebf06f 100644 --- a/packages/sonicwall/data_stream/firewall/fields/ecs.yml +++ b/packages/sonicwall/data_stream/firewall/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -191,7 +190,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/sonicwall/manifest.yml b/packages/sonicwall/manifest.yml index da63d7918f5..80ca19a62db 100644 --- a/packages/sonicwall/manifest.yml +++ b/packages/sonicwall/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sonicwall title: Sonicwall-FW Logs -version: 0.8.0 +version: "0.8.1" description: Collect logs from Sonicwall devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/sophos/changelog.yml b/packages/sophos/changelog.yml index 8e31dc49894..399d2628c6d 100644 --- a/packages/sophos/changelog.yml +++ b/packages/sophos/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "2.1.0" changes: - description: Update to ECS 8.2.0 to use new email field set. diff --git a/packages/sophos/data_stream/utm/fields/base-fields.yml b/packages/sophos/data_stream/utm/fields/base-fields.yml index 0c50a776378..6694408f848 100644 --- a/packages/sophos/data_stream/utm/fields/base-fields.yml +++ b/packages/sophos/data_stream/utm/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/sophos/data_stream/xg/fields/agent.yml b/packages/sophos/data_stream/xg/fields/agent.yml index 98998ae5498..ec3714e08b6 100644 --- a/packages/sophos/data_stream/xg/fields/agent.yml +++ b/packages/sophos/data_stream/xg/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/sophos/manifest.yml b/packages/sophos/manifest.yml index 00103a0475d..d225335dae8 100644 --- a/packages/sophos/manifest.yml +++ b/packages/sophos/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sophos title: Sophos Logs -version: 2.1.0 +version: "2.1.1" description: Collect and parse logs from Sophos Products with Elastic Agent. categories: ["security"] release: ga diff --git a/packages/squid/changelog.yml b/packages/squid/changelog.yml index 6170e02fe30..a74462f7cd1 100644 --- a/packages/squid/changelog.yml +++ b/packages/squid/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/squid/data_stream/log/fields/base-fields.yml b/packages/squid/data_stream/log/fields/base-fields.yml index 8243e1ed2f0..739fba697b5 100644 --- a/packages/squid/data_stream/log/fields/base-fields.yml +++ b/packages/squid/data_stream/log/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/squid/data_stream/log/fields/ecs.yml b/packages/squid/data_stream/log/fields/ecs.yml index 20e5a824aed..22fbe4e9b7b 100644 --- a/packages/squid/data_stream/log/fields/ecs.yml +++ b/packages/squid/data_stream/log/fields/ecs.yml @@ -27,7 +27,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -195,7 +194,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/squid/manifest.yml b/packages/squid/manifest.yml index 563e5955418..d1f335d4d9c 100644 --- a/packages/squid/manifest.yml +++ b/packages/squid/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: squid title: Squid Logs -version: 0.8.0 +version: "0.8.1" description: Collect and parse logs from Squid devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/stan/changelog.yml b/packages/stan/changelog.yml index a90921004ce..f9d9225f68e 100644 --- a/packages/stan/changelog.yml +++ b/packages/stan/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.0" changes: - description: Update to ECS 8.0 diff --git a/packages/stan/data_stream/channels/fields/fields.yml b/packages/stan/data_stream/channels/fields/fields.yml index f47d3ef50cb..861157d6f79 100644 --- a/packages/stan/data_stream/channels/fields/fields.yml +++ b/packages/stan/data_stream/channels/fields/fields.yml @@ -1,6 +1,5 @@ - name: stan.channels type: group - release: ga fields: - name: name type: keyword diff --git a/packages/stan/data_stream/log/fields/base-fields.yml b/packages/stan/data_stream/log/fields/base-fields.yml index 6489afea694..b17e7309731 100644 --- a/packages/stan/data_stream/log/fields/base-fields.yml +++ b/packages/stan/data_stream/log/fields/base-fields.yml @@ -15,7 +15,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.offset diff --git a/packages/stan/data_stream/log/fields/fields.yml b/packages/stan/data_stream/log/fields/fields.yml index 803aa5fbc7c..8c75e0c2096 100644 --- a/packages/stan/data_stream/log/fields/fields.yml +++ b/packages/stan/data_stream/log/fields/fields.yml @@ -1,6 +1,5 @@ - name: stan.log type: group - release: beta fields: - name: client type: group diff --git a/packages/stan/data_stream/stats/fields/fields.yml b/packages/stan/data_stream/stats/fields/fields.yml index 786b4ace439..5260804bb41 100644 --- a/packages/stan/data_stream/stats/fields/fields.yml +++ b/packages/stan/data_stream/stats/fields/fields.yml @@ -1,6 +1,5 @@ - name: stan.stats type: group - release: ga fields: - name: state type: keyword diff --git a/packages/stan/data_stream/subscriptions/fields/fields.yml b/packages/stan/data_stream/subscriptions/fields/fields.yml index 54ab2816726..e6fd2305d25 100644 --- a/packages/stan/data_stream/subscriptions/fields/fields.yml +++ b/packages/stan/data_stream/subscriptions/fields/fields.yml @@ -1,6 +1,5 @@ - name: stan.subscriptions type: group - release: ga fields: - name: id type: keyword diff --git a/packages/stan/manifest.yml b/packages/stan/manifest.yml index 1438c6ea508..02df52ff507 100644 --- a/packages/stan/manifest.yml +++ b/packages/stan/manifest.yml @@ -1,6 +1,6 @@ name: stan title: STAN -version: 1.3.0 +version: "1.3.1" release: ga description: Collect logs and metrics from STAN servers with Elastic Agent. type: integration diff --git a/packages/suricata/changelog.yml b/packages/suricata/changelog.yml index f9f48abc6ff..70ed6c57327 100644 --- a/packages/suricata/changelog.yml +++ b/packages/suricata/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.7.0" changes: - description: Update to ECS 8.2 diff --git a/packages/suricata/data_stream/eve/fields/agent.yml b/packages/suricata/data_stream/eve/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/suricata/data_stream/eve/fields/agent.yml +++ b/packages/suricata/data_stream/eve/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/suricata/data_stream/eve/fields/ecs.yml b/packages/suricata/data_stream/eve/fields/ecs.yml index fa6d117c34f..080962e6234 100644 --- a/packages/suricata/data_stream/eve/fields/ecs.yml +++ b/packages/suricata/data_stream/eve/fields/ecs.yml @@ -19,7 +19,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -101,7 +100,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/suricata/data_stream/eve/fields/fields-epr.yml b/packages/suricata/data_stream/eve/fields/fields-epr.yml index b8a01e0fdce..562b3d01338 100644 --- a/packages/suricata/data_stream/eve/fields/fields-epr.yml +++ b/packages/suricata/data_stream/eve/fields/fields-epr.yml @@ -1,101 +1,67 @@ - name: event - title: Event - group: 2 description: "The event fields are used for context information about the log or metric event itself.\nA log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host and device temperature. See the `event.kind` definition in this section for additional details about metric and state events." type: group fields: - name: created - level: core type: date description: "event.created contains the date/time when the event was first read by an agent, or by your pipeline.\nThis field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event.\nIn most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source.\nIn case the two timestamps are identical, @timestamp should be used." - example: "2016-05-23T08:05:34.857Z" - name: ingested - level: core type: date description: "Timestamp when an event arrived in the central data store.\nThis is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event.\nIn normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`." - example: "2016-05-23T08:05:35.101Z" - name: original - level: core type: keyword ignore_above: 1024 description: "Raw text message of entire event. Used to demonstrate log integrity.\nThis field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`." - example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 - name: dns - title: DNS - group: 2 description: "Fields describing DNS queries and answers.\nDNS events should either represent a single DNS query prior to getting answers (`dns.type:query`) or they should represent a full exchange and contain the query details as well as all of the answers that were provided for this query (`dns.type:answer`)." type: group fields: - name: answers - level: extended type: object object_type: keyword description: "An array containing an object for each answer section returned by the server.\nThe main keys that should be present in these objects are defined by ECS. Records that have more information may contain more keys than what ECS defines.\nNot all DNS data sources give all details about DNS answers. At minimum, answer objects must contain the `data` key. If more information is available, map as much of it to ECS as possible, and add any additional fields to the answer objects as custom fields." - name: answers.class - level: extended type: keyword ignore_above: 1024 description: The class of DNS data contained in this resource record. - example: IN - name: answers.data - level: extended type: keyword ignore_above: 1024 description: "The data describing the resource.\nThe meaning of this data depends on the type and class of the resource record." - example: 10.10.10.10 - name: answers.name - level: extended type: keyword ignore_above: 1024 description: "The domain name to which this resource record pertains.\nIf a chain of CNAME is being resolved, each answer's `name` should be the one that corresponds with the answer's `data`. It should not simply be the original `question.name` repeated." - example: www.google.com - name: answers.ttl - level: extended type: long description: The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached. - example: 180 - name: answers.type - level: extended type: keyword ignore_above: 1024 description: The type of data contained in this resource record. - example: CNAME - name: header_flags - level: extended type: keyword ignore_above: 1024 description: "Array of 2 letter DNS header flags.\nExpected values are: AA, TC, RD, RA, AD, CD, DO." - example: - - RD - - RA - name: id - level: extended type: keyword ignore_above: 1024 description: The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response. - example: 62111 - name: op_code - level: extended type: keyword ignore_above: 1024 description: The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response. - example: QUERY - name: question.class - level: extended type: keyword ignore_above: 1024 description: The class of records being queried. - example: IN - name: question.name - level: extended type: keyword ignore_above: 1024 description: 'The name being queried. If the name field contains non-printable characters (below 32 or above 126), those characters should be represented as escaped base 10 integers (\DDD). Back slashes and quotes should be escaped. Tabs, carriage returns, and line feeds should be converted to \t, \r, and \n respectively.' - example: www.google.com - name: question.registered_domain - level: extended type: keyword ignore_above: 1024 description: 'The highest registered domain, stripped of the subdomain. @@ -103,56 +69,38 @@ For example, the registered domain for "foo.google.com" is "google.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk".' - example: google.com - name: question.subdomain - level: extended type: keyword ignore_above: 1024 description: 'The subdomain is all of the labels under the registered_domain. If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period.' - example: www - name: question.top_level_domain - level: extended type: keyword ignore_above: 1024 description: 'The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for google.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk".' - example: co.uk - name: question.type - level: extended type: keyword ignore_above: 1024 description: The type of record being queried. - example: AAAA - name: resolved_ip - level: extended type: ip description: "Array containing all IPs seen in `answers.data`.\nThe `answers` array can be difficult to use, because of the variety of data formats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip` makes it possible to index them as IP addresses, and makes them easier to visualize and query for." - example: - - 10.10.10.10 - - 10.10.10.11 - name: response_code - level: extended type: keyword ignore_above: 1024 description: The DNS response code. - example: NOERROR - name: type - level: extended type: keyword ignore_above: 1024 description: "The type of DNS event captured, query or answer.\nIf your source of DNS events only gives you DNS queries, you should only create dns events of type `dns.type:query`.\nIf your source of DNS events gives you answers as well, you should create one event per query (optionally as soon as the query is seen). And a second event containing all query details as well as an array of answers." - example: answer - name: related - title: Related - group: 2 description: "This field set is meant to facilitate pivoting around a piece of data.\nSome pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`.\nA concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:192.0.2.15`." type: group fields: - name: ip - level: extended type: ip description: All of the IPs seen on your event. - name: input.type # Filebeat Fields diff --git a/packages/suricata/manifest.yml b/packages/suricata/manifest.yml index e5671ce723a..fcced75c92c 100644 --- a/packages/suricata/manifest.yml +++ b/packages/suricata/manifest.yml @@ -1,6 +1,6 @@ name: suricata title: Suricata Events -version: 1.7.0 +version: "1.7.1" release: ga description: Collect and parse event logs from Suricata instances with Elastic Agent. type: integration diff --git a/packages/symantec_endpoint/changelog.yml b/packages/symantec_endpoint/changelog.yml index 8112b3c9685..10e1e3e7ab7 100644 --- a/packages/symantec_endpoint/changelog.yml +++ b/packages/symantec_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.0.4" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.0.3" changes: - description: Make field values conform to ECS diff --git a/packages/symantec_endpoint/data_stream/log/fields/agent.yml b/packages/symantec_endpoint/data_stream/log/fields/agent.yml index c2cceee2d3f..9832fb6e0c5 100644 --- a/packages/symantec_endpoint/data_stream/log/fields/agent.yml +++ b/packages/symantec_endpoint/data_stream/log/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/symantec_endpoint/manifest.yml b/packages/symantec_endpoint/manifest.yml index 2a156819891..5d4b629debd 100644 --- a/packages/symantec_endpoint/manifest.yml +++ b/packages/symantec_endpoint/manifest.yml @@ -1,6 +1,6 @@ name: symantec_endpoint title: Symantec Endpoint Protection -version: 0.0.3 +version: "0.0.4" release: beta description: Collect logs from Symantec Endpoint Protection with Elastic Agent. type: integration diff --git a/packages/synthetics/changelog.yml b/packages/synthetics/changelog.yml index 6627dae2919..7216d04e10c 100644 --- a/packages/synthetics/changelog.yml +++ b/packages/synthetics/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.3" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.9.2" changes: - description: Adds APM service name mappings diff --git a/packages/synthetics/data_stream/browser/fields/cloud.yml b/packages/synthetics/data_stream/browser/fields/cloud.yml index 29a4b437903..a3e1c24e4ec 100644 --- a/packages/synthetics/data_stream/browser/fields/cloud.yml +++ b/packages/synthetics/data_stream/browser/fields/cloud.yml @@ -1,5 +1,4 @@ - name: cloud.image.id - example: ami-abcd1234 type: keyword description: > Image ID for the cloud instance. diff --git a/packages/synthetics/data_stream/browser/fields/common.yml b/packages/synthetics/data_stream/browser/fields/common.yml index b2b90ca2922..a77269ad201 100644 --- a/packages/synthetics/data_stream/browser/fields/common.yml +++ b/packages/synthetics/data_stream/browser/fields/common.yml @@ -53,7 +53,6 @@ IP of service being monitored. If service is monitored by hostname, the `ip` field contains the resolved ip address for the current host. - name: status - required: true type: keyword description: > Indicator if monitor could validate the service to be available. diff --git a/packages/synthetics/data_stream/browser/fields/ecs.yml b/packages/synthetics/data_stream/browser/fields/ecs.yml index c2d2b7940fb..c8441fd817e 100644 --- a/packages/synthetics/data_stream/browser/fields/ecs.yml +++ b/packages/synthetics/data_stream/browser/fields/ecs.yml @@ -1,235 +1,157 @@ - name: labels - level: core type: object object_type: keyword description: "Custom key/value pairs.\nCan be used to add meta information to events. Should not contain nested objects. All values are stored as keyword.\nExample: `docker` and `k8s` labels." - example: '{"application": "foo-bar", "env": "production"}' - name: tags - level: core type: keyword ignore_above: 1024 description: List of keywords used to tag each event. - example: '["production", "env2"]' - name: agent - title: Agent - group: 2 description: "The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host.\nExamples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken." - footnote: "Examples: In the case of Beats for logs, the agent.name is filebeat. For APM, it is the agent running in the app/service. The agent information does not change if data is sent through queuing systems like Kafka, Redis, or processing systems such as Logstash or APM Server." type: group fields: - name: build.original - level: core type: wildcard description: "Extended build information for the agent.\nThis field is intended to contain any build information that a data source may provide, no specific formatting is required." - example: metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC] - default_field: false - name: ephemeral_id - level: extended type: keyword ignore_above: 1024 description: "Ephemeral identifier of this agent (if one exists).\nThis id normally changes across restarts, but `agent.id` does not." - example: 8a4f500f - name: id - level: core type: keyword ignore_above: 1024 description: "Unique identifier of this agent (if one exists).\nExample: For Beats this would be beat.id." - example: 8a4f500d - name: name - level: core type: keyword ignore_above: 1024 description: "Custom name of the agent.\nThis is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from.\nIf no name is given, the name is often left empty." - example: foo - name: type - level: core type: keyword ignore_above: 1024 description: "Type of the agent.\nThe agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine." - example: filebeat - name: version - level: core type: keyword ignore_above: 1024 description: Version of the agent. - example: 6.0.0-rc2 - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: account.name - level: extended type: keyword ignore_above: 1024 description: "The cloud account name or alias used to identify different entities in a multi-tenant environment.\nExamples: AWS account name, Google Cloud ORG display name." - example: elastic-dev - default_field: false - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: project.id - level: extended type: keyword ignore_above: 1024 description: "The cloud project identifier.\nExamples: Google Cloud Project id, Azure Project id." - example: my-project - default_field: false - name: project.name - level: extended type: keyword ignore_above: 1024 description: "The cloud project name.\nExamples: Google Cloud Project name, Azure Project name." - example: my project - default_field: false - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: image.tag - level: extended type: keyword ignore_above: 1024 description: Container image tags. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: runtime - level: extended type: keyword ignore_above: 1024 description: Runtime managing this container. - example: docker - name: dns - title: DNS - group: 2 description: "Fields describing DNS queries and answers.\nDNS events should either represent a single DNS query prior to getting answers (`dns.type:query`) or they should represent a full exchange and contain the query details as well as all of the answers that were provided for this query (`dns.type:answer`)." type: group fields: - name: answers - level: extended type: object description: "An array containing an object for each answer section returned by the server.\nThe main keys that should be present in these objects are defined by ECS. Records that have more information may contain more keys than what ECS defines.\nNot all DNS data sources give all details about DNS answers. At minimum, answer objects must contain the `data` key. If more information is available, map as much of it to ECS as possible, and add any additional fields to the answer objects as custom fields." - name: answers.class - level: extended type: keyword ignore_above: 1024 description: The class of DNS data contained in this resource record. - example: IN - name: answers.data - level: extended type: wildcard description: "The data describing the resource.\nThe meaning of this data depends on the type and class of the resource record." - example: 10.10.10.10 - name: answers.name - level: extended type: keyword ignore_above: 1024 description: "The domain name to which this resource record pertains.\nIf a chain of CNAME is being resolved, each answer's `name` should be the one that corresponds with the answer's `data`. It should not simply be the original `question.name` repeated." - example: www.example.com - name: answers.ttl - level: extended type: long description: The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached. - example: 180 - name: answers.type - level: extended type: keyword ignore_above: 1024 description: The type of data contained in this resource record. - example: CNAME - name: header_flags - level: extended type: keyword ignore_above: 1024 description: "Array of 2 letter DNS header flags.\nExpected values are: AA, TC, RD, RA, AD, CD, DO." - example: '["RD", "RA"]' - name: id - level: extended type: keyword ignore_above: 1024 description: The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response. - example: 62111 - name: op_code - level: extended type: keyword ignore_above: 1024 description: The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response. - example: QUERY - name: question.class - level: extended type: keyword ignore_above: 1024 description: The class of records being queried. - example: IN - name: question.name - level: extended type: wildcard description: 'The name being queried. If the name field contains non-printable characters (below 32 or above 126), those characters should be represented as escaped base 10 integers (\DDD). Back slashes and quotes should be escaped. Tabs, carriage returns, and line feeds should be converted to \t, \r, and \n respectively.' - example: www.example.com - name: question.registered_domain - level: extended type: keyword ignore_above: 1024 description: 'The highest registered domain, stripped of the subdomain. @@ -237,123 +159,86 @@ For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk".' - example: example.com - name: question.subdomain - level: extended type: keyword ignore_above: 1024 description: 'The subdomain is all of the labels under the registered_domain. If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period.' - example: www - name: question.top_level_domain - level: extended type: keyword ignore_above: 1024 description: 'The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk".' - example: co.uk - name: question.type - level: extended type: keyword ignore_above: 1024 description: The type of record being queried. - example: AAAA - name: resolved_ip - level: extended type: ip description: "Array containing all IPs seen in `answers.data`.\nThe `answers` array can be difficult to use, because of the variety of data formats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip` makes it possible to index them as IP addresses, and makes them easier to visualize and query for." - example: '["10.10.10.10", "10.10.10.11"]' - name: response_code - level: extended type: keyword ignore_above: 1024 description: The DNS response code. - example: NOERROR - name: type - level: extended type: keyword ignore_above: 1024 description: "The type of DNS event captured, query or answer.\nIf your source of DNS events only gives you DNS queries, you should only create dns events of type `dns.type:query`.\nIf your source of DNS events gives you answers as well, you should create one event per query (optionally as soon as the query is seen). And a second event containing all query details as well as an array of answers." - example: answer - name: ecs - title: ECS - group: 2 description: Meta-information specific to ECS. type: group fields: - name: version - level: core - required: true type: keyword ignore_above: 1024 description: "ECS version this event conforms to. `ecs.version` is a required field and must exist in all events.\nWhen querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events." - example: 1.0.0 - name: error - title: Error - group: 2 description: "These fields can represent errors of any kind.\nUse them for errors that happen while fetching events or in cases where the event itself contains an error." type: group fields: - name: code - level: core type: keyword ignore_above: 1024 description: Error code describing the error. - name: id - level: core type: keyword ignore_above: 1024 description: Unique identifier for the error. - name: message - level: core type: text description: Error message. - name: stack_trace - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The stack trace of this error in plain text. - name: type - level: extended type: wildcard description: The type of the error, for example the class name of the exception. - example: java.lang.NullPointerException - name: http - title: HTTP - group: 2 description: Fields related to HTTP activity. Use the `url` field set to store the url of the request. type: group fields: - name: request.body.bytes - level: extended type: long format: bytes description: Size in bytes of the request body. - example: 887 - name: request.body.content - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The full HTTP request body. - example: Hello world - name: request.bytes - level: extended type: long format: bytes description: Total size in bytes of the request (body and headers). - example: 1437 - name: request.method - level: extended type: keyword ignore_above: 1024 description: 'HTTP request method. @@ -363,740 +248,441 @@ "The field value must be normalized to lowercase for querying." As of ECS 1.6.0, the guidance is deprecated because the original case of the method may be useful in anomaly detection. Original case will be mandated in ECS 2.0.0' - example: GET, POST, PUT, PoST - name: request.mime_type - level: extended type: keyword ignore_above: 1024 description: "Mime type of the body of the request.\nThis value must only be populated based on the content of the request body, not on the `Content-Type` header. Comparing the mime type of a request with the request's Content-Type header can be helpful in detecting threats or misconfigured clients." - example: image/gif - default_field: false - name: request.referrer - level: extended type: wildcard description: Referrer for this HTTP request. - example: https://blog.example.com/ - name: response.body.bytes - level: extended type: long format: bytes description: Size in bytes of the response body. - example: 887 - name: response.body.content - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The full HTTP response body. - example: Hello world - name: response.bytes - level: extended type: long format: bytes description: Total size in bytes of the response (body and headers). - example: 1437 - name: response.mime_type - level: extended type: keyword ignore_above: 1024 description: "Mime type of the body of the response.\nThis value must only be populated based on the content of the response body, not on the `Content-Type` header. Comparing the mime type of a response with the response's Content-Type header can be helpful in detecting misconfigured servers." - example: image/gif - default_field: false - name: response.status_code - level: extended type: long format: string description: HTTP response status code. - example: 404 - name: version - level: extended type: keyword ignore_above: 1024 description: HTTP version. - example: 1.1 - name: observer - title: Observer - group: 2 description: "An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics.\nThis could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, web proxies, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS." type: group fields: - name: geo.city_name - level: core type: keyword ignore_above: 1024 description: City name. - example: Montreal - name: geo.continent_name - level: core type: keyword ignore_above: 1024 description: Name of the continent. - example: North America - name: geo.country_iso_code - level: core type: keyword ignore_above: 1024 description: Country ISO code. - example: CA - name: geo.country_name - level: core type: keyword ignore_above: 1024 description: Country name. - example: Canada - name: geo.location - level: core type: geo_point description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' - name: geo.name - level: extended type: wildcard description: "User-defined description of a location, at the level of granularity they care about.\nCould be the name of their data centers, the floor number, if this describes a local physical entity, city names.\nNot typically used in automated geolocation." - example: boston-dc - name: geo.region_iso_code - level: core type: keyword ignore_above: 1024 description: Region ISO code. - example: CA-QC - name: geo.region_name - level: core type: keyword ignore_above: 1024 description: Region name. - example: Quebec - name: hostname - level: core type: keyword ignore_above: 1024 description: Hostname of the observer. - name: ip - level: core type: ip description: IP addresses of the observer. - name: mac - level: core type: keyword ignore_above: 1024 description: MAC addresses of the observer - name: name - level: extended type: keyword ignore_above: 1024 description: "Custom name of the observer.\nThis is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization.\nIf no custom name is needed, the field can be left empty." - example: 1_proxySG - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.full - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, including the version or code name. - example: Mac OS Mojave - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: product - level: extended type: keyword ignore_above: 1024 description: The product name of the observer. - example: s200 - name: serial_number - level: extended type: keyword ignore_above: 1024 description: Observer serial number. - name: type - level: core type: keyword ignore_above: 1024 description: "The type of the observer the data is coming from.\nThere is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`." - example: firewall - name: vendor - level: core type: keyword ignore_above: 1024 description: Vendor name of the observer. - example: Symantec - name: version - level: core type: keyword ignore_above: 1024 description: Observer version. - name: tls - title: TLS - group: 2 description: Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. type: group fields: - name: cipher - level: extended type: keyword ignore_above: 1024 description: String indicating the cipher used during the current connection. - example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - default_field: false - name: client.certificate - level: extended type: keyword ignore_above: 1024 description: PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. - example: MII... - default_field: false - name: client.certificate_chain - level: extended type: keyword ignore_above: 1024 description: Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. - example: '["MII...", "MII..."]' - default_field: false - name: client.hash.md5 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC - default_field: false - name: client.hash.sha1 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 9E393D93138888D288266C2D915214D1D1CCEB2A - default_field: false - name: client.hash.sha256 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 - default_field: false - name: client.issuer - level: extended type: wildcard description: Distinguished name of subject of the issuer of the x.509 certificate presented by the client. - example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: client.ja3 - level: extended type: keyword ignore_above: 1024 description: A hash that identifies clients based on how they perform an SSL/TLS handshake. - example: d4e5b18d6b55c71272893221c96ba240 - default_field: false - name: client.not_after - level: extended type: date description: Date/Time indicating when client certificate is no longer considered valid. - example: "2021-01-01T00:00:00.000Z" - default_field: false - name: client.not_before - level: extended type: date description: Date/Time indicating when client certificate is first considered valid. - example: "1970-01-01T00:00:00.000Z" - default_field: false - name: client.server_name - level: extended type: keyword ignore_above: 1024 description: Also called an SNI, this tells the server which hostname to which the client is attempting to connect to. When this value is available, it should get copied to `destination.domain`. - example: www.elastic.co - default_field: false - name: client.subject - level: extended type: wildcard description: Distinguished name of subject of the x.509 certificate presented by the client. - example: CN=myclient, OU=Documentation Team, DC=example, DC=com - default_field: false - name: client.supported_ciphers - level: extended type: keyword ignore_above: 1024 description: Array of ciphers offered by the client during the client hello. - example: '["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "..."]' - default_field: false - name: client.x509.alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: client.x509.issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: client.x509.issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: client.x509.issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: client.x509.issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: client.x509.issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: client.x509.issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: client.x509.issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: client.x509.not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: client.x509.not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: client.x509.public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: client.x509.public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: client.x509.public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: client.x509.public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: client.x509.serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: client.x509.signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: client.x509.subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: client.x509.subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: client.x509.subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: client.x509.subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: client.x509.subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: client.x509.subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: client.x509.subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: client.x509.version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false - name: curve - level: extended type: keyword ignore_above: 1024 description: String indicating the curve used for the given cipher, when applicable. - example: secp256r1 - default_field: false - name: established - level: extended type: boolean description: Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. - default_field: false - name: next_protocol - level: extended type: keyword ignore_above: 1024 description: String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. - example: http/1.1 - default_field: false - name: resumed - level: extended type: boolean description: Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. - default_field: false - name: server.certificate - level: extended type: keyword ignore_above: 1024 description: PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. - example: MII... - default_field: false - name: server.certificate_chain - level: extended type: keyword ignore_above: 1024 description: Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. - example: '["MII...", "MII..."]' - default_field: false - name: server.hash.md5 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC - default_field: false - name: server.hash.sha1 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 9E393D93138888D288266C2D915214D1D1CCEB2A - default_field: false - name: server.hash.sha256 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 - default_field: false - name: server.issuer - level: extended type: wildcard description: Subject of the issuer of the x.509 certificate presented by the server. - example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: server.ja3s - level: extended type: keyword ignore_above: 1024 description: A hash that identifies servers based on how they perform an SSL/TLS handshake. - example: 394441ab65754e2207b1e1b457b3641d - default_field: false - name: server.not_after - level: extended type: date description: Timestamp indicating when server certificate is no longer considered valid. - example: "2021-01-01T00:00:00.000Z" - default_field: false - name: server.not_before - level: extended type: date description: Timestamp indicating when server certificate is first considered valid. - example: "1970-01-01T00:00:00.000Z" - default_field: false - name: server.subject - level: extended type: wildcard description: Subject of the x.509 certificate presented by the server. - example: CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: server.x509.alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: server.x509.issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: server.x509.issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: server.x509.issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: server.x509.issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: server.x509.issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: server.x509.issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: server.x509.issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: server.x509.not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: server.x509.not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: server.x509.public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: server.x509.public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: server.x509.public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: server.x509.public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: server.x509.serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: server.x509.signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: server.x509.subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: server.x509.subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: server.x509.subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: server.x509.subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: server.x509.subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: server.x509.subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: server.x509.subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: server.x509.version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false - name: version - level: extended type: keyword ignore_above: 1024 description: Numeric part of the version parsed from the original string. - example: "1.2" - default_field: false - name: version_protocol - level: extended type: keyword ignore_above: 1024 description: Normalized lowercase protocol name parsed from original string. - example: tls - default_field: false - name: url - title: URL - group: 2 description: URL fields provide support for complete or partial URLs, and supports the breaking down into scheme, domain, path, and so on. type: group fields: - name: domain - level: extended type: wildcard description: 'Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field.' - example: www.elastic.co - name: extension - level: extended type: keyword ignore_above: 1024 description: 'The field contains the file extension from the original request url, excluding the leading dot. @@ -1106,262 +692,166 @@ The leading period must not be included. For example, the value must be "png", not ".png". Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured ("gz", not "tar.gz").' - example: png - name: fragment - level: extended type: keyword ignore_above: 1024 description: 'Portion of the url after the `#`, such as "top". The `#` is not part of the fragment.' - name: full - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false - name: keyword type: keyword description: If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. - example: https://www.elastic.co:443/search?q=elasticsearch#top - name: original - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: "Unmodified original url as seen in the event source.\nNote that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path.\nThis field is meant to represent the URL as it was observed, complete or not." - example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch - name: password - level: extended type: keyword ignore_above: 1024 description: Password of the request. - name: path - level: extended type: wildcard description: Path of the request, such as "/search". - name: port - level: extended type: long format: string description: Port of the request, such as 443. - example: 443 - name: query - level: extended type: keyword ignore_above: 1024 description: 'The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases.' - name: registered_domain - level: extended type: wildcard description: 'The highest registered url domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk".' - example: example.com - name: scheme - level: extended type: keyword ignore_above: 1024 description: 'Scheme of the request, such as "https". Note: The `:` is not part of the scheme.' - example: https - name: subdomain - level: extended type: keyword ignore_above: 1024 description: 'The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period.' - example: east - default_field: false - name: top_level_domain - level: extended type: keyword ignore_above: 1024 description: 'The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk".' - example: co.uk - name: username - level: extended type: keyword ignore_above: 1024 description: Username of the request. - name: x509 - title: x509 Certificate - group: 2 description: "This implements the common core fields for x509 certificates. This information is likely logged with TLS sessions, digital signatures found in executable binaries, S/MIME information in email bodies, or analysis of files on disk.\nWhen the certificate relates to a file, use the fields at `file.x509`. When hashes of the DER-encoded certificate are available, the `hash` data set should be populated as well (e.g. `file.hash.sha256`).\nEvents that contain certificate information about network connections, should use the x509 fields under the relevant TLS fields: `tls.server.x509` and/or `tls.client.x509`." type: group fields: - name: alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false diff --git a/packages/synthetics/data_stream/browser_network/fields/cloud.yml b/packages/synthetics/data_stream/browser_network/fields/cloud.yml index 29a4b437903..a3e1c24e4ec 100644 --- a/packages/synthetics/data_stream/browser_network/fields/cloud.yml +++ b/packages/synthetics/data_stream/browser_network/fields/cloud.yml @@ -1,5 +1,4 @@ - name: cloud.image.id - example: ami-abcd1234 type: keyword description: > Image ID for the cloud instance. diff --git a/packages/synthetics/data_stream/browser_network/fields/common.yml b/packages/synthetics/data_stream/browser_network/fields/common.yml index b2b90ca2922..a77269ad201 100644 --- a/packages/synthetics/data_stream/browser_network/fields/common.yml +++ b/packages/synthetics/data_stream/browser_network/fields/common.yml @@ -53,7 +53,6 @@ IP of service being monitored. If service is monitored by hostname, the `ip` field contains the resolved ip address for the current host. - name: status - required: true type: keyword description: > Indicator if monitor could validate the service to be available. diff --git a/packages/synthetics/data_stream/browser_network/fields/ecs.yml b/packages/synthetics/data_stream/browser_network/fields/ecs.yml index c2d2b7940fb..c8441fd817e 100644 --- a/packages/synthetics/data_stream/browser_network/fields/ecs.yml +++ b/packages/synthetics/data_stream/browser_network/fields/ecs.yml @@ -1,235 +1,157 @@ - name: labels - level: core type: object object_type: keyword description: "Custom key/value pairs.\nCan be used to add meta information to events. Should not contain nested objects. All values are stored as keyword.\nExample: `docker` and `k8s` labels." - example: '{"application": "foo-bar", "env": "production"}' - name: tags - level: core type: keyword ignore_above: 1024 description: List of keywords used to tag each event. - example: '["production", "env2"]' - name: agent - title: Agent - group: 2 description: "The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host.\nExamples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken." - footnote: "Examples: In the case of Beats for logs, the agent.name is filebeat. For APM, it is the agent running in the app/service. The agent information does not change if data is sent through queuing systems like Kafka, Redis, or processing systems such as Logstash or APM Server." type: group fields: - name: build.original - level: core type: wildcard description: "Extended build information for the agent.\nThis field is intended to contain any build information that a data source may provide, no specific formatting is required." - example: metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC] - default_field: false - name: ephemeral_id - level: extended type: keyword ignore_above: 1024 description: "Ephemeral identifier of this agent (if one exists).\nThis id normally changes across restarts, but `agent.id` does not." - example: 8a4f500f - name: id - level: core type: keyword ignore_above: 1024 description: "Unique identifier of this agent (if one exists).\nExample: For Beats this would be beat.id." - example: 8a4f500d - name: name - level: core type: keyword ignore_above: 1024 description: "Custom name of the agent.\nThis is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from.\nIf no name is given, the name is often left empty." - example: foo - name: type - level: core type: keyword ignore_above: 1024 description: "Type of the agent.\nThe agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine." - example: filebeat - name: version - level: core type: keyword ignore_above: 1024 description: Version of the agent. - example: 6.0.0-rc2 - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: account.name - level: extended type: keyword ignore_above: 1024 description: "The cloud account name or alias used to identify different entities in a multi-tenant environment.\nExamples: AWS account name, Google Cloud ORG display name." - example: elastic-dev - default_field: false - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: project.id - level: extended type: keyword ignore_above: 1024 description: "The cloud project identifier.\nExamples: Google Cloud Project id, Azure Project id." - example: my-project - default_field: false - name: project.name - level: extended type: keyword ignore_above: 1024 description: "The cloud project name.\nExamples: Google Cloud Project name, Azure Project name." - example: my project - default_field: false - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: image.tag - level: extended type: keyword ignore_above: 1024 description: Container image tags. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: runtime - level: extended type: keyword ignore_above: 1024 description: Runtime managing this container. - example: docker - name: dns - title: DNS - group: 2 description: "Fields describing DNS queries and answers.\nDNS events should either represent a single DNS query prior to getting answers (`dns.type:query`) or they should represent a full exchange and contain the query details as well as all of the answers that were provided for this query (`dns.type:answer`)." type: group fields: - name: answers - level: extended type: object description: "An array containing an object for each answer section returned by the server.\nThe main keys that should be present in these objects are defined by ECS. Records that have more information may contain more keys than what ECS defines.\nNot all DNS data sources give all details about DNS answers. At minimum, answer objects must contain the `data` key. If more information is available, map as much of it to ECS as possible, and add any additional fields to the answer objects as custom fields." - name: answers.class - level: extended type: keyword ignore_above: 1024 description: The class of DNS data contained in this resource record. - example: IN - name: answers.data - level: extended type: wildcard description: "The data describing the resource.\nThe meaning of this data depends on the type and class of the resource record." - example: 10.10.10.10 - name: answers.name - level: extended type: keyword ignore_above: 1024 description: "The domain name to which this resource record pertains.\nIf a chain of CNAME is being resolved, each answer's `name` should be the one that corresponds with the answer's `data`. It should not simply be the original `question.name` repeated." - example: www.example.com - name: answers.ttl - level: extended type: long description: The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached. - example: 180 - name: answers.type - level: extended type: keyword ignore_above: 1024 description: The type of data contained in this resource record. - example: CNAME - name: header_flags - level: extended type: keyword ignore_above: 1024 description: "Array of 2 letter DNS header flags.\nExpected values are: AA, TC, RD, RA, AD, CD, DO." - example: '["RD", "RA"]' - name: id - level: extended type: keyword ignore_above: 1024 description: The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response. - example: 62111 - name: op_code - level: extended type: keyword ignore_above: 1024 description: The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response. - example: QUERY - name: question.class - level: extended type: keyword ignore_above: 1024 description: The class of records being queried. - example: IN - name: question.name - level: extended type: wildcard description: 'The name being queried. If the name field contains non-printable characters (below 32 or above 126), those characters should be represented as escaped base 10 integers (\DDD). Back slashes and quotes should be escaped. Tabs, carriage returns, and line feeds should be converted to \t, \r, and \n respectively.' - example: www.example.com - name: question.registered_domain - level: extended type: keyword ignore_above: 1024 description: 'The highest registered domain, stripped of the subdomain. @@ -237,123 +159,86 @@ For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk".' - example: example.com - name: question.subdomain - level: extended type: keyword ignore_above: 1024 description: 'The subdomain is all of the labels under the registered_domain. If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period.' - example: www - name: question.top_level_domain - level: extended type: keyword ignore_above: 1024 description: 'The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk".' - example: co.uk - name: question.type - level: extended type: keyword ignore_above: 1024 description: The type of record being queried. - example: AAAA - name: resolved_ip - level: extended type: ip description: "Array containing all IPs seen in `answers.data`.\nThe `answers` array can be difficult to use, because of the variety of data formats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip` makes it possible to index them as IP addresses, and makes them easier to visualize and query for." - example: '["10.10.10.10", "10.10.10.11"]' - name: response_code - level: extended type: keyword ignore_above: 1024 description: The DNS response code. - example: NOERROR - name: type - level: extended type: keyword ignore_above: 1024 description: "The type of DNS event captured, query or answer.\nIf your source of DNS events only gives you DNS queries, you should only create dns events of type `dns.type:query`.\nIf your source of DNS events gives you answers as well, you should create one event per query (optionally as soon as the query is seen). And a second event containing all query details as well as an array of answers." - example: answer - name: ecs - title: ECS - group: 2 description: Meta-information specific to ECS. type: group fields: - name: version - level: core - required: true type: keyword ignore_above: 1024 description: "ECS version this event conforms to. `ecs.version` is a required field and must exist in all events.\nWhen querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events." - example: 1.0.0 - name: error - title: Error - group: 2 description: "These fields can represent errors of any kind.\nUse them for errors that happen while fetching events or in cases where the event itself contains an error." type: group fields: - name: code - level: core type: keyword ignore_above: 1024 description: Error code describing the error. - name: id - level: core type: keyword ignore_above: 1024 description: Unique identifier for the error. - name: message - level: core type: text description: Error message. - name: stack_trace - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The stack trace of this error in plain text. - name: type - level: extended type: wildcard description: The type of the error, for example the class name of the exception. - example: java.lang.NullPointerException - name: http - title: HTTP - group: 2 description: Fields related to HTTP activity. Use the `url` field set to store the url of the request. type: group fields: - name: request.body.bytes - level: extended type: long format: bytes description: Size in bytes of the request body. - example: 887 - name: request.body.content - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The full HTTP request body. - example: Hello world - name: request.bytes - level: extended type: long format: bytes description: Total size in bytes of the request (body and headers). - example: 1437 - name: request.method - level: extended type: keyword ignore_above: 1024 description: 'HTTP request method. @@ -363,740 +248,441 @@ "The field value must be normalized to lowercase for querying." As of ECS 1.6.0, the guidance is deprecated because the original case of the method may be useful in anomaly detection. Original case will be mandated in ECS 2.0.0' - example: GET, POST, PUT, PoST - name: request.mime_type - level: extended type: keyword ignore_above: 1024 description: "Mime type of the body of the request.\nThis value must only be populated based on the content of the request body, not on the `Content-Type` header. Comparing the mime type of a request with the request's Content-Type header can be helpful in detecting threats or misconfigured clients." - example: image/gif - default_field: false - name: request.referrer - level: extended type: wildcard description: Referrer for this HTTP request. - example: https://blog.example.com/ - name: response.body.bytes - level: extended type: long format: bytes description: Size in bytes of the response body. - example: 887 - name: response.body.content - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The full HTTP response body. - example: Hello world - name: response.bytes - level: extended type: long format: bytes description: Total size in bytes of the response (body and headers). - example: 1437 - name: response.mime_type - level: extended type: keyword ignore_above: 1024 description: "Mime type of the body of the response.\nThis value must only be populated based on the content of the response body, not on the `Content-Type` header. Comparing the mime type of a response with the response's Content-Type header can be helpful in detecting misconfigured servers." - example: image/gif - default_field: false - name: response.status_code - level: extended type: long format: string description: HTTP response status code. - example: 404 - name: version - level: extended type: keyword ignore_above: 1024 description: HTTP version. - example: 1.1 - name: observer - title: Observer - group: 2 description: "An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics.\nThis could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, web proxies, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS." type: group fields: - name: geo.city_name - level: core type: keyword ignore_above: 1024 description: City name. - example: Montreal - name: geo.continent_name - level: core type: keyword ignore_above: 1024 description: Name of the continent. - example: North America - name: geo.country_iso_code - level: core type: keyword ignore_above: 1024 description: Country ISO code. - example: CA - name: geo.country_name - level: core type: keyword ignore_above: 1024 description: Country name. - example: Canada - name: geo.location - level: core type: geo_point description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' - name: geo.name - level: extended type: wildcard description: "User-defined description of a location, at the level of granularity they care about.\nCould be the name of their data centers, the floor number, if this describes a local physical entity, city names.\nNot typically used in automated geolocation." - example: boston-dc - name: geo.region_iso_code - level: core type: keyword ignore_above: 1024 description: Region ISO code. - example: CA-QC - name: geo.region_name - level: core type: keyword ignore_above: 1024 description: Region name. - example: Quebec - name: hostname - level: core type: keyword ignore_above: 1024 description: Hostname of the observer. - name: ip - level: core type: ip description: IP addresses of the observer. - name: mac - level: core type: keyword ignore_above: 1024 description: MAC addresses of the observer - name: name - level: extended type: keyword ignore_above: 1024 description: "Custom name of the observer.\nThis is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization.\nIf no custom name is needed, the field can be left empty." - example: 1_proxySG - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.full - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, including the version or code name. - example: Mac OS Mojave - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: product - level: extended type: keyword ignore_above: 1024 description: The product name of the observer. - example: s200 - name: serial_number - level: extended type: keyword ignore_above: 1024 description: Observer serial number. - name: type - level: core type: keyword ignore_above: 1024 description: "The type of the observer the data is coming from.\nThere is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`." - example: firewall - name: vendor - level: core type: keyword ignore_above: 1024 description: Vendor name of the observer. - example: Symantec - name: version - level: core type: keyword ignore_above: 1024 description: Observer version. - name: tls - title: TLS - group: 2 description: Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. type: group fields: - name: cipher - level: extended type: keyword ignore_above: 1024 description: String indicating the cipher used during the current connection. - example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - default_field: false - name: client.certificate - level: extended type: keyword ignore_above: 1024 description: PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. - example: MII... - default_field: false - name: client.certificate_chain - level: extended type: keyword ignore_above: 1024 description: Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. - example: '["MII...", "MII..."]' - default_field: false - name: client.hash.md5 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC - default_field: false - name: client.hash.sha1 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 9E393D93138888D288266C2D915214D1D1CCEB2A - default_field: false - name: client.hash.sha256 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 - default_field: false - name: client.issuer - level: extended type: wildcard description: Distinguished name of subject of the issuer of the x.509 certificate presented by the client. - example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: client.ja3 - level: extended type: keyword ignore_above: 1024 description: A hash that identifies clients based on how they perform an SSL/TLS handshake. - example: d4e5b18d6b55c71272893221c96ba240 - default_field: false - name: client.not_after - level: extended type: date description: Date/Time indicating when client certificate is no longer considered valid. - example: "2021-01-01T00:00:00.000Z" - default_field: false - name: client.not_before - level: extended type: date description: Date/Time indicating when client certificate is first considered valid. - example: "1970-01-01T00:00:00.000Z" - default_field: false - name: client.server_name - level: extended type: keyword ignore_above: 1024 description: Also called an SNI, this tells the server which hostname to which the client is attempting to connect to. When this value is available, it should get copied to `destination.domain`. - example: www.elastic.co - default_field: false - name: client.subject - level: extended type: wildcard description: Distinguished name of subject of the x.509 certificate presented by the client. - example: CN=myclient, OU=Documentation Team, DC=example, DC=com - default_field: false - name: client.supported_ciphers - level: extended type: keyword ignore_above: 1024 description: Array of ciphers offered by the client during the client hello. - example: '["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "..."]' - default_field: false - name: client.x509.alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: client.x509.issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: client.x509.issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: client.x509.issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: client.x509.issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: client.x509.issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: client.x509.issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: client.x509.issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: client.x509.not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: client.x509.not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: client.x509.public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: client.x509.public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: client.x509.public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: client.x509.public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: client.x509.serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: client.x509.signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: client.x509.subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: client.x509.subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: client.x509.subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: client.x509.subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: client.x509.subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: client.x509.subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: client.x509.subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: client.x509.version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false - name: curve - level: extended type: keyword ignore_above: 1024 description: String indicating the curve used for the given cipher, when applicable. - example: secp256r1 - default_field: false - name: established - level: extended type: boolean description: Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. - default_field: false - name: next_protocol - level: extended type: keyword ignore_above: 1024 description: String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. - example: http/1.1 - default_field: false - name: resumed - level: extended type: boolean description: Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. - default_field: false - name: server.certificate - level: extended type: keyword ignore_above: 1024 description: PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. - example: MII... - default_field: false - name: server.certificate_chain - level: extended type: keyword ignore_above: 1024 description: Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. - example: '["MII...", "MII..."]' - default_field: false - name: server.hash.md5 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC - default_field: false - name: server.hash.sha1 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 9E393D93138888D288266C2D915214D1D1CCEB2A - default_field: false - name: server.hash.sha256 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 - default_field: false - name: server.issuer - level: extended type: wildcard description: Subject of the issuer of the x.509 certificate presented by the server. - example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: server.ja3s - level: extended type: keyword ignore_above: 1024 description: A hash that identifies servers based on how they perform an SSL/TLS handshake. - example: 394441ab65754e2207b1e1b457b3641d - default_field: false - name: server.not_after - level: extended type: date description: Timestamp indicating when server certificate is no longer considered valid. - example: "2021-01-01T00:00:00.000Z" - default_field: false - name: server.not_before - level: extended type: date description: Timestamp indicating when server certificate is first considered valid. - example: "1970-01-01T00:00:00.000Z" - default_field: false - name: server.subject - level: extended type: wildcard description: Subject of the x.509 certificate presented by the server. - example: CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: server.x509.alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: server.x509.issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: server.x509.issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: server.x509.issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: server.x509.issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: server.x509.issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: server.x509.issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: server.x509.issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: server.x509.not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: server.x509.not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: server.x509.public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: server.x509.public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: server.x509.public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: server.x509.public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: server.x509.serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: server.x509.signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: server.x509.subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: server.x509.subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: server.x509.subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: server.x509.subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: server.x509.subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: server.x509.subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: server.x509.subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: server.x509.version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false - name: version - level: extended type: keyword ignore_above: 1024 description: Numeric part of the version parsed from the original string. - example: "1.2" - default_field: false - name: version_protocol - level: extended type: keyword ignore_above: 1024 description: Normalized lowercase protocol name parsed from original string. - example: tls - default_field: false - name: url - title: URL - group: 2 description: URL fields provide support for complete or partial URLs, and supports the breaking down into scheme, domain, path, and so on. type: group fields: - name: domain - level: extended type: wildcard description: 'Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field.' - example: www.elastic.co - name: extension - level: extended type: keyword ignore_above: 1024 description: 'The field contains the file extension from the original request url, excluding the leading dot. @@ -1106,262 +692,166 @@ The leading period must not be included. For example, the value must be "png", not ".png". Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured ("gz", not "tar.gz").' - example: png - name: fragment - level: extended type: keyword ignore_above: 1024 description: 'Portion of the url after the `#`, such as "top". The `#` is not part of the fragment.' - name: full - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false - name: keyword type: keyword description: If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. - example: https://www.elastic.co:443/search?q=elasticsearch#top - name: original - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: "Unmodified original url as seen in the event source.\nNote that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path.\nThis field is meant to represent the URL as it was observed, complete or not." - example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch - name: password - level: extended type: keyword ignore_above: 1024 description: Password of the request. - name: path - level: extended type: wildcard description: Path of the request, such as "/search". - name: port - level: extended type: long format: string description: Port of the request, such as 443. - example: 443 - name: query - level: extended type: keyword ignore_above: 1024 description: 'The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases.' - name: registered_domain - level: extended type: wildcard description: 'The highest registered url domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk".' - example: example.com - name: scheme - level: extended type: keyword ignore_above: 1024 description: 'Scheme of the request, such as "https". Note: The `:` is not part of the scheme.' - example: https - name: subdomain - level: extended type: keyword ignore_above: 1024 description: 'The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period.' - example: east - default_field: false - name: top_level_domain - level: extended type: keyword ignore_above: 1024 description: 'The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk".' - example: co.uk - name: username - level: extended type: keyword ignore_above: 1024 description: Username of the request. - name: x509 - title: x509 Certificate - group: 2 description: "This implements the common core fields for x509 certificates. This information is likely logged with TLS sessions, digital signatures found in executable binaries, S/MIME information in email bodies, or analysis of files on disk.\nWhen the certificate relates to a file, use the fields at `file.x509`. When hashes of the DER-encoded certificate are available, the `hash` data set should be populated as well (e.g. `file.hash.sha256`).\nEvents that contain certificate information about network connections, should use the x509 fields under the relevant TLS fields: `tls.server.x509` and/or `tls.client.x509`." type: group fields: - name: alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false diff --git a/packages/synthetics/data_stream/browser_network/fields/http.yml b/packages/synthetics/data_stream/browser_network/fields/http.yml index 51b5c0166d0..8568c8fa1b0 100644 --- a/packages/synthetics/data_stream/browser_network/fields/http.yml +++ b/packages/synthetics/data_stream/browser_network/fields/http.yml @@ -5,13 +5,11 @@ fields: - name: request.url - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false - name: keyword type: keyword description: The request url diff --git a/packages/synthetics/data_stream/browser_screenshot/fields/cloud.yml b/packages/synthetics/data_stream/browser_screenshot/fields/cloud.yml index 29a4b437903..a3e1c24e4ec 100644 --- a/packages/synthetics/data_stream/browser_screenshot/fields/cloud.yml +++ b/packages/synthetics/data_stream/browser_screenshot/fields/cloud.yml @@ -1,5 +1,4 @@ - name: cloud.image.id - example: ami-abcd1234 type: keyword description: > Image ID for the cloud instance. diff --git a/packages/synthetics/data_stream/browser_screenshot/fields/common.yml b/packages/synthetics/data_stream/browser_screenshot/fields/common.yml index b2b90ca2922..a77269ad201 100644 --- a/packages/synthetics/data_stream/browser_screenshot/fields/common.yml +++ b/packages/synthetics/data_stream/browser_screenshot/fields/common.yml @@ -53,7 +53,6 @@ IP of service being monitored. If service is monitored by hostname, the `ip` field contains the resolved ip address for the current host. - name: status - required: true type: keyword description: > Indicator if monitor could validate the service to be available. diff --git a/packages/synthetics/data_stream/browser_screenshot/fields/ecs.yml b/packages/synthetics/data_stream/browser_screenshot/fields/ecs.yml index 707899664a1..c1a7e70820b 100644 --- a/packages/synthetics/data_stream/browser_screenshot/fields/ecs.yml +++ b/packages/synthetics/data_stream/browser_screenshot/fields/ecs.yml @@ -1,235 +1,157 @@ - name: labels - level: core type: object object_type: keyword description: "Custom key/value pairs.\nCan be used to add meta information to events. Should not contain nested objects. All values are stored as keyword.\nExample: `docker` and `k8s` labels." - example: '{"application": "foo-bar", "env": "production"}' - name: tags - level: core type: keyword ignore_above: 1024 description: List of keywords used to tag each event. - example: '["production", "env2"]' - name: agent - title: Agent - group: 2 description: "The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host.\nExamples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken." - footnote: "Examples: In the case of Beats for logs, the agent.name is filebeat. For APM, it is the agent running in the app/service. The agent information does not change if data is sent through queuing systems like Kafka, Redis, or processing systems such as Logstash or APM Server." type: group fields: - name: build.original - level: core type: wildcard description: "Extended build information for the agent.\nThis field is intended to contain any build information that a data source may provide, no specific formatting is required." - example: metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC] - default_field: false - name: ephemeral_id - level: extended type: keyword ignore_above: 1024 description: "Ephemeral identifier of this agent (if one exists).\nThis id normally changes across restarts, but `agent.id` does not." - example: 8a4f500f - name: id - level: core type: keyword ignore_above: 1024 description: "Unique identifier of this agent (if one exists).\nExample: For Beats this would be beat.id." - example: 8a4f500d - name: name - level: core type: keyword ignore_above: 1024 description: "Custom name of the agent.\nThis is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from.\nIf no name is given, the name is often left empty." - example: foo - name: type - level: core type: keyword ignore_above: 1024 description: "Type of the agent.\nThe agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine." - example: filebeat - name: version - level: core type: keyword ignore_above: 1024 description: Version of the agent. - example: 6.0.0-rc2 - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: account.name - level: extended type: keyword ignore_above: 1024 description: "The cloud account name or alias used to identify different entities in a multi-tenant environment.\nExamples: AWS account name, Google Cloud ORG display name." - example: elastic-dev - default_field: false - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: project.id - level: extended type: keyword ignore_above: 1024 description: "The cloud project identifier.\nExamples: Google Cloud Project id, Azure Project id." - example: my-project - default_field: false - name: project.name - level: extended type: keyword ignore_above: 1024 description: "The cloud project name.\nExamples: Google Cloud Project name, Azure Project name." - example: my project - default_field: false - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: image.tag - level: extended type: keyword ignore_above: 1024 description: Container image tags. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: runtime - level: extended type: keyword ignore_above: 1024 description: Runtime managing this container. - example: docker - name: dns - title: DNS - group: 2 description: "Fields describing DNS queries and answers.\nDNS events should either represent a single DNS query prior to getting answers (`dns.type:query`) or they should represent a full exchange and contain the query details as well as all of the answers that were provided for this query (`dns.type:answer`)." type: group fields: - name: answers - level: extended type: object description: "An array containing an object for each answer section returned by the server.\nThe main keys that should be present in these objects are defined by ECS. Records that have more information may contain more keys than what ECS defines.\nNot all DNS data sources give all details about DNS answers. At minimum, answer objects must contain the `data` key. If more information is available, map as much of it to ECS as possible, and add any additional fields to the answer objects as custom fields." - name: answers.class - level: extended type: keyword ignore_above: 1024 description: The class of DNS data contained in this resource record. - example: IN - name: answers.data - level: extended type: wildcard description: "The data describing the resource.\nThe meaning of this data depends on the type and class of the resource record." - example: 10.10.10.10 - name: answers.name - level: extended type: keyword ignore_above: 1024 description: "The domain name to which this resource record pertains.\nIf a chain of CNAME is being resolved, each answer's `name` should be the one that corresponds with the answer's `data`. It should not simply be the original `question.name` repeated." - example: www.example.com - name: answers.ttl - level: extended type: long description: The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached. - example: 180 - name: answers.type - level: extended type: keyword ignore_above: 1024 description: The type of data contained in this resource record. - example: CNAME - name: header_flags - level: extended type: keyword ignore_above: 1024 description: "Array of 2 letter DNS header flags.\nExpected values are: AA, TC, RD, RA, AD, CD, DO." - example: '["RD", "RA"]' - name: id - level: extended type: keyword ignore_above: 1024 description: The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response. - example: 62111 - name: op_code - level: extended type: keyword ignore_above: 1024 description: The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response. - example: QUERY - name: question.class - level: extended type: keyword ignore_above: 1024 description: The class of records being queried. - example: IN - name: question.name - level: extended type: wildcard description: 'The name being queried. If the name field contains non-printable characters (below 32 or above 126), those characters should be represented as escaped base 10 integers (\DDD). Back slashes and quotes should be escaped. Tabs, carriage returns, and line feeds should be converted to \t, \r, and \n respectively.' - example: www.example.com - name: question.registered_domain - level: extended type: keyword ignore_above: 1024 description: 'The highest registered domain, stripped of the subdomain. @@ -237,123 +159,86 @@ For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk".' - example: example.com - name: question.subdomain - level: extended type: keyword ignore_above: 1024 description: 'The subdomain is all of the labels under the registered_domain. If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period.' - example: www - name: question.top_level_domain - level: extended type: keyword ignore_above: 1024 description: 'The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk".' - example: co.uk - name: question.type - level: extended type: keyword ignore_above: 1024 description: The type of record being queried. - example: AAAA - name: resolved_ip - level: extended type: ip description: "Array containing all IPs seen in `answers.data`.\nThe `answers` array can be difficult to use, because of the variety of data formats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip` makes it possible to index them as IP addresses, and makes them easier to visualize and query for." - example: '["10.10.10.10", "10.10.10.11"]' - name: response_code - level: extended type: keyword ignore_above: 1024 description: The DNS response code. - example: NOERROR - name: type - level: extended type: keyword ignore_above: 1024 description: "The type of DNS event captured, query or answer.\nIf your source of DNS events only gives you DNS queries, you should only create dns events of type `dns.type:query`.\nIf your source of DNS events gives you answers as well, you should create one event per query (optionally as soon as the query is seen). And a second event containing all query details as well as an array of answers." - example: answer - name: ecs - title: ECS - group: 2 description: Meta-information specific to ECS. type: group fields: - name: version - level: core - required: true type: keyword ignore_above: 1024 description: "ECS version this event conforms to. `ecs.version` is a required field and must exist in all events.\nWhen querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events." - example: 1.0.0 - name: error - title: Error - group: 2 description: "These fields can represent errors of any kind.\nUse them for errors that happen while fetching events or in cases where the event itself contains an error." type: group fields: - name: code - level: core type: keyword ignore_above: 1024 description: Error code describing the error. - name: id - level: core type: keyword ignore_above: 1024 description: Unique identifier for the error. - name: message - level: core type: text description: Error message. - name: stack_trace - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The stack trace of this error in plain text. - name: type - level: extended type: wildcard description: The type of the error, for example the class name of the exception. - example: java.lang.NullPointerException - name: http - title: HTTP - group: 2 description: Fields related to HTTP activity. Use the `url` field set to store the url of the request. type: group fields: - name: request.body.bytes - level: extended type: long format: bytes description: Size in bytes of the request body. - example: 887 - name: request.body.content - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The full HTTP request body. - example: Hello world - name: request.bytes - level: extended type: long format: bytes description: Total size in bytes of the request (body and headers). - example: 1437 - name: request.method - level: extended type: keyword ignore_above: 1024 description: 'HTTP request method. @@ -363,740 +248,441 @@ "The field value must be normalized to lowercase for querying." As of ECS 1.6.0, the guidance is deprecated because the original case of the method may be useful in anomaly detection. Original case will be mandated in ECS 2.0.0' - example: GET, POST, PUT, PoST - name: request.mime_type - level: extended type: keyword ignore_above: 1024 description: "Mime type of the body of the request.\nThis value must only be populated based on the content of the request body, not on the `Content-Type` header. Comparing the mime type of a request with the request's Content-Type header can be helpful in detecting threats or misconfigured clients." - example: image/gif - default_field: false - name: request.referrer - level: extended type: wildcard description: Referrer for this HTTP request. - example: https://blog.example.com/ - name: response.body.bytes - level: extended type: long format: bytes description: Size in bytes of the response body. - example: 887 - name: response.body.content - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The full HTTP response body. - example: Hello world - name: response.bytes - level: extended type: long format: bytes description: Total size in bytes of the response (body and headers). - example: 1437 - name: response.mime_type - level: extended type: keyword ignore_above: 1024 description: "Mime type of the body of the response.\nThis value must only be populated based on the content of the response body, not on the `Content-Type` header. Comparing the mime type of a response with the response's Content-Type header can be helpful in detecting misconfigured servers." - example: image/gif - default_field: false - name: response.status_code - level: extended type: long format: string description: HTTP response status code. - example: 404 - name: version - level: extended type: keyword ignore_above: 1024 description: HTTP version. - example: 1.1 - name: observer - title: Observer - group: 2 description: "An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics.\nThis could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, web proxies, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS." type: group fields: - name: geo.city_name - level: core type: keyword ignore_above: 1024 description: City name. - example: Montreal - name: geo.continent_name - level: core type: keyword ignore_above: 1024 description: Name of the continent. - example: North America - name: geo.country_iso_code - level: core type: keyword ignore_above: 1024 description: Country ISO code. - example: CA - name: geo.country_name - level: core type: keyword ignore_above: 1024 description: Country name. - example: Canada - name: geo.location - level: core type: geo_point description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' - name: geo.name - level: extended type: wildcard description: "User-defined description of a location, at the level of granularity they care about.\nCould be the name of their data centers, the floor number, if this describes a local physical entity, city names.\nNot typically used in automated geolocation." - example: boston-dc - name: geo.region_iso_code - level: core type: keyword ignore_above: 1024 description: Region ISO code. - example: CA-QC - name: geo.region_name - level: core type: keyword ignore_above: 1024 description: Region name. - example: Quebec - name: hostname - level: core type: keyword ignore_above: 1024 description: Hostname of the observer. - name: ip - level: core type: ip description: IP addresses of the observer. - name: mac - level: core type: keyword ignore_above: 1024 description: MAC addresses of the observer - name: name - level: extended type: keyword ignore_above: 1024 description: "Custom name of the observer.\nThis is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization.\nIf no custom name is needed, the field can be left empty." - example: 1_proxySG - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.full - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, including the version or code name. - example: Mac OS Mojave - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: product - level: extended type: keyword ignore_above: 1024 description: The product name of the observer. - example: s200 - name: serial_number - level: extended type: keyword ignore_above: 1024 description: Observer serial number. - name: type - level: core type: keyword ignore_above: 1024 description: "The type of the observer the data is coming from.\nThere is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`." - example: firewall - name: vendor - level: core type: keyword ignore_above: 1024 description: Vendor name of the observer. - example: Symantec - name: version - level: core type: keyword ignore_above: 1024 description: Observer version. - name: tls - title: TLS - group: 2 description: Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. type: group fields: - name: cipher - level: extended type: keyword ignore_above: 1024 description: String indicating the cipher used during the current connection. - example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - default_field: false - name: client.certificate - level: extended type: keyword ignore_above: 1024 description: PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. - example: MII... - default_field: false - name: client.certificate_chain - level: extended type: keyword ignore_above: 1024 description: Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. - example: '["MII...", "MII..."]' - default_field: false - name: client.hash.md5 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC - default_field: false - name: client.hash.sha1 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 9E393D93138888D288266C2D915214D1D1CCEB2A - default_field: false - name: client.hash.sha256 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 - default_field: false - name: client.issuer - level: extended type: wildcard description: Distinguished name of subject of the issuer of the x.509 certificate presented by the client. - example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: client.ja3 - level: extended type: keyword ignore_above: 1024 description: A hash that identifies clients based on how they perform an SSL/TLS handshake. - example: d4e5b18d6b55c71272893221c96ba240 - default_field: false - name: client.not_after - level: extended type: date description: Date/Time indicating when client certificate is no longer considered valid. - example: "2021-01-01T00:00:00.000Z" - default_field: false - name: client.not_before - level: extended type: date description: Date/Time indicating when client certificate is first considered valid. - example: "1970-01-01T00:00:00.000Z" - default_field: false - name: client.server_name - level: extended type: keyword ignore_above: 1024 description: Also called an SNI, this tells the server which hostname to which the client is attempting to connect to. When this value is available, it should get copied to `destination.domain`. - example: www.elastic.co - default_field: false - name: client.subject - level: extended type: wildcard description: Distinguished name of subject of the x.509 certificate presented by the client. - example: CN=myclient, OU=Documentation Team, DC=example, DC=com - default_field: false - name: client.supported_ciphers - level: extended type: keyword ignore_above: 1024 description: Array of ciphers offered by the client during the client hello. - example: '["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "..."]' - default_field: false - name: client.x509.alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: client.x509.issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: client.x509.issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: client.x509.issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: client.x509.issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: client.x509.issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: client.x509.issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: client.x509.issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: client.x509.not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: client.x509.not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: client.x509.public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: client.x509.public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: client.x509.public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: client.x509.public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: client.x509.serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: client.x509.signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: client.x509.subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: client.x509.subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: client.x509.subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: client.x509.subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: client.x509.subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: client.x509.subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: client.x509.subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: client.x509.version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false - name: curve - level: extended type: keyword ignore_above: 1024 description: String indicating the curve used for the given cipher, when applicable. - example: secp256r1 - default_field: false - name: established - level: extended type: boolean description: Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. - default_field: false - name: next_protocol - level: extended type: keyword ignore_above: 1024 description: String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. - example: http/1.1 - default_field: false - name: resumed - level: extended type: boolean description: Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. - default_field: false - name: server.certificate - level: extended type: keyword ignore_above: 1024 description: PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. - example: MII... - default_field: false - name: server.certificate_chain - level: extended type: keyword ignore_above: 1024 description: Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. - example: '["MII...", "MII..."]' - default_field: false - name: server.hash.md5 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC - default_field: false - name: server.hash.sha1 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 9E393D93138888D288266C2D915214D1D1CCEB2A - default_field: false - name: server.hash.sha256 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 - default_field: false - name: server.issuer - level: extended type: wildcard description: Subject of the issuer of the x.509 certificate presented by the server. - example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: server.ja3s - level: extended type: keyword ignore_above: 1024 description: A hash that identifies servers based on how they perform an SSL/TLS handshake. - example: 394441ab65754e2207b1e1b457b3641d - default_field: false - name: server.not_after - level: extended type: date description: Timestamp indicating when server certificate is no longer considered valid. - example: "2021-01-01T00:00:00.000Z" - default_field: false - name: server.not_before - level: extended type: date description: Timestamp indicating when server certificate is first considered valid. - example: "1970-01-01T00:00:00.000Z" - default_field: false - name: server.subject - level: extended type: wildcard description: Subject of the x.509 certificate presented by the server. - example: CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: server.x509.alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: server.x509.issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: server.x509.issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: server.x509.issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: server.x509.issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: server.x509.issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: server.x509.issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: server.x509.issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: server.x509.not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: server.x509.not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: server.x509.public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: server.x509.public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: server.x509.public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: server.x509.public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: server.x509.serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: server.x509.signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: server.x509.subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: server.x509.subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: server.x509.subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: server.x509.subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: server.x509.subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: server.x509.subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: server.x509.subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: server.x509.version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false - name: version - level: extended type: keyword ignore_above: 1024 description: Numeric part of the version parsed from the original string. - example: "1.2" - default_field: false - name: version_protocol - level: extended type: keyword ignore_above: 1024 description: Normalized lowercase protocol name parsed from original string. - example: tls - default_field: false - name: url - title: URL - group: 2 description: URL fields provide support for complete or partial URLs, and supports the breaking down into scheme, domain, path, and so on. type: group fields: - name: domain - level: extended type: wildcard description: 'Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field.' - example: www.elastic.co - name: extension - level: extended type: keyword ignore_above: 1024 description: 'The field contains the file extension from the original request url, excluding the leading dot. @@ -1106,260 +692,164 @@ The leading period must not be included. For example, the value must be "png", not ".png". Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured ("gz", not "tar.gz").' - example: png - name: fragment - level: extended type: keyword ignore_above: 1024 description: 'Portion of the url after the `#`, such as "top". The `#` is not part of the fragment.' - name: full - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. - example: https://www.elastic.co:443/search?q=elasticsearch#top - name: original - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: "Unmodified original url as seen in the event source.\nNote that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path.\nThis field is meant to represent the URL as it was observed, complete or not." - example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch - name: password - level: extended type: keyword ignore_above: 1024 description: Password of the request. - name: path - level: extended type: wildcard description: Path of the request, such as "/search". - name: port - level: extended type: long format: string description: Port of the request, such as 443. - example: 443 - name: query - level: extended type: keyword ignore_above: 1024 description: 'The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases.' - name: registered_domain - level: extended type: wildcard description: 'The highest registered url domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk".' - example: example.com - name: scheme - level: extended type: keyword ignore_above: 1024 description: 'Scheme of the request, such as "https". Note: The `:` is not part of the scheme.' - example: https - name: subdomain - level: extended type: keyword ignore_above: 1024 description: 'The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period.' - example: east - default_field: false - name: top_level_domain - level: extended type: keyword ignore_above: 1024 description: 'The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk".' - example: co.uk - name: username - level: extended type: keyword ignore_above: 1024 description: Username of the request. - name: x509 - title: x509 Certificate - group: 2 description: "This implements the common core fields for x509 certificates. This information is likely logged with TLS sessions, digital signatures found in executable binaries, S/MIME information in email bodies, or analysis of files on disk.\nWhen the certificate relates to a file, use the fields at `file.x509`. When hashes of the DER-encoded certificate are available, the `hash` data set should be populated as well (e.g. `file.hash.sha256`).\nEvents that contain certificate information about network connections, should use the x509 fields under the relevant TLS fields: `tls.server.x509` and/or `tls.client.x509`." type: group fields: - name: alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false diff --git a/packages/synthetics/data_stream/http/fields/cloud.yml b/packages/synthetics/data_stream/http/fields/cloud.yml index 29a4b437903..a3e1c24e4ec 100644 --- a/packages/synthetics/data_stream/http/fields/cloud.yml +++ b/packages/synthetics/data_stream/http/fields/cloud.yml @@ -1,5 +1,4 @@ - name: cloud.image.id - example: ami-abcd1234 type: keyword description: > Image ID for the cloud instance. diff --git a/packages/synthetics/data_stream/http/fields/common.yml b/packages/synthetics/data_stream/http/fields/common.yml index 1b78e493d85..64c24f4500a 100644 --- a/packages/synthetics/data_stream/http/fields/common.yml +++ b/packages/synthetics/data_stream/http/fields/common.yml @@ -53,7 +53,6 @@ IP of service being monitored. If service is monitored by hostname, the `ip` field contains the resolved ip address for the current host. - name: status - required: true type: keyword description: > Indicator if monitor could validate the service to be available. diff --git a/packages/synthetics/data_stream/http/fields/ecs.yml b/packages/synthetics/data_stream/http/fields/ecs.yml index c2d2b7940fb..c8441fd817e 100644 --- a/packages/synthetics/data_stream/http/fields/ecs.yml +++ b/packages/synthetics/data_stream/http/fields/ecs.yml @@ -1,235 +1,157 @@ - name: labels - level: core type: object object_type: keyword description: "Custom key/value pairs.\nCan be used to add meta information to events. Should not contain nested objects. All values are stored as keyword.\nExample: `docker` and `k8s` labels." - example: '{"application": "foo-bar", "env": "production"}' - name: tags - level: core type: keyword ignore_above: 1024 description: List of keywords used to tag each event. - example: '["production", "env2"]' - name: agent - title: Agent - group: 2 description: "The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host.\nExamples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken." - footnote: "Examples: In the case of Beats for logs, the agent.name is filebeat. For APM, it is the agent running in the app/service. The agent information does not change if data is sent through queuing systems like Kafka, Redis, or processing systems such as Logstash or APM Server." type: group fields: - name: build.original - level: core type: wildcard description: "Extended build information for the agent.\nThis field is intended to contain any build information that a data source may provide, no specific formatting is required." - example: metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC] - default_field: false - name: ephemeral_id - level: extended type: keyword ignore_above: 1024 description: "Ephemeral identifier of this agent (if one exists).\nThis id normally changes across restarts, but `agent.id` does not." - example: 8a4f500f - name: id - level: core type: keyword ignore_above: 1024 description: "Unique identifier of this agent (if one exists).\nExample: For Beats this would be beat.id." - example: 8a4f500d - name: name - level: core type: keyword ignore_above: 1024 description: "Custom name of the agent.\nThis is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from.\nIf no name is given, the name is often left empty." - example: foo - name: type - level: core type: keyword ignore_above: 1024 description: "Type of the agent.\nThe agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine." - example: filebeat - name: version - level: core type: keyword ignore_above: 1024 description: Version of the agent. - example: 6.0.0-rc2 - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: account.name - level: extended type: keyword ignore_above: 1024 description: "The cloud account name or alias used to identify different entities in a multi-tenant environment.\nExamples: AWS account name, Google Cloud ORG display name." - example: elastic-dev - default_field: false - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: project.id - level: extended type: keyword ignore_above: 1024 description: "The cloud project identifier.\nExamples: Google Cloud Project id, Azure Project id." - example: my-project - default_field: false - name: project.name - level: extended type: keyword ignore_above: 1024 description: "The cloud project name.\nExamples: Google Cloud Project name, Azure Project name." - example: my project - default_field: false - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: image.tag - level: extended type: keyword ignore_above: 1024 description: Container image tags. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: runtime - level: extended type: keyword ignore_above: 1024 description: Runtime managing this container. - example: docker - name: dns - title: DNS - group: 2 description: "Fields describing DNS queries and answers.\nDNS events should either represent a single DNS query prior to getting answers (`dns.type:query`) or they should represent a full exchange and contain the query details as well as all of the answers that were provided for this query (`dns.type:answer`)." type: group fields: - name: answers - level: extended type: object description: "An array containing an object for each answer section returned by the server.\nThe main keys that should be present in these objects are defined by ECS. Records that have more information may contain more keys than what ECS defines.\nNot all DNS data sources give all details about DNS answers. At minimum, answer objects must contain the `data` key. If more information is available, map as much of it to ECS as possible, and add any additional fields to the answer objects as custom fields." - name: answers.class - level: extended type: keyword ignore_above: 1024 description: The class of DNS data contained in this resource record. - example: IN - name: answers.data - level: extended type: wildcard description: "The data describing the resource.\nThe meaning of this data depends on the type and class of the resource record." - example: 10.10.10.10 - name: answers.name - level: extended type: keyword ignore_above: 1024 description: "The domain name to which this resource record pertains.\nIf a chain of CNAME is being resolved, each answer's `name` should be the one that corresponds with the answer's `data`. It should not simply be the original `question.name` repeated." - example: www.example.com - name: answers.ttl - level: extended type: long description: The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached. - example: 180 - name: answers.type - level: extended type: keyword ignore_above: 1024 description: The type of data contained in this resource record. - example: CNAME - name: header_flags - level: extended type: keyword ignore_above: 1024 description: "Array of 2 letter DNS header flags.\nExpected values are: AA, TC, RD, RA, AD, CD, DO." - example: '["RD", "RA"]' - name: id - level: extended type: keyword ignore_above: 1024 description: The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response. - example: 62111 - name: op_code - level: extended type: keyword ignore_above: 1024 description: The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response. - example: QUERY - name: question.class - level: extended type: keyword ignore_above: 1024 description: The class of records being queried. - example: IN - name: question.name - level: extended type: wildcard description: 'The name being queried. If the name field contains non-printable characters (below 32 or above 126), those characters should be represented as escaped base 10 integers (\DDD). Back slashes and quotes should be escaped. Tabs, carriage returns, and line feeds should be converted to \t, \r, and \n respectively.' - example: www.example.com - name: question.registered_domain - level: extended type: keyword ignore_above: 1024 description: 'The highest registered domain, stripped of the subdomain. @@ -237,123 +159,86 @@ For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk".' - example: example.com - name: question.subdomain - level: extended type: keyword ignore_above: 1024 description: 'The subdomain is all of the labels under the registered_domain. If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period.' - example: www - name: question.top_level_domain - level: extended type: keyword ignore_above: 1024 description: 'The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk".' - example: co.uk - name: question.type - level: extended type: keyword ignore_above: 1024 description: The type of record being queried. - example: AAAA - name: resolved_ip - level: extended type: ip description: "Array containing all IPs seen in `answers.data`.\nThe `answers` array can be difficult to use, because of the variety of data formats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip` makes it possible to index them as IP addresses, and makes them easier to visualize and query for." - example: '["10.10.10.10", "10.10.10.11"]' - name: response_code - level: extended type: keyword ignore_above: 1024 description: The DNS response code. - example: NOERROR - name: type - level: extended type: keyword ignore_above: 1024 description: "The type of DNS event captured, query or answer.\nIf your source of DNS events only gives you DNS queries, you should only create dns events of type `dns.type:query`.\nIf your source of DNS events gives you answers as well, you should create one event per query (optionally as soon as the query is seen). And a second event containing all query details as well as an array of answers." - example: answer - name: ecs - title: ECS - group: 2 description: Meta-information specific to ECS. type: group fields: - name: version - level: core - required: true type: keyword ignore_above: 1024 description: "ECS version this event conforms to. `ecs.version` is a required field and must exist in all events.\nWhen querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events." - example: 1.0.0 - name: error - title: Error - group: 2 description: "These fields can represent errors of any kind.\nUse them for errors that happen while fetching events or in cases where the event itself contains an error." type: group fields: - name: code - level: core type: keyword ignore_above: 1024 description: Error code describing the error. - name: id - level: core type: keyword ignore_above: 1024 description: Unique identifier for the error. - name: message - level: core type: text description: Error message. - name: stack_trace - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The stack trace of this error in plain text. - name: type - level: extended type: wildcard description: The type of the error, for example the class name of the exception. - example: java.lang.NullPointerException - name: http - title: HTTP - group: 2 description: Fields related to HTTP activity. Use the `url` field set to store the url of the request. type: group fields: - name: request.body.bytes - level: extended type: long format: bytes description: Size in bytes of the request body. - example: 887 - name: request.body.content - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The full HTTP request body. - example: Hello world - name: request.bytes - level: extended type: long format: bytes description: Total size in bytes of the request (body and headers). - example: 1437 - name: request.method - level: extended type: keyword ignore_above: 1024 description: 'HTTP request method. @@ -363,740 +248,441 @@ "The field value must be normalized to lowercase for querying." As of ECS 1.6.0, the guidance is deprecated because the original case of the method may be useful in anomaly detection. Original case will be mandated in ECS 2.0.0' - example: GET, POST, PUT, PoST - name: request.mime_type - level: extended type: keyword ignore_above: 1024 description: "Mime type of the body of the request.\nThis value must only be populated based on the content of the request body, not on the `Content-Type` header. Comparing the mime type of a request with the request's Content-Type header can be helpful in detecting threats or misconfigured clients." - example: image/gif - default_field: false - name: request.referrer - level: extended type: wildcard description: Referrer for this HTTP request. - example: https://blog.example.com/ - name: response.body.bytes - level: extended type: long format: bytes description: Size in bytes of the response body. - example: 887 - name: response.body.content - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The full HTTP response body. - example: Hello world - name: response.bytes - level: extended type: long format: bytes description: Total size in bytes of the response (body and headers). - example: 1437 - name: response.mime_type - level: extended type: keyword ignore_above: 1024 description: "Mime type of the body of the response.\nThis value must only be populated based on the content of the response body, not on the `Content-Type` header. Comparing the mime type of a response with the response's Content-Type header can be helpful in detecting misconfigured servers." - example: image/gif - default_field: false - name: response.status_code - level: extended type: long format: string description: HTTP response status code. - example: 404 - name: version - level: extended type: keyword ignore_above: 1024 description: HTTP version. - example: 1.1 - name: observer - title: Observer - group: 2 description: "An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics.\nThis could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, web proxies, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS." type: group fields: - name: geo.city_name - level: core type: keyword ignore_above: 1024 description: City name. - example: Montreal - name: geo.continent_name - level: core type: keyword ignore_above: 1024 description: Name of the continent. - example: North America - name: geo.country_iso_code - level: core type: keyword ignore_above: 1024 description: Country ISO code. - example: CA - name: geo.country_name - level: core type: keyword ignore_above: 1024 description: Country name. - example: Canada - name: geo.location - level: core type: geo_point description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' - name: geo.name - level: extended type: wildcard description: "User-defined description of a location, at the level of granularity they care about.\nCould be the name of their data centers, the floor number, if this describes a local physical entity, city names.\nNot typically used in automated geolocation." - example: boston-dc - name: geo.region_iso_code - level: core type: keyword ignore_above: 1024 description: Region ISO code. - example: CA-QC - name: geo.region_name - level: core type: keyword ignore_above: 1024 description: Region name. - example: Quebec - name: hostname - level: core type: keyword ignore_above: 1024 description: Hostname of the observer. - name: ip - level: core type: ip description: IP addresses of the observer. - name: mac - level: core type: keyword ignore_above: 1024 description: MAC addresses of the observer - name: name - level: extended type: keyword ignore_above: 1024 description: "Custom name of the observer.\nThis is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization.\nIf no custom name is needed, the field can be left empty." - example: 1_proxySG - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.full - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, including the version or code name. - example: Mac OS Mojave - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: product - level: extended type: keyword ignore_above: 1024 description: The product name of the observer. - example: s200 - name: serial_number - level: extended type: keyword ignore_above: 1024 description: Observer serial number. - name: type - level: core type: keyword ignore_above: 1024 description: "The type of the observer the data is coming from.\nThere is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`." - example: firewall - name: vendor - level: core type: keyword ignore_above: 1024 description: Vendor name of the observer. - example: Symantec - name: version - level: core type: keyword ignore_above: 1024 description: Observer version. - name: tls - title: TLS - group: 2 description: Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. type: group fields: - name: cipher - level: extended type: keyword ignore_above: 1024 description: String indicating the cipher used during the current connection. - example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - default_field: false - name: client.certificate - level: extended type: keyword ignore_above: 1024 description: PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. - example: MII... - default_field: false - name: client.certificate_chain - level: extended type: keyword ignore_above: 1024 description: Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. - example: '["MII...", "MII..."]' - default_field: false - name: client.hash.md5 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC - default_field: false - name: client.hash.sha1 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 9E393D93138888D288266C2D915214D1D1CCEB2A - default_field: false - name: client.hash.sha256 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 - default_field: false - name: client.issuer - level: extended type: wildcard description: Distinguished name of subject of the issuer of the x.509 certificate presented by the client. - example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: client.ja3 - level: extended type: keyword ignore_above: 1024 description: A hash that identifies clients based on how they perform an SSL/TLS handshake. - example: d4e5b18d6b55c71272893221c96ba240 - default_field: false - name: client.not_after - level: extended type: date description: Date/Time indicating when client certificate is no longer considered valid. - example: "2021-01-01T00:00:00.000Z" - default_field: false - name: client.not_before - level: extended type: date description: Date/Time indicating when client certificate is first considered valid. - example: "1970-01-01T00:00:00.000Z" - default_field: false - name: client.server_name - level: extended type: keyword ignore_above: 1024 description: Also called an SNI, this tells the server which hostname to which the client is attempting to connect to. When this value is available, it should get copied to `destination.domain`. - example: www.elastic.co - default_field: false - name: client.subject - level: extended type: wildcard description: Distinguished name of subject of the x.509 certificate presented by the client. - example: CN=myclient, OU=Documentation Team, DC=example, DC=com - default_field: false - name: client.supported_ciphers - level: extended type: keyword ignore_above: 1024 description: Array of ciphers offered by the client during the client hello. - example: '["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "..."]' - default_field: false - name: client.x509.alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: client.x509.issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: client.x509.issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: client.x509.issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: client.x509.issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: client.x509.issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: client.x509.issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: client.x509.issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: client.x509.not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: client.x509.not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: client.x509.public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: client.x509.public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: client.x509.public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: client.x509.public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: client.x509.serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: client.x509.signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: client.x509.subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: client.x509.subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: client.x509.subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: client.x509.subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: client.x509.subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: client.x509.subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: client.x509.subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: client.x509.version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false - name: curve - level: extended type: keyword ignore_above: 1024 description: String indicating the curve used for the given cipher, when applicable. - example: secp256r1 - default_field: false - name: established - level: extended type: boolean description: Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. - default_field: false - name: next_protocol - level: extended type: keyword ignore_above: 1024 description: String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. - example: http/1.1 - default_field: false - name: resumed - level: extended type: boolean description: Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. - default_field: false - name: server.certificate - level: extended type: keyword ignore_above: 1024 description: PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. - example: MII... - default_field: false - name: server.certificate_chain - level: extended type: keyword ignore_above: 1024 description: Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. - example: '["MII...", "MII..."]' - default_field: false - name: server.hash.md5 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC - default_field: false - name: server.hash.sha1 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 9E393D93138888D288266C2D915214D1D1CCEB2A - default_field: false - name: server.hash.sha256 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 - default_field: false - name: server.issuer - level: extended type: wildcard description: Subject of the issuer of the x.509 certificate presented by the server. - example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: server.ja3s - level: extended type: keyword ignore_above: 1024 description: A hash that identifies servers based on how they perform an SSL/TLS handshake. - example: 394441ab65754e2207b1e1b457b3641d - default_field: false - name: server.not_after - level: extended type: date description: Timestamp indicating when server certificate is no longer considered valid. - example: "2021-01-01T00:00:00.000Z" - default_field: false - name: server.not_before - level: extended type: date description: Timestamp indicating when server certificate is first considered valid. - example: "1970-01-01T00:00:00.000Z" - default_field: false - name: server.subject - level: extended type: wildcard description: Subject of the x.509 certificate presented by the server. - example: CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: server.x509.alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: server.x509.issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: server.x509.issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: server.x509.issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: server.x509.issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: server.x509.issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: server.x509.issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: server.x509.issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: server.x509.not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: server.x509.not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: server.x509.public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: server.x509.public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: server.x509.public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: server.x509.public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: server.x509.serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: server.x509.signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: server.x509.subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: server.x509.subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: server.x509.subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: server.x509.subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: server.x509.subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: server.x509.subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: server.x509.subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: server.x509.version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false - name: version - level: extended type: keyword ignore_above: 1024 description: Numeric part of the version parsed from the original string. - example: "1.2" - default_field: false - name: version_protocol - level: extended type: keyword ignore_above: 1024 description: Normalized lowercase protocol name parsed from original string. - example: tls - default_field: false - name: url - title: URL - group: 2 description: URL fields provide support for complete or partial URLs, and supports the breaking down into scheme, domain, path, and so on. type: group fields: - name: domain - level: extended type: wildcard description: 'Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field.' - example: www.elastic.co - name: extension - level: extended type: keyword ignore_above: 1024 description: 'The field contains the file extension from the original request url, excluding the leading dot. @@ -1106,262 +692,166 @@ The leading period must not be included. For example, the value must be "png", not ".png". Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured ("gz", not "tar.gz").' - example: png - name: fragment - level: extended type: keyword ignore_above: 1024 description: 'Portion of the url after the `#`, such as "top". The `#` is not part of the fragment.' - name: full - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false - name: keyword type: keyword description: If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. - example: https://www.elastic.co:443/search?q=elasticsearch#top - name: original - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: "Unmodified original url as seen in the event source.\nNote that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path.\nThis field is meant to represent the URL as it was observed, complete or not." - example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch - name: password - level: extended type: keyword ignore_above: 1024 description: Password of the request. - name: path - level: extended type: wildcard description: Path of the request, such as "/search". - name: port - level: extended type: long format: string description: Port of the request, such as 443. - example: 443 - name: query - level: extended type: keyword ignore_above: 1024 description: 'The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases.' - name: registered_domain - level: extended type: wildcard description: 'The highest registered url domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk".' - example: example.com - name: scheme - level: extended type: keyword ignore_above: 1024 description: 'Scheme of the request, such as "https". Note: The `:` is not part of the scheme.' - example: https - name: subdomain - level: extended type: keyword ignore_above: 1024 description: 'The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period.' - example: east - default_field: false - name: top_level_domain - level: extended type: keyword ignore_above: 1024 description: 'The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk".' - example: co.uk - name: username - level: extended type: keyword ignore_above: 1024 description: Username of the request. - name: x509 - title: x509 Certificate - group: 2 description: "This implements the common core fields for x509 certificates. This information is likely logged with TLS sessions, digital signatures found in executable binaries, S/MIME information in email bodies, or analysis of files on disk.\nWhen the certificate relates to a file, use the fields at `file.x509`. When hashes of the DER-encoded certificate are available, the `hash` data set should be populated as well (e.g. `file.hash.sha256`).\nEvents that contain certificate information about network connections, should use the x509 fields under the relevant TLS fields: `tls.server.x509` and/or `tls.client.x509`." type: group fields: - name: alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false diff --git a/packages/synthetics/data_stream/http/fields/tls.yml b/packages/synthetics/data_stream/http/fields/tls.yml index 4174905380c..a0e4cb0ceaa 100644 --- a/packages/synthetics/data_stream/http/fields/tls.yml +++ b/packages/synthetics/data_stream/http/fields/tls.yml @@ -6,10 +6,8 @@ fields: - name: certificate_not_valid_before type: date - deprecated: 7.8.0 description: Deprecated in favor of `tls.server.x509.not_before`. Earliest time at which the connection's certificates are valid. - name: certificate_not_valid_after - deprecated: 7.8.0 type: date description: Deprecated in favor of `tls.server.x509.not_after`. Latest time at which the connection's certificates are valid. - name: rtt @@ -35,5 +33,3 @@ type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false diff --git a/packages/synthetics/data_stream/icmp/fields/cloud.yml b/packages/synthetics/data_stream/icmp/fields/cloud.yml index 29a4b437903..a3e1c24e4ec 100644 --- a/packages/synthetics/data_stream/icmp/fields/cloud.yml +++ b/packages/synthetics/data_stream/icmp/fields/cloud.yml @@ -1,5 +1,4 @@ - name: cloud.image.id - example: ami-abcd1234 type: keyword description: > Image ID for the cloud instance. diff --git a/packages/synthetics/data_stream/icmp/fields/common.yml b/packages/synthetics/data_stream/icmp/fields/common.yml index 91769d83cd9..ca25b510439 100644 --- a/packages/synthetics/data_stream/icmp/fields/common.yml +++ b/packages/synthetics/data_stream/icmp/fields/common.yml @@ -53,7 +53,6 @@ IP of service being monitored. If service is monitored by hostname, the `ip` field contains the resolved ip address for the current host. - name: status - required: true type: keyword description: > Indicator if monitor could validate the service to be available. diff --git a/packages/synthetics/data_stream/icmp/fields/ecs.yml b/packages/synthetics/data_stream/icmp/fields/ecs.yml index c2d2b7940fb..c8441fd817e 100644 --- a/packages/synthetics/data_stream/icmp/fields/ecs.yml +++ b/packages/synthetics/data_stream/icmp/fields/ecs.yml @@ -1,235 +1,157 @@ - name: labels - level: core type: object object_type: keyword description: "Custom key/value pairs.\nCan be used to add meta information to events. Should not contain nested objects. All values are stored as keyword.\nExample: `docker` and `k8s` labels." - example: '{"application": "foo-bar", "env": "production"}' - name: tags - level: core type: keyword ignore_above: 1024 description: List of keywords used to tag each event. - example: '["production", "env2"]' - name: agent - title: Agent - group: 2 description: "The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host.\nExamples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken." - footnote: "Examples: In the case of Beats for logs, the agent.name is filebeat. For APM, it is the agent running in the app/service. The agent information does not change if data is sent through queuing systems like Kafka, Redis, or processing systems such as Logstash or APM Server." type: group fields: - name: build.original - level: core type: wildcard description: "Extended build information for the agent.\nThis field is intended to contain any build information that a data source may provide, no specific formatting is required." - example: metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC] - default_field: false - name: ephemeral_id - level: extended type: keyword ignore_above: 1024 description: "Ephemeral identifier of this agent (if one exists).\nThis id normally changes across restarts, but `agent.id` does not." - example: 8a4f500f - name: id - level: core type: keyword ignore_above: 1024 description: "Unique identifier of this agent (if one exists).\nExample: For Beats this would be beat.id." - example: 8a4f500d - name: name - level: core type: keyword ignore_above: 1024 description: "Custom name of the agent.\nThis is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from.\nIf no name is given, the name is often left empty." - example: foo - name: type - level: core type: keyword ignore_above: 1024 description: "Type of the agent.\nThe agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine." - example: filebeat - name: version - level: core type: keyword ignore_above: 1024 description: Version of the agent. - example: 6.0.0-rc2 - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: account.name - level: extended type: keyword ignore_above: 1024 description: "The cloud account name or alias used to identify different entities in a multi-tenant environment.\nExamples: AWS account name, Google Cloud ORG display name." - example: elastic-dev - default_field: false - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: project.id - level: extended type: keyword ignore_above: 1024 description: "The cloud project identifier.\nExamples: Google Cloud Project id, Azure Project id." - example: my-project - default_field: false - name: project.name - level: extended type: keyword ignore_above: 1024 description: "The cloud project name.\nExamples: Google Cloud Project name, Azure Project name." - example: my project - default_field: false - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: image.tag - level: extended type: keyword ignore_above: 1024 description: Container image tags. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: runtime - level: extended type: keyword ignore_above: 1024 description: Runtime managing this container. - example: docker - name: dns - title: DNS - group: 2 description: "Fields describing DNS queries and answers.\nDNS events should either represent a single DNS query prior to getting answers (`dns.type:query`) or they should represent a full exchange and contain the query details as well as all of the answers that were provided for this query (`dns.type:answer`)." type: group fields: - name: answers - level: extended type: object description: "An array containing an object for each answer section returned by the server.\nThe main keys that should be present in these objects are defined by ECS. Records that have more information may contain more keys than what ECS defines.\nNot all DNS data sources give all details about DNS answers. At minimum, answer objects must contain the `data` key. If more information is available, map as much of it to ECS as possible, and add any additional fields to the answer objects as custom fields." - name: answers.class - level: extended type: keyword ignore_above: 1024 description: The class of DNS data contained in this resource record. - example: IN - name: answers.data - level: extended type: wildcard description: "The data describing the resource.\nThe meaning of this data depends on the type and class of the resource record." - example: 10.10.10.10 - name: answers.name - level: extended type: keyword ignore_above: 1024 description: "The domain name to which this resource record pertains.\nIf a chain of CNAME is being resolved, each answer's `name` should be the one that corresponds with the answer's `data`. It should not simply be the original `question.name` repeated." - example: www.example.com - name: answers.ttl - level: extended type: long description: The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached. - example: 180 - name: answers.type - level: extended type: keyword ignore_above: 1024 description: The type of data contained in this resource record. - example: CNAME - name: header_flags - level: extended type: keyword ignore_above: 1024 description: "Array of 2 letter DNS header flags.\nExpected values are: AA, TC, RD, RA, AD, CD, DO." - example: '["RD", "RA"]' - name: id - level: extended type: keyword ignore_above: 1024 description: The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response. - example: 62111 - name: op_code - level: extended type: keyword ignore_above: 1024 description: The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response. - example: QUERY - name: question.class - level: extended type: keyword ignore_above: 1024 description: The class of records being queried. - example: IN - name: question.name - level: extended type: wildcard description: 'The name being queried. If the name field contains non-printable characters (below 32 or above 126), those characters should be represented as escaped base 10 integers (\DDD). Back slashes and quotes should be escaped. Tabs, carriage returns, and line feeds should be converted to \t, \r, and \n respectively.' - example: www.example.com - name: question.registered_domain - level: extended type: keyword ignore_above: 1024 description: 'The highest registered domain, stripped of the subdomain. @@ -237,123 +159,86 @@ For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk".' - example: example.com - name: question.subdomain - level: extended type: keyword ignore_above: 1024 description: 'The subdomain is all of the labels under the registered_domain. If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period.' - example: www - name: question.top_level_domain - level: extended type: keyword ignore_above: 1024 description: 'The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk".' - example: co.uk - name: question.type - level: extended type: keyword ignore_above: 1024 description: The type of record being queried. - example: AAAA - name: resolved_ip - level: extended type: ip description: "Array containing all IPs seen in `answers.data`.\nThe `answers` array can be difficult to use, because of the variety of data formats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip` makes it possible to index them as IP addresses, and makes them easier to visualize and query for." - example: '["10.10.10.10", "10.10.10.11"]' - name: response_code - level: extended type: keyword ignore_above: 1024 description: The DNS response code. - example: NOERROR - name: type - level: extended type: keyword ignore_above: 1024 description: "The type of DNS event captured, query or answer.\nIf your source of DNS events only gives you DNS queries, you should only create dns events of type `dns.type:query`.\nIf your source of DNS events gives you answers as well, you should create one event per query (optionally as soon as the query is seen). And a second event containing all query details as well as an array of answers." - example: answer - name: ecs - title: ECS - group: 2 description: Meta-information specific to ECS. type: group fields: - name: version - level: core - required: true type: keyword ignore_above: 1024 description: "ECS version this event conforms to. `ecs.version` is a required field and must exist in all events.\nWhen querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events." - example: 1.0.0 - name: error - title: Error - group: 2 description: "These fields can represent errors of any kind.\nUse them for errors that happen while fetching events or in cases where the event itself contains an error." type: group fields: - name: code - level: core type: keyword ignore_above: 1024 description: Error code describing the error. - name: id - level: core type: keyword ignore_above: 1024 description: Unique identifier for the error. - name: message - level: core type: text description: Error message. - name: stack_trace - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The stack trace of this error in plain text. - name: type - level: extended type: wildcard description: The type of the error, for example the class name of the exception. - example: java.lang.NullPointerException - name: http - title: HTTP - group: 2 description: Fields related to HTTP activity. Use the `url` field set to store the url of the request. type: group fields: - name: request.body.bytes - level: extended type: long format: bytes description: Size in bytes of the request body. - example: 887 - name: request.body.content - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The full HTTP request body. - example: Hello world - name: request.bytes - level: extended type: long format: bytes description: Total size in bytes of the request (body and headers). - example: 1437 - name: request.method - level: extended type: keyword ignore_above: 1024 description: 'HTTP request method. @@ -363,740 +248,441 @@ "The field value must be normalized to lowercase for querying." As of ECS 1.6.0, the guidance is deprecated because the original case of the method may be useful in anomaly detection. Original case will be mandated in ECS 2.0.0' - example: GET, POST, PUT, PoST - name: request.mime_type - level: extended type: keyword ignore_above: 1024 description: "Mime type of the body of the request.\nThis value must only be populated based on the content of the request body, not on the `Content-Type` header. Comparing the mime type of a request with the request's Content-Type header can be helpful in detecting threats or misconfigured clients." - example: image/gif - default_field: false - name: request.referrer - level: extended type: wildcard description: Referrer for this HTTP request. - example: https://blog.example.com/ - name: response.body.bytes - level: extended type: long format: bytes description: Size in bytes of the response body. - example: 887 - name: response.body.content - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The full HTTP response body. - example: Hello world - name: response.bytes - level: extended type: long format: bytes description: Total size in bytes of the response (body and headers). - example: 1437 - name: response.mime_type - level: extended type: keyword ignore_above: 1024 description: "Mime type of the body of the response.\nThis value must only be populated based on the content of the response body, not on the `Content-Type` header. Comparing the mime type of a response with the response's Content-Type header can be helpful in detecting misconfigured servers." - example: image/gif - default_field: false - name: response.status_code - level: extended type: long format: string description: HTTP response status code. - example: 404 - name: version - level: extended type: keyword ignore_above: 1024 description: HTTP version. - example: 1.1 - name: observer - title: Observer - group: 2 description: "An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics.\nThis could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, web proxies, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS." type: group fields: - name: geo.city_name - level: core type: keyword ignore_above: 1024 description: City name. - example: Montreal - name: geo.continent_name - level: core type: keyword ignore_above: 1024 description: Name of the continent. - example: North America - name: geo.country_iso_code - level: core type: keyword ignore_above: 1024 description: Country ISO code. - example: CA - name: geo.country_name - level: core type: keyword ignore_above: 1024 description: Country name. - example: Canada - name: geo.location - level: core type: geo_point description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' - name: geo.name - level: extended type: wildcard description: "User-defined description of a location, at the level of granularity they care about.\nCould be the name of their data centers, the floor number, if this describes a local physical entity, city names.\nNot typically used in automated geolocation." - example: boston-dc - name: geo.region_iso_code - level: core type: keyword ignore_above: 1024 description: Region ISO code. - example: CA-QC - name: geo.region_name - level: core type: keyword ignore_above: 1024 description: Region name. - example: Quebec - name: hostname - level: core type: keyword ignore_above: 1024 description: Hostname of the observer. - name: ip - level: core type: ip description: IP addresses of the observer. - name: mac - level: core type: keyword ignore_above: 1024 description: MAC addresses of the observer - name: name - level: extended type: keyword ignore_above: 1024 description: "Custom name of the observer.\nThis is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization.\nIf no custom name is needed, the field can be left empty." - example: 1_proxySG - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.full - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, including the version or code name. - example: Mac OS Mojave - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: product - level: extended type: keyword ignore_above: 1024 description: The product name of the observer. - example: s200 - name: serial_number - level: extended type: keyword ignore_above: 1024 description: Observer serial number. - name: type - level: core type: keyword ignore_above: 1024 description: "The type of the observer the data is coming from.\nThere is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`." - example: firewall - name: vendor - level: core type: keyword ignore_above: 1024 description: Vendor name of the observer. - example: Symantec - name: version - level: core type: keyword ignore_above: 1024 description: Observer version. - name: tls - title: TLS - group: 2 description: Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. type: group fields: - name: cipher - level: extended type: keyword ignore_above: 1024 description: String indicating the cipher used during the current connection. - example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - default_field: false - name: client.certificate - level: extended type: keyword ignore_above: 1024 description: PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. - example: MII... - default_field: false - name: client.certificate_chain - level: extended type: keyword ignore_above: 1024 description: Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. - example: '["MII...", "MII..."]' - default_field: false - name: client.hash.md5 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC - default_field: false - name: client.hash.sha1 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 9E393D93138888D288266C2D915214D1D1CCEB2A - default_field: false - name: client.hash.sha256 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 - default_field: false - name: client.issuer - level: extended type: wildcard description: Distinguished name of subject of the issuer of the x.509 certificate presented by the client. - example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: client.ja3 - level: extended type: keyword ignore_above: 1024 description: A hash that identifies clients based on how they perform an SSL/TLS handshake. - example: d4e5b18d6b55c71272893221c96ba240 - default_field: false - name: client.not_after - level: extended type: date description: Date/Time indicating when client certificate is no longer considered valid. - example: "2021-01-01T00:00:00.000Z" - default_field: false - name: client.not_before - level: extended type: date description: Date/Time indicating when client certificate is first considered valid. - example: "1970-01-01T00:00:00.000Z" - default_field: false - name: client.server_name - level: extended type: keyword ignore_above: 1024 description: Also called an SNI, this tells the server which hostname to which the client is attempting to connect to. When this value is available, it should get copied to `destination.domain`. - example: www.elastic.co - default_field: false - name: client.subject - level: extended type: wildcard description: Distinguished name of subject of the x.509 certificate presented by the client. - example: CN=myclient, OU=Documentation Team, DC=example, DC=com - default_field: false - name: client.supported_ciphers - level: extended type: keyword ignore_above: 1024 description: Array of ciphers offered by the client during the client hello. - example: '["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "..."]' - default_field: false - name: client.x509.alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: client.x509.issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: client.x509.issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: client.x509.issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: client.x509.issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: client.x509.issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: client.x509.issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: client.x509.issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: client.x509.not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: client.x509.not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: client.x509.public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: client.x509.public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: client.x509.public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: client.x509.public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: client.x509.serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: client.x509.signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: client.x509.subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: client.x509.subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: client.x509.subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: client.x509.subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: client.x509.subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: client.x509.subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: client.x509.subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: client.x509.version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false - name: curve - level: extended type: keyword ignore_above: 1024 description: String indicating the curve used for the given cipher, when applicable. - example: secp256r1 - default_field: false - name: established - level: extended type: boolean description: Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. - default_field: false - name: next_protocol - level: extended type: keyword ignore_above: 1024 description: String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. - example: http/1.1 - default_field: false - name: resumed - level: extended type: boolean description: Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. - default_field: false - name: server.certificate - level: extended type: keyword ignore_above: 1024 description: PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. - example: MII... - default_field: false - name: server.certificate_chain - level: extended type: keyword ignore_above: 1024 description: Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. - example: '["MII...", "MII..."]' - default_field: false - name: server.hash.md5 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC - default_field: false - name: server.hash.sha1 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 9E393D93138888D288266C2D915214D1D1CCEB2A - default_field: false - name: server.hash.sha256 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 - default_field: false - name: server.issuer - level: extended type: wildcard description: Subject of the issuer of the x.509 certificate presented by the server. - example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: server.ja3s - level: extended type: keyword ignore_above: 1024 description: A hash that identifies servers based on how they perform an SSL/TLS handshake. - example: 394441ab65754e2207b1e1b457b3641d - default_field: false - name: server.not_after - level: extended type: date description: Timestamp indicating when server certificate is no longer considered valid. - example: "2021-01-01T00:00:00.000Z" - default_field: false - name: server.not_before - level: extended type: date description: Timestamp indicating when server certificate is first considered valid. - example: "1970-01-01T00:00:00.000Z" - default_field: false - name: server.subject - level: extended type: wildcard description: Subject of the x.509 certificate presented by the server. - example: CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: server.x509.alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: server.x509.issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: server.x509.issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: server.x509.issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: server.x509.issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: server.x509.issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: server.x509.issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: server.x509.issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: server.x509.not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: server.x509.not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: server.x509.public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: server.x509.public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: server.x509.public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: server.x509.public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: server.x509.serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: server.x509.signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: server.x509.subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: server.x509.subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: server.x509.subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: server.x509.subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: server.x509.subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: server.x509.subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: server.x509.subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: server.x509.version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false - name: version - level: extended type: keyword ignore_above: 1024 description: Numeric part of the version parsed from the original string. - example: "1.2" - default_field: false - name: version_protocol - level: extended type: keyword ignore_above: 1024 description: Normalized lowercase protocol name parsed from original string. - example: tls - default_field: false - name: url - title: URL - group: 2 description: URL fields provide support for complete or partial URLs, and supports the breaking down into scheme, domain, path, and so on. type: group fields: - name: domain - level: extended type: wildcard description: 'Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field.' - example: www.elastic.co - name: extension - level: extended type: keyword ignore_above: 1024 description: 'The field contains the file extension from the original request url, excluding the leading dot. @@ -1106,262 +692,166 @@ The leading period must not be included. For example, the value must be "png", not ".png". Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured ("gz", not "tar.gz").' - example: png - name: fragment - level: extended type: keyword ignore_above: 1024 description: 'Portion of the url after the `#`, such as "top". The `#` is not part of the fragment.' - name: full - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false - name: keyword type: keyword description: If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. - example: https://www.elastic.co:443/search?q=elasticsearch#top - name: original - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: "Unmodified original url as seen in the event source.\nNote that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path.\nThis field is meant to represent the URL as it was observed, complete or not." - example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch - name: password - level: extended type: keyword ignore_above: 1024 description: Password of the request. - name: path - level: extended type: wildcard description: Path of the request, such as "/search". - name: port - level: extended type: long format: string description: Port of the request, such as 443. - example: 443 - name: query - level: extended type: keyword ignore_above: 1024 description: 'The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases.' - name: registered_domain - level: extended type: wildcard description: 'The highest registered url domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk".' - example: example.com - name: scheme - level: extended type: keyword ignore_above: 1024 description: 'Scheme of the request, such as "https". Note: The `:` is not part of the scheme.' - example: https - name: subdomain - level: extended type: keyword ignore_above: 1024 description: 'The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period.' - example: east - default_field: false - name: top_level_domain - level: extended type: keyword ignore_above: 1024 description: 'The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk".' - example: co.uk - name: username - level: extended type: keyword ignore_above: 1024 description: Username of the request. - name: x509 - title: x509 Certificate - group: 2 description: "This implements the common core fields for x509 certificates. This information is likely logged with TLS sessions, digital signatures found in executable binaries, S/MIME information in email bodies, or analysis of files on disk.\nWhen the certificate relates to a file, use the fields at `file.x509`. When hashes of the DER-encoded certificate are available, the `hash` data set should be populated as well (e.g. `file.hash.sha256`).\nEvents that contain certificate information about network connections, should use the x509 fields under the relevant TLS fields: `tls.server.x509` and/or `tls.client.x509`." type: group fields: - name: alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false diff --git a/packages/synthetics/data_stream/icmp/fields/tls.yml b/packages/synthetics/data_stream/icmp/fields/tls.yml index 4174905380c..a0e4cb0ceaa 100644 --- a/packages/synthetics/data_stream/icmp/fields/tls.yml +++ b/packages/synthetics/data_stream/icmp/fields/tls.yml @@ -6,10 +6,8 @@ fields: - name: certificate_not_valid_before type: date - deprecated: 7.8.0 description: Deprecated in favor of `tls.server.x509.not_before`. Earliest time at which the connection's certificates are valid. - name: certificate_not_valid_after - deprecated: 7.8.0 type: date description: Deprecated in favor of `tls.server.x509.not_after`. Latest time at which the connection's certificates are valid. - name: rtt @@ -35,5 +33,3 @@ type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false diff --git a/packages/synthetics/data_stream/tcp/fields/cloud.yml b/packages/synthetics/data_stream/tcp/fields/cloud.yml index 29a4b437903..a3e1c24e4ec 100644 --- a/packages/synthetics/data_stream/tcp/fields/cloud.yml +++ b/packages/synthetics/data_stream/tcp/fields/cloud.yml @@ -1,5 +1,4 @@ - name: cloud.image.id - example: ami-abcd1234 type: keyword description: > Image ID for the cloud instance. diff --git a/packages/synthetics/data_stream/tcp/fields/common.yml b/packages/synthetics/data_stream/tcp/fields/common.yml index c10d217448e..6b1052f9d72 100644 --- a/packages/synthetics/data_stream/tcp/fields/common.yml +++ b/packages/synthetics/data_stream/tcp/fields/common.yml @@ -53,7 +53,6 @@ IP of service being monitored. If service is monitored by hostname, the `ip` field contains the resolved ip address for the current host. - name: status - required: true type: keyword description: > Indicator if monitor could validate the service to be available. diff --git a/packages/synthetics/data_stream/tcp/fields/ecs.yml b/packages/synthetics/data_stream/tcp/fields/ecs.yml index c2d2b7940fb..c8441fd817e 100644 --- a/packages/synthetics/data_stream/tcp/fields/ecs.yml +++ b/packages/synthetics/data_stream/tcp/fields/ecs.yml @@ -1,235 +1,157 @@ - name: labels - level: core type: object object_type: keyword description: "Custom key/value pairs.\nCan be used to add meta information to events. Should not contain nested objects. All values are stored as keyword.\nExample: `docker` and `k8s` labels." - example: '{"application": "foo-bar", "env": "production"}' - name: tags - level: core type: keyword ignore_above: 1024 description: List of keywords used to tag each event. - example: '["production", "env2"]' - name: agent - title: Agent - group: 2 description: "The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host.\nExamples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken." - footnote: "Examples: In the case of Beats for logs, the agent.name is filebeat. For APM, it is the agent running in the app/service. The agent information does not change if data is sent through queuing systems like Kafka, Redis, or processing systems such as Logstash or APM Server." type: group fields: - name: build.original - level: core type: wildcard description: "Extended build information for the agent.\nThis field is intended to contain any build information that a data source may provide, no specific formatting is required." - example: metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC] - default_field: false - name: ephemeral_id - level: extended type: keyword ignore_above: 1024 description: "Ephemeral identifier of this agent (if one exists).\nThis id normally changes across restarts, but `agent.id` does not." - example: 8a4f500f - name: id - level: core type: keyword ignore_above: 1024 description: "Unique identifier of this agent (if one exists).\nExample: For Beats this would be beat.id." - example: 8a4f500d - name: name - level: core type: keyword ignore_above: 1024 description: "Custom name of the agent.\nThis is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from.\nIf no name is given, the name is often left empty." - example: foo - name: type - level: core type: keyword ignore_above: 1024 description: "Type of the agent.\nThe agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine." - example: filebeat - name: version - level: core type: keyword ignore_above: 1024 description: Version of the agent. - example: 6.0.0-rc2 - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: account.name - level: extended type: keyword ignore_above: 1024 description: "The cloud account name or alias used to identify different entities in a multi-tenant environment.\nExamples: AWS account name, Google Cloud ORG display name." - example: elastic-dev - default_field: false - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: project.id - level: extended type: keyword ignore_above: 1024 description: "The cloud project identifier.\nExamples: Google Cloud Project id, Azure Project id." - example: my-project - default_field: false - name: project.name - level: extended type: keyword ignore_above: 1024 description: "The cloud project name.\nExamples: Google Cloud Project name, Azure Project name." - example: my project - default_field: false - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: image.tag - level: extended type: keyword ignore_above: 1024 description: Container image tags. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: runtime - level: extended type: keyword ignore_above: 1024 description: Runtime managing this container. - example: docker - name: dns - title: DNS - group: 2 description: "Fields describing DNS queries and answers.\nDNS events should either represent a single DNS query prior to getting answers (`dns.type:query`) or they should represent a full exchange and contain the query details as well as all of the answers that were provided for this query (`dns.type:answer`)." type: group fields: - name: answers - level: extended type: object description: "An array containing an object for each answer section returned by the server.\nThe main keys that should be present in these objects are defined by ECS. Records that have more information may contain more keys than what ECS defines.\nNot all DNS data sources give all details about DNS answers. At minimum, answer objects must contain the `data` key. If more information is available, map as much of it to ECS as possible, and add any additional fields to the answer objects as custom fields." - name: answers.class - level: extended type: keyword ignore_above: 1024 description: The class of DNS data contained in this resource record. - example: IN - name: answers.data - level: extended type: wildcard description: "The data describing the resource.\nThe meaning of this data depends on the type and class of the resource record." - example: 10.10.10.10 - name: answers.name - level: extended type: keyword ignore_above: 1024 description: "The domain name to which this resource record pertains.\nIf a chain of CNAME is being resolved, each answer's `name` should be the one that corresponds with the answer's `data`. It should not simply be the original `question.name` repeated." - example: www.example.com - name: answers.ttl - level: extended type: long description: The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached. - example: 180 - name: answers.type - level: extended type: keyword ignore_above: 1024 description: The type of data contained in this resource record. - example: CNAME - name: header_flags - level: extended type: keyword ignore_above: 1024 description: "Array of 2 letter DNS header flags.\nExpected values are: AA, TC, RD, RA, AD, CD, DO." - example: '["RD", "RA"]' - name: id - level: extended type: keyword ignore_above: 1024 description: The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response. - example: 62111 - name: op_code - level: extended type: keyword ignore_above: 1024 description: The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response. - example: QUERY - name: question.class - level: extended type: keyword ignore_above: 1024 description: The class of records being queried. - example: IN - name: question.name - level: extended type: wildcard description: 'The name being queried. If the name field contains non-printable characters (below 32 or above 126), those characters should be represented as escaped base 10 integers (\DDD). Back slashes and quotes should be escaped. Tabs, carriage returns, and line feeds should be converted to \t, \r, and \n respectively.' - example: www.example.com - name: question.registered_domain - level: extended type: keyword ignore_above: 1024 description: 'The highest registered domain, stripped of the subdomain. @@ -237,123 +159,86 @@ For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk".' - example: example.com - name: question.subdomain - level: extended type: keyword ignore_above: 1024 description: 'The subdomain is all of the labels under the registered_domain. If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period.' - example: www - name: question.top_level_domain - level: extended type: keyword ignore_above: 1024 description: 'The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk".' - example: co.uk - name: question.type - level: extended type: keyword ignore_above: 1024 description: The type of record being queried. - example: AAAA - name: resolved_ip - level: extended type: ip description: "Array containing all IPs seen in `answers.data`.\nThe `answers` array can be difficult to use, because of the variety of data formats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip` makes it possible to index them as IP addresses, and makes them easier to visualize and query for." - example: '["10.10.10.10", "10.10.10.11"]' - name: response_code - level: extended type: keyword ignore_above: 1024 description: The DNS response code. - example: NOERROR - name: type - level: extended type: keyword ignore_above: 1024 description: "The type of DNS event captured, query or answer.\nIf your source of DNS events only gives you DNS queries, you should only create dns events of type `dns.type:query`.\nIf your source of DNS events gives you answers as well, you should create one event per query (optionally as soon as the query is seen). And a second event containing all query details as well as an array of answers." - example: answer - name: ecs - title: ECS - group: 2 description: Meta-information specific to ECS. type: group fields: - name: version - level: core - required: true type: keyword ignore_above: 1024 description: "ECS version this event conforms to. `ecs.version` is a required field and must exist in all events.\nWhen querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events." - example: 1.0.0 - name: error - title: Error - group: 2 description: "These fields can represent errors of any kind.\nUse them for errors that happen while fetching events or in cases where the event itself contains an error." type: group fields: - name: code - level: core type: keyword ignore_above: 1024 description: Error code describing the error. - name: id - level: core type: keyword ignore_above: 1024 description: Unique identifier for the error. - name: message - level: core type: text description: Error message. - name: stack_trace - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The stack trace of this error in plain text. - name: type - level: extended type: wildcard description: The type of the error, for example the class name of the exception. - example: java.lang.NullPointerException - name: http - title: HTTP - group: 2 description: Fields related to HTTP activity. Use the `url` field set to store the url of the request. type: group fields: - name: request.body.bytes - level: extended type: long format: bytes description: Size in bytes of the request body. - example: 887 - name: request.body.content - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The full HTTP request body. - example: Hello world - name: request.bytes - level: extended type: long format: bytes description: Total size in bytes of the request (body and headers). - example: 1437 - name: request.method - level: extended type: keyword ignore_above: 1024 description: 'HTTP request method. @@ -363,740 +248,441 @@ "The field value must be normalized to lowercase for querying." As of ECS 1.6.0, the guidance is deprecated because the original case of the method may be useful in anomaly detection. Original case will be mandated in ECS 2.0.0' - example: GET, POST, PUT, PoST - name: request.mime_type - level: extended type: keyword ignore_above: 1024 description: "Mime type of the body of the request.\nThis value must only be populated based on the content of the request body, not on the `Content-Type` header. Comparing the mime type of a request with the request's Content-Type header can be helpful in detecting threats or misconfigured clients." - example: image/gif - default_field: false - name: request.referrer - level: extended type: wildcard description: Referrer for this HTTP request. - example: https://blog.example.com/ - name: response.body.bytes - level: extended type: long format: bytes description: Size in bytes of the response body. - example: 887 - name: response.body.content - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: The full HTTP response body. - example: Hello world - name: response.bytes - level: extended type: long format: bytes description: Total size in bytes of the response (body and headers). - example: 1437 - name: response.mime_type - level: extended type: keyword ignore_above: 1024 description: "Mime type of the body of the response.\nThis value must only be populated based on the content of the response body, not on the `Content-Type` header. Comparing the mime type of a response with the response's Content-Type header can be helpful in detecting misconfigured servers." - example: image/gif - default_field: false - name: response.status_code - level: extended type: long format: string description: HTTP response status code. - example: 404 - name: version - level: extended type: keyword ignore_above: 1024 description: HTTP version. - example: 1.1 - name: observer - title: Observer - group: 2 description: "An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics.\nThis could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, web proxies, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS." type: group fields: - name: geo.city_name - level: core type: keyword ignore_above: 1024 description: City name. - example: Montreal - name: geo.continent_name - level: core type: keyword ignore_above: 1024 description: Name of the continent. - example: North America - name: geo.country_iso_code - level: core type: keyword ignore_above: 1024 description: Country ISO code. - example: CA - name: geo.country_name - level: core type: keyword ignore_above: 1024 description: Country name. - example: Canada - name: geo.location - level: core type: geo_point description: Longitude and latitude. - example: '{ "lon": -73.614830, "lat": 45.505918 }' - name: geo.name - level: extended type: wildcard description: "User-defined description of a location, at the level of granularity they care about.\nCould be the name of their data centers, the floor number, if this describes a local physical entity, city names.\nNot typically used in automated geolocation." - example: boston-dc - name: geo.region_iso_code - level: core type: keyword ignore_above: 1024 description: Region ISO code. - example: CA-QC - name: geo.region_name - level: core type: keyword ignore_above: 1024 description: Region name. - example: Quebec - name: hostname - level: core type: keyword ignore_above: 1024 description: Hostname of the observer. - name: ip - level: core type: ip description: IP addresses of the observer. - name: mac - level: core type: keyword ignore_above: 1024 description: MAC addresses of the observer - name: name - level: extended type: keyword ignore_above: 1024 description: "Custom name of the observer.\nThis is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization.\nIf no custom name is needed, the field can be left empty." - example: 1_proxySG - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.full - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, including the version or code name. - example: Mac OS Mojave - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: product - level: extended type: keyword ignore_above: 1024 description: The product name of the observer. - example: s200 - name: serial_number - level: extended type: keyword ignore_above: 1024 description: Observer serial number. - name: type - level: core type: keyword ignore_above: 1024 description: "The type of the observer the data is coming from.\nThere is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`." - example: firewall - name: vendor - level: core type: keyword ignore_above: 1024 description: Vendor name of the observer. - example: Symantec - name: version - level: core type: keyword ignore_above: 1024 description: Observer version. - name: tls - title: TLS - group: 2 description: Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. type: group fields: - name: cipher - level: extended type: keyword ignore_above: 1024 description: String indicating the cipher used during the current connection. - example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - default_field: false - name: client.certificate - level: extended type: keyword ignore_above: 1024 description: PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. - example: MII... - default_field: false - name: client.certificate_chain - level: extended type: keyword ignore_above: 1024 description: Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. - example: '["MII...", "MII..."]' - default_field: false - name: client.hash.md5 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC - default_field: false - name: client.hash.sha1 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 9E393D93138888D288266C2D915214D1D1CCEB2A - default_field: false - name: client.hash.sha256 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 - default_field: false - name: client.issuer - level: extended type: wildcard description: Distinguished name of subject of the issuer of the x.509 certificate presented by the client. - example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: client.ja3 - level: extended type: keyword ignore_above: 1024 description: A hash that identifies clients based on how they perform an SSL/TLS handshake. - example: d4e5b18d6b55c71272893221c96ba240 - default_field: false - name: client.not_after - level: extended type: date description: Date/Time indicating when client certificate is no longer considered valid. - example: "2021-01-01T00:00:00.000Z" - default_field: false - name: client.not_before - level: extended type: date description: Date/Time indicating when client certificate is first considered valid. - example: "1970-01-01T00:00:00.000Z" - default_field: false - name: client.server_name - level: extended type: keyword ignore_above: 1024 description: Also called an SNI, this tells the server which hostname to which the client is attempting to connect to. When this value is available, it should get copied to `destination.domain`. - example: www.elastic.co - default_field: false - name: client.subject - level: extended type: wildcard description: Distinguished name of subject of the x.509 certificate presented by the client. - example: CN=myclient, OU=Documentation Team, DC=example, DC=com - default_field: false - name: client.supported_ciphers - level: extended type: keyword ignore_above: 1024 description: Array of ciphers offered by the client during the client hello. - example: '["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "..."]' - default_field: false - name: client.x509.alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: client.x509.issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: client.x509.issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: client.x509.issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: client.x509.issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: client.x509.issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: client.x509.issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: client.x509.issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: client.x509.not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: client.x509.not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: client.x509.public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: client.x509.public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: client.x509.public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: client.x509.public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: client.x509.serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: client.x509.signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: client.x509.subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: client.x509.subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: client.x509.subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: client.x509.subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: client.x509.subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: client.x509.subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: client.x509.subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: client.x509.version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false - name: curve - level: extended type: keyword ignore_above: 1024 description: String indicating the curve used for the given cipher, when applicable. - example: secp256r1 - default_field: false - name: established - level: extended type: boolean description: Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. - default_field: false - name: next_protocol - level: extended type: keyword ignore_above: 1024 description: String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. - example: http/1.1 - default_field: false - name: resumed - level: extended type: boolean description: Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. - default_field: false - name: server.certificate - level: extended type: keyword ignore_above: 1024 description: PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. - example: MII... - default_field: false - name: server.certificate_chain - level: extended type: keyword ignore_above: 1024 description: Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. - example: '["MII...", "MII..."]' - default_field: false - name: server.hash.md5 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC - default_field: false - name: server.hash.sha1 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 9E393D93138888D288266C2D915214D1D1CCEB2A - default_field: false - name: server.hash.sha256 - level: extended type: keyword ignore_above: 1024 description: Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. - example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 - default_field: false - name: server.issuer - level: extended type: wildcard description: Subject of the issuer of the x.509 certificate presented by the server. - example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: server.ja3s - level: extended type: keyword ignore_above: 1024 description: A hash that identifies servers based on how they perform an SSL/TLS handshake. - example: 394441ab65754e2207b1e1b457b3641d - default_field: false - name: server.not_after - level: extended type: date description: Timestamp indicating when server certificate is no longer considered valid. - example: "2021-01-01T00:00:00.000Z" - default_field: false - name: server.not_before - level: extended type: date description: Timestamp indicating when server certificate is first considered valid. - example: "1970-01-01T00:00:00.000Z" - default_field: false - name: server.subject - level: extended type: wildcard description: Subject of the x.509 certificate presented by the server. - example: CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com - default_field: false - name: server.x509.alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: server.x509.issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: server.x509.issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: server.x509.issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: server.x509.issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: server.x509.issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: server.x509.issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: server.x509.issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: server.x509.not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: server.x509.not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: server.x509.public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: server.x509.public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: server.x509.public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: server.x509.public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: server.x509.serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: server.x509.signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: server.x509.subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: server.x509.subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: server.x509.subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: server.x509.subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: server.x509.subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: server.x509.subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: server.x509.subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: server.x509.version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false - name: version - level: extended type: keyword ignore_above: 1024 description: Numeric part of the version parsed from the original string. - example: "1.2" - default_field: false - name: version_protocol - level: extended type: keyword ignore_above: 1024 description: Normalized lowercase protocol name parsed from original string. - example: tls - default_field: false - name: url - title: URL - group: 2 description: URL fields provide support for complete or partial URLs, and supports the breaking down into scheme, domain, path, and so on. type: group fields: - name: domain - level: extended type: wildcard description: 'Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field.' - example: www.elastic.co - name: extension - level: extended type: keyword ignore_above: 1024 description: 'The field contains the file extension from the original request url, excluding the leading dot. @@ -1106,262 +692,166 @@ The leading period must not be included. For example, the value must be "png", not ".png". Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured ("gz", not "tar.gz").' - example: png - name: fragment - level: extended type: keyword ignore_above: 1024 description: 'Portion of the url after the `#`, such as "top". The `#` is not part of the fragment.' - name: full - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false - name: keyword type: keyword description: If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. - example: https://www.elastic.co:443/search?q=elasticsearch#top - name: original - level: extended type: wildcard multi_fields: - name: text type: text norms: false - default_field: false description: "Unmodified original url as seen in the event source.\nNote that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path.\nThis field is meant to represent the URL as it was observed, complete or not." - example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch - name: password - level: extended type: keyword ignore_above: 1024 description: Password of the request. - name: path - level: extended type: wildcard description: Path of the request, such as "/search". - name: port - level: extended type: long format: string description: Port of the request, such as 443. - example: 443 - name: query - level: extended type: keyword ignore_above: 1024 description: 'The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases.' - name: registered_domain - level: extended type: wildcard description: 'The highest registered url domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk".' - example: example.com - name: scheme - level: extended type: keyword ignore_above: 1024 description: 'Scheme of the request, such as "https". Note: The `:` is not part of the scheme.' - example: https - name: subdomain - level: extended type: keyword ignore_above: 1024 description: 'The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period.' - example: east - default_field: false - name: top_level_domain - level: extended type: keyword ignore_above: 1024 description: 'The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk".' - example: co.uk - name: username - level: extended type: keyword ignore_above: 1024 description: Username of the request. - name: x509 - title: x509 Certificate - group: 2 description: "This implements the common core fields for x509 certificates. This information is likely logged with TLS sessions, digital signatures found in executable binaries, S/MIME information in email bodies, or analysis of files on disk.\nWhen the certificate relates to a file, use the fields at `file.x509`. When hashes of the DER-encoded certificate are available, the `hash` data set should be populated as well (e.g. `file.hash.sha256`).\nEvents that contain certificate information about network connections, should use the x509 fields under the relevant TLS fields: `tls.server.x509` and/or `tls.client.x509`." type: group fields: - name: alternative_names - level: extended type: keyword ignore_above: 1024 description: List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. - example: "*.elastic.co" - default_field: false - name: issuer.common_name - level: extended type: keyword ignore_above: 1024 description: List of common name (CN) of issuing certificate authority. - example: Example SHA2 High Assurance Server CA - default_field: false - name: issuer.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) codes - example: US - default_field: false - name: issuer.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of issuing certificate authority. - example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA - default_field: false - name: issuer.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: Mountain View - default_field: false - name: issuer.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of issuing certificate authority. - example: Example Inc - default_field: false - name: issuer.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of issuing certificate authority. - example: www.example.com - default_field: false - name: issuer.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: not_after - level: extended type: date description: Time at which the certificate is no longer considered valid. - example: 2020-07-16 03:15:39+00:00 - default_field: false - name: not_before - level: extended type: date description: Time at which the certificate is first considered valid. - example: 2019-08-16 01:40:25+00:00 - default_field: false - name: public_key_algorithm - level: extended type: keyword ignore_above: 1024 description: Algorithm used to generate the public key. - example: RSA - default_field: false - name: public_key_curve - level: extended type: keyword ignore_above: 1024 description: The curve used by the elliptic curve public key algorithm. This is algorithm specific. - example: nistp521 - default_field: false - name: public_key_exponent - level: extended type: long description: Exponent used to derive the public key. This is algorithm specific. - example: 65537 index: false - default_field: false - name: public_key_size - level: extended type: long description: The size of the public key space in bits. - example: 2048 - default_field: false - name: serial_number - level: extended type: keyword ignore_above: 1024 description: Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. - example: 55FBB9C7DEBF09809D12CCAA - default_field: false - name: signature_algorithm - level: extended type: keyword ignore_above: 1024 description: Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. - example: SHA256-RSA - default_field: false - name: subject.common_name - level: extended type: keyword ignore_above: 1024 description: List of common names (CN) of subject. - example: shared.global.example.net - default_field: false - name: subject.country - level: extended type: keyword ignore_above: 1024 description: List of country (C) code - example: US - default_field: false - name: subject.distinguished_name - level: extended type: wildcard description: Distinguished name (DN) of the certificate subject entity. - example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net - default_field: false - name: subject.locality - level: extended type: keyword ignore_above: 1024 description: List of locality names (L) - example: San Francisco - default_field: false - name: subject.organization - level: extended type: keyword ignore_above: 1024 description: List of organizations (O) of subject. - example: Example, Inc. - default_field: false - name: subject.organizational_unit - level: extended type: keyword ignore_above: 1024 description: List of organizational units (OU) of subject. - default_field: false - name: subject.state_or_province - level: extended type: keyword ignore_above: 1024 description: List of state or province names (ST, S, or P) - example: California - default_field: false - name: version_number - level: extended type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false diff --git a/packages/synthetics/data_stream/tcp/fields/tls.yml b/packages/synthetics/data_stream/tcp/fields/tls.yml index 4174905380c..a0e4cb0ceaa 100644 --- a/packages/synthetics/data_stream/tcp/fields/tls.yml +++ b/packages/synthetics/data_stream/tcp/fields/tls.yml @@ -6,10 +6,8 @@ fields: - name: certificate_not_valid_before type: date - deprecated: 7.8.0 description: Deprecated in favor of `tls.server.x509.not_before`. Earliest time at which the connection's certificates are valid. - name: certificate_not_valid_after - deprecated: 7.8.0 type: date description: Deprecated in favor of `tls.server.x509.not_after`. Latest time at which the connection's certificates are valid. - name: rtt @@ -35,5 +33,3 @@ type: keyword ignore_above: 1024 description: Version of x509 format. - example: 3 - default_field: false diff --git a/packages/synthetics/manifest.yml b/packages/synthetics/manifest.yml index 53ecd840ba1..6133a57129c 100644 --- a/packages/synthetics/manifest.yml +++ b/packages/synthetics/manifest.yml @@ -2,7 +2,7 @@ format_version: 1.0.0 name: synthetics title: Elastic Synthetics description: Monitor the availability of your services with Elastic Synthetics. -version: 0.9.2 +version: "0.9.3" categories: ["elastic_stack", "monitoring", "web"] release: beta type: integration diff --git a/packages/system/changelog.yml b/packages/system/changelog.yml index a4b595a4ef1..125e32fe28c 100644 --- a/packages/system/changelog.yml +++ b/packages/system/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.13.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.13.0" changes: - description: Add parent process ID to security event for new process creation. diff --git a/packages/system/data_stream/application/fields/agent.yml b/packages/system/data_stream/application/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/system/data_stream/application/fields/agent.yml +++ b/packages/system/data_stream/application/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/application/fields/winlog.yml b/packages/system/data_stream/application/fields/winlog.yml index adca1bbdd03..0f8441ce628 100644 --- a/packages/system/data_stream/application/fields/winlog.yml +++ b/packages/system/data_stream/application/fields/winlog.yml @@ -5,27 +5,23 @@ fields: - name: api - required: true type: keyword description: > The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. The Event Logging API was designed for Windows Server 2003 or Windows 2000 operating systems. In Windows Vista, the event logging infrastructure was redesigned. On Windows Vista or later operating systems, the Windows Event Log API is used. Winlogbeat automatically detects which API to use for reading event logs. - name: activity_id type: keyword - required: false description: > A globally unique identifier that identifies the current activity. The events that are published with this identifier are part of the same activity. - name: computer_name type: keyword - required: true description: > The name of the computer that generated the record. When using Windows event forwarding, this name can differ from `agent.hostname`. - name: event_data type: object object_type: keyword - required: false description: > The event-specific data. This field is mutually exclusive with `user_data`. If you are capturing event data on versions prior to Windows Vista, the parameters in `event_data` are named `param1`, `param2`, and so on, because event log parameters are unnamed in earlier versions of Windows. @@ -259,78 +255,64 @@ type: keyword - name: event_id type: keyword - required: true description: > The event identifier. The value is specific to the source of the event. - name: keywords type: keyword - required: false description: > The keywords are used to classify an event. - name: channel type: keyword - required: true description: > The name of the channel from which this record was read. This value is one of the names from the `event_logs` collection in the configuration. - name: record_id type: keyword - required: true description: > The record ID of the event log record. The first record written to an event log is record number 1, and other records are numbered sequentially. If the record number reaches the maximum value (2^32^ for the Event Logging API and 2^64^ for the Windows Event Log API), the next record number will be 0. - name: related_activity_id type: keyword - required: false description: > A globally unique identifier that identifies the activity to which control was transferred to. The related events would then have this identifier as their `activity_id` identifier. - name: opcode type: keyword - required: false description: > The opcode defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. - name: provider_guid type: keyword - required: false description: > A globally unique identifier that identifies the provider that logged the event. - name: process.pid type: long - required: false description: > The process_id of the Client Server Runtime Process. - name: provider_name type: keyword - required: true description: > The source of the event log record (the application or service that logged the record). - name: task type: keyword - required: false description: > The task defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. The category used by the Event Logging API (on pre Windows Vista operating systems) is written to this field. - name: process.thread.id type: long - required: false - name: user_data type: object object_type: keyword - required: false description: > The event specific data. This field is mutually exclusive with `event_data`. - name: user.identifier type: keyword - required: false - example: S-1-5-21-3541430928-2051711210-1391384369-1001 description: > The Windows security identifier (SID) of the account associated with this event. If Winlogbeat cannot resolve the SID to a name, then the `user.name`, `user.domain`, and `user.type` fields will be omitted from the event. If you discover Winlogbeat not resolving SIDs, review the log for clues as to what the problem may be. @@ -341,17 +323,14 @@ - name: user.domain type: keyword - required: false description: > The domain that the account associated with this event is a member of. - name: user.type type: keyword - required: false description: > The type of account associated with this event. - name: version type: long - required: false description: The version number of the event's definition. diff --git a/packages/system/data_stream/auth/fields/agent.yml b/packages/system/data_stream/auth/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/system/data_stream/auth/fields/agent.yml +++ b/packages/system/data_stream/auth/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/auth/fields/ecs.yml b/packages/system/data_stream/auth/fields/ecs.yml index 7e353efa7d6..d04f395480a 100644 --- a/packages/system/data_stream/auth/fields/ecs.yml +++ b/packages/system/data_stream/auth/fields/ecs.yml @@ -81,7 +81,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/system/data_stream/core/fields/agent.yml b/packages/system/data_stream/core/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/system/data_stream/core/fields/agent.yml +++ b/packages/system/data_stream/core/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/cpu/fields/agent.yml b/packages/system/data_stream/cpu/fields/agent.yml index 36435349824..0755cc2d622 100644 --- a/packages/system/data_stream/cpu/fields/agent.yml +++ b/packages/system/data_stream/cpu/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/diskio/fields/agent.yml b/packages/system/data_stream/diskio/fields/agent.yml index 54d97ab701d..99c6ea6972d 100644 --- a/packages/system/data_stream/diskio/fields/agent.yml +++ b/packages/system/data_stream/diskio/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/filesystem/fields/agent.yml b/packages/system/data_stream/filesystem/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/system/data_stream/filesystem/fields/agent.yml +++ b/packages/system/data_stream/filesystem/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/fsstat/fields/agent.yml b/packages/system/data_stream/fsstat/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/system/data_stream/fsstat/fields/agent.yml +++ b/packages/system/data_stream/fsstat/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/load/fields/agent.yml b/packages/system/data_stream/load/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/system/data_stream/load/fields/agent.yml +++ b/packages/system/data_stream/load/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/memory/fields/agent.yml b/packages/system/data_stream/memory/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/system/data_stream/memory/fields/agent.yml +++ b/packages/system/data_stream/memory/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/network/fields/agent.yml b/packages/system/data_stream/network/fields/agent.yml index e5afe011398..ea688b08b52 100644 --- a/packages/system/data_stream/network/fields/agent.yml +++ b/packages/system/data_stream/network/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/network/fields/ecs.yml b/packages/system/data_stream/network/fields/ecs.yml index 49038af7df0..212d75bd9b6 100644 --- a/packages/system/data_stream/network/fields/ecs.yml +++ b/packages/system/data_stream/network/fields/ecs.yml @@ -27,7 +27,6 @@ - external: ecs name: source.geo.country_iso_code - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/system/data_stream/process/fields/agent.yml b/packages/system/data_stream/process/fields/agent.yml index d5df59895a1..4b3953420f3 100644 --- a/packages/system/data_stream/process/fields/agent.yml +++ b/packages/system/data_stream/process/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,19 +140,15 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. - name: process - title: Process - group: 2 description: Process metrics. type: group fields: diff --git a/packages/system/data_stream/process_summary/fields/agent.yml b/packages/system/data_stream/process_summary/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/system/data_stream/process_summary/fields/agent.yml +++ b/packages/system/data_stream/process_summary/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/process_summary/fields/ecs.yml b/packages/system/data_stream/process_summary/fields/ecs.yml index 49038af7df0..212d75bd9b6 100644 --- a/packages/system/data_stream/process_summary/fields/ecs.yml +++ b/packages/system/data_stream/process_summary/fields/ecs.yml @@ -27,7 +27,6 @@ - external: ecs name: source.geo.country_iso_code - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/system/data_stream/process_summary/fields/fields.yml b/packages/system/data_stream/process_summary/fields/fields.yml index bc9254a2ae9..b862a93cd93 100644 --- a/packages/system/data_stream/process_summary/fields/fields.yml +++ b/packages/system/data_stream/process_summary/fields/fields.yml @@ -1,5 +1,4 @@ - name: system.process.summary - title: Process Summary type: group fields: - name: total diff --git a/packages/system/data_stream/security/fields/agent.yml b/packages/system/data_stream/security/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/system/data_stream/security/fields/agent.yml +++ b/packages/system/data_stream/security/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/security/fields/base-fields.yml b/packages/system/data_stream/security/fields/base-fields.yml index 8c57a260b40..a1e63d4d7bc 100644 --- a/packages/system/data_stream/security/fields/base-fields.yml +++ b/packages/system/data_stream/security/fields/base-fields.yml @@ -21,6 +21,5 @@ value: system.security - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/system/data_stream/security/fields/fields.yml b/packages/system/data_stream/security/fields/fields.yml index 48deb4f52af..7edf70755f2 100644 --- a/packages/system/data_stream/security/fields/fields.yml +++ b/packages/system/data_stream/security/fields/fields.yml @@ -7,7 +7,6 @@ description: > Logon type name. This is the descriptive version of the `winlog.event_data.LogonType` ordinal. This is an enrichment added by the Security module. - example: RemoteInteractive - name: id type: keyword description: > diff --git a/packages/system/data_stream/security/fields/winlog.yml b/packages/system/data_stream/security/fields/winlog.yml index 4a7fbb9b8b5..3c404238de2 100644 --- a/packages/system/data_stream/security/fields/winlog.yml +++ b/packages/system/data_stream/security/fields/winlog.yml @@ -5,7 +5,6 @@ fields: - name: api - required: true type: keyword description: > The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. @@ -14,19 +13,16 @@ - name: activity_id type: keyword - required: false description: > A globally unique identifier that identifies the current activity. The events that are published with this identifier are part of the same activity. - name: channel type: keyword - required: true description: > The name of the channel from which this record was read. This value is one of the names from the `event_logs` collection in the configuration. - name: computer_name type: keyword - required: true description: > The name of the computer that generated the record. When using Windows event forwarding, this name can differ from `agent.hostname`. @@ -45,7 +41,6 @@ - name: event_data type: object object_type: keyword - required: false description: > The event-specific data. This field is mutually exclusive with `user_data`. If you are capturing event data on versions prior to Windows Vista, the parameters in `event_data` are named `param1`, `param2`, and so on, because event log parameters are unnamed in earlier versions of Windows. @@ -481,92 +476,75 @@ type: keyword - name: event_id type: keyword - required: true description: > The event identifier. The value is specific to the source of the event. - name: keywords type: keyword - required: false description: > The keywords are used to classify an event. - name: level type: keyword - required: false description: > The event severity. Levels are Critical, Error, Warning and Information, Verbose - name: outcome type: keyword - required: false description: > Success or Failure of the event. - name: record_id type: keyword - required: true description: > The record ID of the event log record. The first record written to an event log is record number 1, and other records are numbered sequentially. If the record number reaches the maximum value (2^32^ for the Event Logging API and 2^64^ for the Windows Event Log API), the next record number will be 0. - name: related_activity_id type: keyword - required: false description: > A globally unique identifier that identifies the activity to which control was transferred to. The related events would then have this identifier as their `activity_id` identifier. - name: opcode type: keyword - required: false description: > The opcode defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. - name: provider_guid type: keyword - required: false description: > A globally unique identifier that identifies the provider that logged the event. - name: process.pid type: long - required: false description: > The process_id of the Client Server Runtime Process. - name: provider_name type: keyword - required: true description: > The source of the event log record (the application or service that logged the record). - name: task type: keyword - required: false description: > The task defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. The category used by the Event Logging API (on pre Windows Vista operating systems) is written to this field. - name: time_created type: keyword - required: false description: > Time event was created - name: trustAttribute type: keyword - required: false - name: trustDirection type: keyword - required: false - name: trustType type: keyword - required: false - name: process.thread.id type: long - required: false - name: user_data type: object object_type: keyword - required: false description: > The event specific data. This field is mutually exclusive with `event_data`. @@ -592,8 +570,6 @@ type: keyword - name: user.identifier type: keyword - required: false - example: S-1-5-21-3541430928-2051711210-1391384369-1001 description: > The Windows security identifier (SID) of the account associated with this event. @@ -606,17 +582,14 @@ - name: user.domain type: keyword - required: false description: > The domain that the account associated with this event is a member of. - name: user.type type: keyword - required: false description: > The type of account associated with this event. - name: version type: long - required: false description: The version number of the event's definition. diff --git a/packages/system/data_stream/socket_summary/fields/agent.yml b/packages/system/data_stream/socket_summary/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/system/data_stream/socket_summary/fields/agent.yml +++ b/packages/system/data_stream/socket_summary/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/socket_summary/fields/ecs.yml b/packages/system/data_stream/socket_summary/fields/ecs.yml index 49038af7df0..212d75bd9b6 100644 --- a/packages/system/data_stream/socket_summary/fields/ecs.yml +++ b/packages/system/data_stream/socket_summary/fields/ecs.yml @@ -27,7 +27,6 @@ - external: ecs name: source.geo.country_iso_code - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/system/data_stream/socket_summary/fields/fields.yml b/packages/system/data_stream/socket_summary/fields/fields.yml index fca58be0c87..8bc03274aa2 100644 --- a/packages/system/data_stream/socket_summary/fields/fields.yml +++ b/packages/system/data_stream/socket_summary/fields/fields.yml @@ -1,5 +1,4 @@ - name: system.socket.summary - title: Socket summary type: group fields: - name: all diff --git a/packages/system/data_stream/syslog/fields/agent.yml b/packages/system/data_stream/syslog/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/system/data_stream/syslog/fields/agent.yml +++ b/packages/system/data_stream/syslog/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/system/fields/agent.yml b/packages/system/data_stream/system/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/system/data_stream/system/fields/agent.yml +++ b/packages/system/data_stream/system/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/data_stream/system/fields/winlog.yml b/packages/system/data_stream/system/fields/winlog.yml index adca1bbdd03..0f8441ce628 100644 --- a/packages/system/data_stream/system/fields/winlog.yml +++ b/packages/system/data_stream/system/fields/winlog.yml @@ -5,27 +5,23 @@ fields: - name: api - required: true type: keyword description: > The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. The Event Logging API was designed for Windows Server 2003 or Windows 2000 operating systems. In Windows Vista, the event logging infrastructure was redesigned. On Windows Vista or later operating systems, the Windows Event Log API is used. Winlogbeat automatically detects which API to use for reading event logs. - name: activity_id type: keyword - required: false description: > A globally unique identifier that identifies the current activity. The events that are published with this identifier are part of the same activity. - name: computer_name type: keyword - required: true description: > The name of the computer that generated the record. When using Windows event forwarding, this name can differ from `agent.hostname`. - name: event_data type: object object_type: keyword - required: false description: > The event-specific data. This field is mutually exclusive with `user_data`. If you are capturing event data on versions prior to Windows Vista, the parameters in `event_data` are named `param1`, `param2`, and so on, because event log parameters are unnamed in earlier versions of Windows. @@ -259,78 +255,64 @@ type: keyword - name: event_id type: keyword - required: true description: > The event identifier. The value is specific to the source of the event. - name: keywords type: keyword - required: false description: > The keywords are used to classify an event. - name: channel type: keyword - required: true description: > The name of the channel from which this record was read. This value is one of the names from the `event_logs` collection in the configuration. - name: record_id type: keyword - required: true description: > The record ID of the event log record. The first record written to an event log is record number 1, and other records are numbered sequentially. If the record number reaches the maximum value (2^32^ for the Event Logging API and 2^64^ for the Windows Event Log API), the next record number will be 0. - name: related_activity_id type: keyword - required: false description: > A globally unique identifier that identifies the activity to which control was transferred to. The related events would then have this identifier as their `activity_id` identifier. - name: opcode type: keyword - required: false description: > The opcode defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. - name: provider_guid type: keyword - required: false description: > A globally unique identifier that identifies the provider that logged the event. - name: process.pid type: long - required: false description: > The process_id of the Client Server Runtime Process. - name: provider_name type: keyword - required: true description: > The source of the event log record (the application or service that logged the record). - name: task type: keyword - required: false description: > The task defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. The category used by the Event Logging API (on pre Windows Vista operating systems) is written to this field. - name: process.thread.id type: long - required: false - name: user_data type: object object_type: keyword - required: false description: > The event specific data. This field is mutually exclusive with `event_data`. - name: user.identifier type: keyword - required: false - example: S-1-5-21-3541430928-2051711210-1391384369-1001 description: > The Windows security identifier (SID) of the account associated with this event. If Winlogbeat cannot resolve the SID to a name, then the `user.name`, `user.domain`, and `user.type` fields will be omitted from the event. If you discover Winlogbeat not resolving SIDs, review the log for clues as to what the problem may be. @@ -341,17 +323,14 @@ - name: user.domain type: keyword - required: false description: > The domain that the account associated with this event is a member of. - name: user.type type: keyword - required: false description: > The type of account associated with this event. - name: version type: long - required: false description: The version number of the event's definition. diff --git a/packages/system/data_stream/uptime/fields/agent.yml b/packages/system/data_stream/uptime/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/system/data_stream/uptime/fields/agent.yml +++ b/packages/system/data_stream/uptime/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/system/manifest.yml b/packages/system/manifest.yml index d17da1b846a..7623c507f81 100644 --- a/packages/system/manifest.yml +++ b/packages/system/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: system title: System -version: 1.13.0 +version: "1.13.1" license: basic description: Collect system logs and metrics from your servers with Elastic Agent. type: integration diff --git a/packages/tenable_sc/changelog.yml b/packages/tenable_sc/changelog.yml index 16fca591289..6767427de3c 100644 --- a/packages/tenable_sc/changelog.yml +++ b/packages/tenable_sc/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/tenable_sc/data_stream/asset/fields/agent.yml b/packages/tenable_sc/data_stream/asset/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/tenable_sc/data_stream/asset/fields/agent.yml +++ b/packages/tenable_sc/data_stream/asset/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/tenable_sc/data_stream/plugin/fields/agent.yml b/packages/tenable_sc/data_stream/plugin/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/tenable_sc/data_stream/plugin/fields/agent.yml +++ b/packages/tenable_sc/data_stream/plugin/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/tenable_sc/data_stream/vulnerability/fields/agent.yml b/packages/tenable_sc/data_stream/vulnerability/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/tenable_sc/data_stream/vulnerability/fields/agent.yml +++ b/packages/tenable_sc/data_stream/vulnerability/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/tenable_sc/manifest.yml b/packages/tenable_sc/manifest.yml index d480adc168b..2f59cac64a8 100644 --- a/packages/tenable_sc/manifest.yml +++ b/packages/tenable_sc/manifest.yml @@ -2,7 +2,7 @@ format_version: 1.0.0 name: tenable_sc title: Tenable.sc # The version must be updated in the pipeline as well. Until elastic/kibana#121310 is implemented we will have to manually sync these. -version: 1.2.0 +version: "1.2.1" license: basic description: | Collect logs from Tenable.sc with Elastic Agent. diff --git a/packages/ti_abusech/changelog.yml b/packages/ti_abusech/changelog.yml index 4f893f77e70..77353fc5c7e 100644 --- a/packages/ti_abusech/changelog.yml +++ b/packages/ti_abusech/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.0" changes: - description: Update to ECS 8.2 diff --git a/packages/ti_abusech/data_stream/malware/fields/agent.yml b/packages/ti_abusech/data_stream/malware/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/ti_abusech/data_stream/malware/fields/agent.yml +++ b/packages/ti_abusech/data_stream/malware/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/ti_abusech/data_stream/malwarebazaar/fields/agent.yml b/packages/ti_abusech/data_stream/malwarebazaar/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/ti_abusech/data_stream/malwarebazaar/fields/agent.yml +++ b/packages/ti_abusech/data_stream/malwarebazaar/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/ti_abusech/data_stream/url/fields/agent.yml b/packages/ti_abusech/data_stream/url/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/ti_abusech/data_stream/url/fields/agent.yml +++ b/packages/ti_abusech/data_stream/url/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/ti_abusech/manifest.yml b/packages/ti_abusech/manifest.yml index d2f7ec062f9..c9636cf341c 100644 --- a/packages/ti_abusech/manifest.yml +++ b/packages/ti_abusech/manifest.yml @@ -1,6 +1,6 @@ name: ti_abusech title: AbuseCH -version: 1.3.0 +version: "1.3.1" release: ga description: Collect threat intelligence from AbuseCH API with Elastic Agent. type: integration diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index 86f6baba9a9..8e3eb41140d 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.0" changes: - description: Update to ECS 8.2 diff --git a/packages/ti_anomali/data_stream/limo/fields/agent.yml b/packages/ti_anomali/data_stream/limo/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/ti_anomali/data_stream/limo/fields/agent.yml +++ b/packages/ti_anomali/data_stream/limo/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/ti_anomali/data_stream/threatstream/fields/agent.yml b/packages/ti_anomali/data_stream/threatstream/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/ti_anomali/data_stream/threatstream/fields/agent.yml +++ b/packages/ti_anomali/data_stream/threatstream/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/ti_anomali/data_stream/threatstream/fields/fields.yml b/packages/ti_anomali/data_stream/threatstream/fields/fields.yml index 5d8e4e57d9d..49f0277a3f7 100644 --- a/packages/ti_anomali/data_stream/threatstream/fields/fields.yml +++ b/packages/ti_anomali/data_stream/threatstream/fields/fields.yml @@ -9,7 +9,6 @@ description: > Indicates whether an indicator is private or from a public feed and available publicly. Possible values: private, public. - example: private - name: confidence type: short description: > @@ -20,7 +19,6 @@ description: > Detail text for indicator. - example: Imported by user 42. - name: id type: keyword description: > @@ -61,7 +59,6 @@ description: > Source for the indicator. - example: Analyst - name: source_feed_id type: keyword description: > @@ -72,7 +69,6 @@ description: > State for this indicator. - example: active - name: trusted_circle_ids type: keyword description: > diff --git a/packages/ti_anomali/manifest.yml b/packages/ti_anomali/manifest.yml index a1232ff9fec..647da8fe904 100644 --- a/packages/ti_anomali/manifest.yml +++ b/packages/ti_anomali/manifest.yml @@ -1,6 +1,6 @@ name: ti_anomali title: Anomali -version: 1.3.0 +version: "1.3.1" release: ga description: Collect threat intelligence from Anomali APIs with Elastic Agent. type: integration diff --git a/packages/ti_cybersixgill/changelog.yml b/packages/ti_cybersixgill/changelog.yml index 60453578ef5..95e55dcfc31 100644 --- a/packages/ti_cybersixgill/changelog.yml +++ b/packages/ti_cybersixgill/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.4.0" changes: - description: Update to ECS 8.2 diff --git a/packages/ti_cybersixgill/data_stream/threat/fields/agent.yml b/packages/ti_cybersixgill/data_stream/threat/fields/agent.yml index 845b84ed9c0..8b8b9fdae69 100644 --- a/packages/ti_cybersixgill/data_stream/threat/fields/agent.yml +++ b/packages/ti_cybersixgill/data_stream/threat/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/ti_cybersixgill/data_stream/threat/fields/fields.yml b/packages/ti_cybersixgill/data_stream/threat/fields/fields.yml index 8f92ebcd564..d61ac6c9e9f 100644 --- a/packages/ti_cybersixgill/data_stream/threat/fields/fields.yml +++ b/packages/ti_cybersixgill/data_stream/threat/fields/fields.yml @@ -1,6 +1,5 @@ - name: cybersixgill type: group - release: beta fields: - name: feedname type: keyword diff --git a/packages/ti_cybersixgill/manifest.yml b/packages/ti_cybersixgill/manifest.yml index 62b83465493..bcf7b180fc3 100644 --- a/packages/ti_cybersixgill/manifest.yml +++ b/packages/ti_cybersixgill/manifest.yml @@ -1,6 +1,6 @@ name: ti_cybersixgill title: Cybersixgill -version: 1.4.0 +version: "1.4.1" release: ga description: This Elastic integration collects threat intelligence from Cybersixgill type: integration diff --git a/packages/ti_misp/changelog.yml b/packages/ti_misp/changelog.yml index f970367d9b1..c80e2baa6ee 100644 --- a/packages/ti_misp/changelog.yml +++ b/packages/ti_misp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.0" changes: - description: Update to ECS 8.2 diff --git a/packages/ti_misp/data_stream/threat/fields/agent.yml b/packages/ti_misp/data_stream/threat/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/ti_misp/data_stream/threat/fields/agent.yml +++ b/packages/ti_misp/data_stream/threat/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/ti_misp/manifest.yml b/packages/ti_misp/manifest.yml index 43ccb7c7ac5..2c8bfb37abf 100644 --- a/packages/ti_misp/manifest.yml +++ b/packages/ti_misp/manifest.yml @@ -1,6 +1,6 @@ name: ti_misp title: MISP -version: 1.3.0 +version: "1.3.1" release: ga description: This Elastic integration collects events from MISP type: integration diff --git a/packages/ti_otx/changelog.yml b/packages/ti_otx/changelog.yml index 9a456eb4713..e6769e3a9e8 100644 --- a/packages/ti_otx/changelog.yml +++ b/packages/ti_otx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.0" changes: - description: Update to ECS 8.2 diff --git a/packages/ti_otx/data_stream/threat/fields/agent.yml b/packages/ti_otx/data_stream/threat/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/ti_otx/data_stream/threat/fields/agent.yml +++ b/packages/ti_otx/data_stream/threat/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/ti_otx/manifest.yml b/packages/ti_otx/manifest.yml index b9d4e3eab8c..5bb3325757b 100644 --- a/packages/ti_otx/manifest.yml +++ b/packages/ti_otx/manifest.yml @@ -1,6 +1,6 @@ name: ti_otx title: AlienVault OTX -version: 1.3.0 +version: "1.3.1" release: ga description: Collect threat intelligence from AlienVault OTX with Elastic Agent. type: integration diff --git a/packages/ti_recordedfuture/changelog.yml b/packages/ti_recordedfuture/changelog.yml index a4bcae0216f..3ada4d8477f 100644 --- a/packages/ti_recordedfuture/changelog.yml +++ b/packages/ti_recordedfuture/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.3" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.1.2" changes: - description: Add field mapping for event.created diff --git a/packages/ti_recordedfuture/data_stream/threat/fields/agent.yml b/packages/ti_recordedfuture/data_stream/threat/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/ti_recordedfuture/data_stream/threat/fields/agent.yml +++ b/packages/ti_recordedfuture/data_stream/threat/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/ti_recordedfuture/manifest.yml b/packages/ti_recordedfuture/manifest.yml index c97fd6fcd63..4c3d6636195 100644 --- a/packages/ti_recordedfuture/manifest.yml +++ b/packages/ti_recordedfuture/manifest.yml @@ -1,6 +1,6 @@ name: ti_recordedfuture title: Recorded Future -version: 0.1.2 +version: "0.1.3" release: beta description: Collect threat intelligence from Recorded Future with Elastic Agent. type: integration diff --git a/packages/ti_threatq/changelog.yml b/packages/ti_threatq/changelog.yml index 2b541ea57c7..210c44e7b7c 100644 --- a/packages/ti_threatq/changelog.yml +++ b/packages/ti_threatq/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.0" changes: - description: Update to ECS 8.2 diff --git a/packages/ti_threatq/data_stream/threat/fields/agent.yml b/packages/ti_threatq/data_stream/threat/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/ti_threatq/data_stream/threat/fields/agent.yml +++ b/packages/ti_threatq/data_stream/threat/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/ti_threatq/manifest.yml b/packages/ti_threatq/manifest.yml index 4cef7a0b0d8..ef5d79befde 100644 --- a/packages/ti_threatq/manifest.yml +++ b/packages/ti_threatq/manifest.yml @@ -1,6 +1,6 @@ name: ti_threatq title: ThreatQuotient -version: 1.3.0 +version: "1.3.1" release: ga description: This Elastic integration collects threat intelligence from ThreatQuotient type: integration diff --git a/packages/tomcat/changelog.yml b/packages/tomcat/changelog.yml index 974bff72e03..307834f9f90 100644 --- a/packages/tomcat/changelog.yml +++ b/packages/tomcat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.4.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/tomcat/data_stream/log/fields/ecs.yml b/packages/tomcat/data_stream/log/fields/ecs.yml index 384fbb680e5..72c13a43133 100644 --- a/packages/tomcat/data_stream/log/fields/ecs.yml +++ b/packages/tomcat/data_stream/log/fields/ecs.yml @@ -25,7 +25,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -191,7 +190,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/tomcat/manifest.yml b/packages/tomcat/manifest.yml index a87e45debf7..221c9735e37 100644 --- a/packages/tomcat/manifest.yml +++ b/packages/tomcat/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: tomcat title: Apache Tomcat -version: 1.4.0 +version: "1.4.1" description: Collect and parse logs from Apache Tomcat servers with Elastic Agent. categories: ["web", "security"] release: ga diff --git a/packages/traefik/changelog.yml b/packages/traefik/changelog.yml index cbdeb70cb08..94eed7b3426 100644 --- a/packages/traefik/changelog.yml +++ b/packages/traefik/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.1" changes: - description: Add documentation for multi-fields diff --git a/packages/traefik/data_stream/access/fields/ecs.yml b/packages/traefik/data_stream/access/fields/ecs.yml index 70fcbb1952f..df7c0dacbfd 100644 --- a/packages/traefik/data_stream/access/fields/ecs.yml +++ b/packages/traefik/data_stream/access/fields/ecs.yml @@ -15,7 +15,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -57,7 +56,6 @@ - external: ecs name: source.as.organization.name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/traefik/manifest.yml b/packages/traefik/manifest.yml index 90e9b0c56a5..e46f8015e54 100644 --- a/packages/traefik/manifest.yml +++ b/packages/traefik/manifest.yml @@ -1,6 +1,6 @@ name: traefik title: Traefik -version: 1.3.1 +version: "1.3.2" release: ga description: Collect logs and metrics from Traefik servers with Elastic Agent. type: integration diff --git a/packages/vsphere/changelog.yml b/packages/vsphere/changelog.yml index ac6cada68df..d4333a35217 100644 --- a/packages/vsphere/changelog.yml +++ b/packages/vsphere/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.1.1" changes: - description: Add documentation for multi-fields diff --git a/packages/vsphere/data_stream/datastore/fields/agent.yml b/packages/vsphere/data_stream/datastore/fields/agent.yml index 4d9a6f7b362..d71780611d2 100644 --- a/packages/vsphere/data_stream/datastore/fields/agent.yml +++ b/packages/vsphere/data_stream/datastore/fields/agent.yml @@ -1,35 +1,26 @@ - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -38,58 +29,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -102,13 +78,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/vsphere/data_stream/host/fields/agent.yml b/packages/vsphere/data_stream/host/fields/agent.yml index 4d9a6f7b362..d71780611d2 100644 --- a/packages/vsphere/data_stream/host/fields/agent.yml +++ b/packages/vsphere/data_stream/host/fields/agent.yml @@ -1,35 +1,26 @@ - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -38,58 +29,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -102,13 +78,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/vsphere/data_stream/log/fields/agent.yml b/packages/vsphere/data_stream/log/fields/agent.yml index 80e15d6d2d8..d9ec2936b85 100644 --- a/packages/vsphere/data_stream/log/fields/agent.yml +++ b/packages/vsphere/data_stream/log/fields/agent.yml @@ -1,83 +1,59 @@ - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' @@ -88,13 +64,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/vsphere/data_stream/virtualmachine/fields/agent.yml b/packages/vsphere/data_stream/virtualmachine/fields/agent.yml index 4d9a6f7b362..d71780611d2 100644 --- a/packages/vsphere/data_stream/virtualmachine/fields/agent.yml +++ b/packages/vsphere/data_stream/virtualmachine/fields/agent.yml @@ -1,35 +1,26 @@ - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -38,58 +29,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -102,13 +78,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/vsphere/manifest.yml b/packages/vsphere/manifest.yml index 80bcb54546a..50642eb10f6 100644 --- a/packages/vsphere/manifest.yml +++ b/packages/vsphere/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: vsphere title: VMware vSphere -version: 0.1.1 +version: "0.1.2" license: basic description: This Elastic integration collects logs from vSphere/vCenter servers type: integration diff --git a/packages/windows/changelog.yml b/packages/windows/changelog.yml index dd5b50624b5..30a73b99d0b 100644 --- a/packages/windows/changelog.yml +++ b/packages/windows/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.12.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.12.0" changes: - description: Support for Sysmon Registry non-QWORD/DWORD events diff --git a/packages/windows/data_stream/forwarded/fields/agent.yml b/packages/windows/data_stream/forwarded/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/windows/data_stream/forwarded/fields/agent.yml +++ b/packages/windows/data_stream/forwarded/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/windows/data_stream/forwarded/fields/base-fields.yml b/packages/windows/data_stream/forwarded/fields/base-fields.yml index a04d6e06c95..4aab3b97dd5 100644 --- a/packages/windows/data_stream/forwarded/fields/base-fields.yml +++ b/packages/windows/data_stream/forwarded/fields/base-fields.yml @@ -29,6 +29,5 @@ description: Event timestamp. - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/windows/data_stream/forwarded/fields/fields.yml b/packages/windows/data_stream/forwarded/fields/fields.yml index 08a58df5837..cb29d68ed23 100644 --- a/packages/windows/data_stream/forwarded/fields/fields.yml +++ b/packages/windows/data_stream/forwarded/fields/fields.yml @@ -16,7 +16,6 @@ description: > Logon type name. This is the descriptive version of the `winlog.event_data.LogonType` ordinal. This is an enrichment added by the Security module. - example: RemoteInteractive - name: id type: keyword description: > @@ -40,23 +39,18 @@ - name: powershell.id type: keyword description: Shell Id. - example: Microsoft Powershell - name: powershell.pipeline_id type: keyword description: Pipeline id. - example: "1" - name: powershell.runspace_id type: keyword description: Runspace id. - example: "4fa9074d-45ab-4e53-9195-e91981ac2bbb" - name: powershell.sequence type: long description: Sequence number of the powershell execution. - example: 1 - name: powershell.total type: long description: Total number of messages in the sequence. - example: 10 - name: powershell.command type: group description: Data related to the executed command. @@ -64,19 +58,15 @@ - name: path type: keyword description: Path of the executed command. - example: "C:\\Windows\\system32\\cmd.exe" - name: name type: keyword description: Name of the executed command. - example: "cmd.exe" - name: type type: keyword description: Type of the executed command. - example: Application - name: value type: text description: The invoked command. - example: Import-LocalizedData LocalizedData -filename ArchiveResources - name: invocation_details type: array description: > @@ -85,23 +75,19 @@ - name: invocation_details.type type: keyword description: The type of detail. - example: CommandInvocation - name: invocation_details.related_command type: keyword description: The command to which the detail is related to. - example: Add-Type - name: invocation_details.name type: keyword description: > Only used for ParameterBinding detail type. Indicates the parameter name. - example: AssemblyName - name: invocation_details.value type: text description: > The value of the detail. The meaning of it will depend on the detail type. - example: System.IO.Compression.FileSystem - name: powershell.connected_user type: group description: Data related to the connected user executing the command. @@ -109,11 +95,9 @@ - name: domain type: keyword description: User domain. - example: VAGRANT - name: name type: keyword description: User name. - example: vagrant - name: powershell.engine type: group description: Data related to the PowerShell engine. @@ -121,19 +105,16 @@ - name: version type: keyword description: Version of the PowerShell engine version used to execute the command. - example: "5.1.17763.1007" - name: previous_state type: keyword description: > Previous state of the PowerShell engine. - example: Available - name: new_state type: keyword description: > New state of the PowerShell engine. - example: Stopped - name: powershell.file type: group description: Data related to the executed script file. @@ -141,7 +122,6 @@ - name: script_block_id type: keyword description: Id of the executed script block. - example: "50d2dbda-7361-4926-a94d-d9eadfdb43fa" - name: script_block_text type: text analyzer: powershell_script_analyzer @@ -149,11 +129,9 @@ description: > Text of the executed script block. - example: ".\\a_script.ps1" - name: powershell.process.executable_version type: keyword description: Version of the engine hosting process executable. - example: "5.1.17763.1007" - name: powershell.provider type: group description: Data related to the PowerShell engine host. @@ -163,10 +141,8 @@ description: > New state of the PowerShell provider. - example: Active - name: name type: keyword description: > Provider name. - example: Variable diff --git a/packages/windows/data_stream/forwarded/fields/winlog.yml b/packages/windows/data_stream/forwarded/fields/winlog.yml index 031494e84e5..828a5fc0d55 100644 --- a/packages/windows/data_stream/forwarded/fields/winlog.yml +++ b/packages/windows/data_stream/forwarded/fields/winlog.yml @@ -5,7 +5,6 @@ fields: - name: api - required: true type: keyword description: > The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. @@ -14,43 +13,35 @@ - name: activity_id type: keyword - required: false description: > A globally unique identifier that identifies the current activity. The events that are published with this identifier are part of the same activity. - name: computer_name type: keyword - required: true description: > The name of the computer that generated the record. When using Windows event forwarding, this name can differ from `agent.hostname`. - name: level type: keyword - required: false description: > The event severity. Levels are Critical, Error, Warning and Information, Verbose - name: outcome type: keyword - required: false description: > Success or Failure of the event. - name: time_created type: keyword - required: false description: > Time event was created - name: trustAttribute type: keyword - required: false - name: trustDirection type: keyword - required: false - name: trustType type: keyword - required: false - name: computerObject type: group description: > @@ -66,7 +57,6 @@ - name: event_data type: object object_type: keyword - required: false description: > The event-specific data. This field is mutually exclusive with `user_data`. If you are capturing event data on versions prior to Windows Vista, the parameters in `event_data` are named `param1`, `param2`, and so on, because event log parameters are unnamed in earlier versions of Windows. @@ -500,71 +490,59 @@ type: keyword - name: event_id type: keyword - required: true description: > The event identifier. The value is specific to the source of the event. - name: keywords type: keyword - required: false description: > The keywords are used to classify an event. - name: channel type: keyword - required: true description: > The name of the channel from which this record was read. This value is one of the names from the `event_logs` collection in the configuration. - name: record_id type: keyword - required: true description: > The record ID of the event log record. The first record written to an event log is record number 1, and other records are numbered sequentially. If the record number reaches the maximum value (2^32^ for the Event Logging API and 2^64^ for the Windows Event Log API), the next record number will be 0. - name: related_activity_id type: keyword - required: false description: > A globally unique identifier that identifies the activity to which control was transferred to. The related events would then have this identifier as their `activity_id` identifier. - name: opcode type: keyword - required: false description: > The opcode defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. - name: provider_guid type: keyword - required: false description: > A globally unique identifier that identifies the provider that logged the event. - name: process.pid type: long - required: false description: > The process_id of the Client Server Runtime Process. - name: provider_name type: keyword - required: true description: > The source of the event log record (the application or service that logged the record). - name: task type: keyword - required: false description: > The task defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. The category used by the Event Logging API (on pre Windows Vista operating systems) is written to this field. - name: process.thread.id type: long - required: - name: user_data type: object object_type: keyword - required: false description: > The event specific data. This field is mutually exclusive with `event_data`. @@ -590,8 +568,6 @@ type: keyword - name: user.identifier type: keyword - required: false - example: S-1-5-21-3541430928-2051711210-1391384369-1001 description: > The Windows security identifier (SID) of the account associated with this event. @@ -604,17 +580,14 @@ - name: user.domain type: keyword - required: false description: > The domain that the account associated with this event is a member of. - name: user.type type: keyword - required: false description: > The type of account associated with this event. - name: version type: long - required: false description: The version number of the event's definition. diff --git a/packages/windows/data_stream/perfmon/fields/agent.yml b/packages/windows/data_stream/perfmon/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/windows/data_stream/perfmon/fields/agent.yml +++ b/packages/windows/data_stream/perfmon/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/windows/data_stream/powershell/fields/agent.yml b/packages/windows/data_stream/powershell/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/windows/data_stream/powershell/fields/agent.yml +++ b/packages/windows/data_stream/powershell/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/windows/data_stream/powershell/fields/base-fields.yml b/packages/windows/data_stream/powershell/fields/base-fields.yml index baeabae2d07..53b3d2cba0f 100644 --- a/packages/windows/data_stream/powershell/fields/base-fields.yml +++ b/packages/windows/data_stream/powershell/fields/base-fields.yml @@ -29,6 +29,5 @@ value: windows.powershell - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/windows/data_stream/powershell/fields/fields.yml b/packages/windows/data_stream/powershell/fields/fields.yml index 1c154bd0414..3a6dd1aeddd 100644 --- a/packages/windows/data_stream/powershell/fields/fields.yml +++ b/packages/windows/data_stream/powershell/fields/fields.yml @@ -1,23 +1,18 @@ - name: powershell.id type: keyword description: Shell Id. - example: Microsoft Powershell - name: powershell.pipeline_id type: keyword description: Pipeline id. - example: "1" - name: powershell.runspace_id type: keyword description: Runspace id. - example: "4fa9074d-45ab-4e53-9195-e91981ac2bbb" - name: powershell.sequence type: long description: Sequence number of the powershell execution. - example: 1 - name: powershell.total type: long description: Total number of messages in the sequence. - example: 10 - name: powershell.command type: group description: Data related to the executed command. @@ -25,19 +20,15 @@ - name: path type: keyword description: Path of the executed command. - example: "C:\\Windows\\system32\\cmd.exe" - name: name type: keyword description: Name of the executed command. - example: "cmd.exe" - name: type type: keyword description: Type of the executed command. - example: Application - name: value type: text description: The invoked command. - example: Import-LocalizedData LocalizedData -filename ArchiveResources - name: invocation_details type: array description: > @@ -46,23 +37,19 @@ - name: invocation_details.type type: keyword description: The type of detail. - example: CommandInvocation - name: invocation_details.related_command type: keyword description: The command to which the detail is related to. - example: Add-Type - name: invocation_details.name type: keyword description: > Only used for ParameterBinding detail type. Indicates the parameter name. - example: AssemblyName - name: invocation_details.value type: text description: > The value of the detail. The meaning of it will depend on the detail type. - example: System.IO.Compression.FileSystem - name: powershell.connected_user type: group description: Data related to the connected user executing the command. @@ -70,11 +57,9 @@ - name: domain type: keyword description: User domain. - example: VAGRANT - name: name type: keyword description: User name. - example: vagrant - name: powershell.engine type: group description: Data related to the PowerShell engine. @@ -82,19 +67,16 @@ - name: version type: keyword description: Version of the PowerShell engine version used to execute the command. - example: "5.1.17763.1007" - name: previous_state type: keyword description: > Previous state of the PowerShell engine. - example: Available - name: new_state type: keyword description: > New state of the PowerShell engine. - example: Stopped - name: powershell.file type: group description: Data related to the executed script file. @@ -102,7 +84,6 @@ - name: script_block_id type: keyword description: Id of the executed script block. - example: "50d2dbda-7361-4926-a94d-d9eadfdb43fa" - name: script_block_text analyzer: powershell_script_analyzer search_analyzer: powershell_script_analyzer @@ -110,11 +91,9 @@ description: > Text of the executed script block. - example: ".\\a_script.ps1" - name: powershell.process.executable_version type: keyword description: Version of the engine hosting process executable. - example: "5.1.17763.1007" - name: powershell.provider type: group description: Data related to the PowerShell engine host. @@ -124,10 +103,8 @@ description: > New state of the PowerShell provider. - example: Active - name: name type: keyword description: > Provider name. - example: Variable diff --git a/packages/windows/data_stream/powershell/fields/winlog.yml b/packages/windows/data_stream/powershell/fields/winlog.yml index 4ac76fdcdc9..eecbcb466a6 100644 --- a/packages/windows/data_stream/powershell/fields/winlog.yml +++ b/packages/windows/data_stream/powershell/fields/winlog.yml @@ -5,7 +5,6 @@ fields: - name: api - required: true type: keyword description: > The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. @@ -14,20 +13,17 @@ - name: activity_id type: keyword - required: false description: > A globally unique identifier that identifies the current activity. The events that are published with this identifier are part of the same activity. - name: computer_name type: keyword - required: true description: > The name of the computer that generated the record. When using Windows event forwarding, this name can differ from `agent.hostname`. - name: event_data type: object object_type: keyword - required: false description: > The event-specific data. This field is mutually exclusive with `user_data`. If you are capturing event data on versions prior to Windows Vista, the parameters in `event_data` are named `param1`, `param2`, and so on, because event log parameters are unnamed in earlier versions of Windows. @@ -261,78 +257,64 @@ type: keyword - name: event_id type: keyword - required: true description: > The event identifier. The value is specific to the source of the event. - name: keywords type: keyword - required: false description: > The keywords are used to classify an event. - name: channel type: keyword - required: true description: > The name of the channel from which this record was read. This value is one of the names from the `event_logs` collection in the configuration. - name: record_id type: keyword - required: true description: > The record ID of the event log record. The first record written to an event log is record number 1, and other records are numbered sequentially. If the record number reaches the maximum value (2^32^ for the Event Logging API and 2^64^ for the Windows Event Log API), the next record number will be 0. - name: related_activity_id type: keyword - required: false description: > A globally unique identifier that identifies the activity to which control was transferred to. The related events would then have this identifier as their `activity_id` identifier. - name: opcode type: keyword - required: false description: > The opcode defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. - name: provider_guid type: keyword - required: false description: > A globally unique identifier that identifies the provider that logged the event. - name: process.pid type: long - required: false description: > The process_id of the Client Server Runtime Process. - name: provider_name type: keyword - required: true description: > The source of the event log record (the application or service that logged the record). - name: task type: keyword - required: false description: > The task defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. The category used by the Event Logging API (on pre Windows Vista operating systems) is written to this field. - name: process.thread.id type: long - required: false - name: user_data type: object object_type: keyword - required: false description: > The event specific data. This field is mutually exclusive with `event_data`. - name: user.identifier type: keyword - required: false - example: S-1-5-21-3541430928-2051711210-1391384369-1001 description: > The Windows security identifier (SID) of the account associated with this event. @@ -345,17 +327,14 @@ - name: user.domain type: keyword - required: false description: > The domain that the account associated with this event is a member of. - name: user.type type: keyword - required: false description: > The type of account associated with this event. - name: version type: long - required: false description: The version number of the event's definition. diff --git a/packages/windows/data_stream/powershell_operational/fields/agent.yml b/packages/windows/data_stream/powershell_operational/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/windows/data_stream/powershell_operational/fields/agent.yml +++ b/packages/windows/data_stream/powershell_operational/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/windows/data_stream/powershell_operational/fields/base-fields.yml b/packages/windows/data_stream/powershell_operational/fields/base-fields.yml index e5b4a9801c5..24189c27fed 100644 --- a/packages/windows/data_stream/powershell_operational/fields/base-fields.yml +++ b/packages/windows/data_stream/powershell_operational/fields/base-fields.yml @@ -29,6 +29,5 @@ value: windows.powershell_operational - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/windows/data_stream/powershell_operational/fields/fields.yml b/packages/windows/data_stream/powershell_operational/fields/fields.yml index ae35dff3297..c550fc7de7c 100644 --- a/packages/windows/data_stream/powershell_operational/fields/fields.yml +++ b/packages/windows/data_stream/powershell_operational/fields/fields.yml @@ -1,23 +1,18 @@ - name: powershell.id type: keyword description: Shell Id. - example: Microsoft Powershell - name: powershell.pipeline_id type: keyword description: Pipeline id. - example: "1" - name: powershell.runspace_id type: keyword description: Runspace id. - example: "4fa9074d-45ab-4e53-9195-e91981ac2bbb" - name: powershell.sequence type: long description: Sequence number of the powershell execution. - example: 1 - name: powershell.total type: long description: Total number of messages in the sequence. - example: 10 - name: powershell.command type: group description: Data related to the executed command. @@ -25,19 +20,15 @@ - name: path type: keyword description: Path of the executed command. - example: "C:\\Windows\\system32\\cmd.exe" - name: name type: keyword description: Name of the executed command. - example: "cmd.exe" - name: type type: keyword description: Type of the executed command. - example: Application - name: value type: text description: The invoked command. - example: Import-LocalizedData LocalizedData -filename ArchiveResources - name: invocation_details type: array description: > @@ -46,23 +37,19 @@ - name: invocation_details.type type: keyword description: The type of detail. - example: CommandInvocation - name: invocation_details.related_command type: keyword description: The command to which the detail is related to. - example: Add-Type - name: invocation_details.name type: keyword description: > Only used for ParameterBinding detail type. Indicates the parameter name. - example: AssemblyName - name: invocation_details.value type: text description: > The value of the detail. The meaning of it will depend on the detail type. - example: System.IO.Compression.FileSystem - name: powershell.connected_user type: group description: Data related to the connected user executing the command. @@ -70,11 +57,9 @@ - name: domain type: keyword description: User domain. - example: VAGRANT - name: name type: keyword description: User name. - example: vagrant - name: powershell.engine type: group description: Data related to the PowerShell engine. @@ -82,19 +67,16 @@ - name: version type: keyword description: Version of the PowerShell engine version used to execute the command. - example: "5.1.17763.1007" - name: previous_state type: keyword description: > Previous state of the PowerShell engine. - example: Available - name: new_state type: keyword description: > New state of the PowerShell engine. - example: Stopped - name: powershell.file type: group description: Data related to the executed script file. @@ -102,18 +84,15 @@ - name: script_block_id type: keyword description: Id of the executed script block. - example: "50d2dbda-7361-4926-a94d-d9eadfdb43fa" - name: script_block_text type: text analyzer: powershell_script_analyzer description: > Text of the executed script block. - example: ".\\a_script.ps1" - name: powershell.process.executable_version type: keyword description: Version of the engine hosting process executable. - example: "5.1.17763.1007" - name: powershell.provider type: group description: Data related to the PowerShell engine host. @@ -123,10 +102,8 @@ description: > New state of the PowerShell provider. - example: Active - name: name type: keyword description: > Provider name. - example: Variable diff --git a/packages/windows/data_stream/powershell_operational/fields/winlog.yml b/packages/windows/data_stream/powershell_operational/fields/winlog.yml index 4ac76fdcdc9..eecbcb466a6 100644 --- a/packages/windows/data_stream/powershell_operational/fields/winlog.yml +++ b/packages/windows/data_stream/powershell_operational/fields/winlog.yml @@ -5,7 +5,6 @@ fields: - name: api - required: true type: keyword description: > The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. @@ -14,20 +13,17 @@ - name: activity_id type: keyword - required: false description: > A globally unique identifier that identifies the current activity. The events that are published with this identifier are part of the same activity. - name: computer_name type: keyword - required: true description: > The name of the computer that generated the record. When using Windows event forwarding, this name can differ from `agent.hostname`. - name: event_data type: object object_type: keyword - required: false description: > The event-specific data. This field is mutually exclusive with `user_data`. If you are capturing event data on versions prior to Windows Vista, the parameters in `event_data` are named `param1`, `param2`, and so on, because event log parameters are unnamed in earlier versions of Windows. @@ -261,78 +257,64 @@ type: keyword - name: event_id type: keyword - required: true description: > The event identifier. The value is specific to the source of the event. - name: keywords type: keyword - required: false description: > The keywords are used to classify an event. - name: channel type: keyword - required: true description: > The name of the channel from which this record was read. This value is one of the names from the `event_logs` collection in the configuration. - name: record_id type: keyword - required: true description: > The record ID of the event log record. The first record written to an event log is record number 1, and other records are numbered sequentially. If the record number reaches the maximum value (2^32^ for the Event Logging API and 2^64^ for the Windows Event Log API), the next record number will be 0. - name: related_activity_id type: keyword - required: false description: > A globally unique identifier that identifies the activity to which control was transferred to. The related events would then have this identifier as their `activity_id` identifier. - name: opcode type: keyword - required: false description: > The opcode defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. - name: provider_guid type: keyword - required: false description: > A globally unique identifier that identifies the provider that logged the event. - name: process.pid type: long - required: false description: > The process_id of the Client Server Runtime Process. - name: provider_name type: keyword - required: true description: > The source of the event log record (the application or service that logged the record). - name: task type: keyword - required: false description: > The task defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. The category used by the Event Logging API (on pre Windows Vista operating systems) is written to this field. - name: process.thread.id type: long - required: false - name: user_data type: object object_type: keyword - required: false description: > The event specific data. This field is mutually exclusive with `event_data`. - name: user.identifier type: keyword - required: false - example: S-1-5-21-3541430928-2051711210-1391384369-1001 description: > The Windows security identifier (SID) of the account associated with this event. @@ -345,17 +327,14 @@ - name: user.domain type: keyword - required: false description: > The domain that the account associated with this event is a member of. - name: user.type type: keyword - required: false description: > The type of account associated with this event. - name: version type: long - required: false description: The version number of the event's definition. diff --git a/packages/windows/data_stream/service/fields/agent.yml b/packages/windows/data_stream/service/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/windows/data_stream/service/fields/agent.yml +++ b/packages/windows/data_stream/service/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/windows/data_stream/sysmon_operational/fields/agent.yml b/packages/windows/data_stream/sysmon_operational/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/windows/data_stream/sysmon_operational/fields/agent.yml +++ b/packages/windows/data_stream/sysmon_operational/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/windows/data_stream/sysmon_operational/fields/base-fields.yml b/packages/windows/data_stream/sysmon_operational/fields/base-fields.yml index 2d622167dfe..d9af496a674 100644 --- a/packages/windows/data_stream/sysmon_operational/fields/base-fields.yml +++ b/packages/windows/data_stream/sysmon_operational/fields/base-fields.yml @@ -29,6 +29,5 @@ description: Event timestamp. - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/windows/data_stream/sysmon_operational/fields/winlog.yml b/packages/windows/data_stream/sysmon_operational/fields/winlog.yml index 85152cf7743..90d4e514ec8 100644 --- a/packages/windows/data_stream/sysmon_operational/fields/winlog.yml +++ b/packages/windows/data_stream/sysmon_operational/fields/winlog.yml @@ -5,7 +5,6 @@ fields: - name: api - required: true type: keyword description: > The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. @@ -14,20 +13,17 @@ - name: activity_id type: keyword - required: false description: > A globally unique identifier that identifies the current activity. The events that are published with this identifier are part of the same activity. - name: computer_name type: keyword - required: true description: > The name of the computer that generated the record. When using Windows event forwarding, this name can differ from `agent.hostname`. - name: event_data type: object object_type: keyword - required: false description: > The event-specific data. This field is mutually exclusive with `user_data`. If you are capturing event data on versions prior to Windows Vista, the parameters in `event_data` are named `param1`, `param2`, and so on, because event log parameters are unnamed in earlier versions of Windows. @@ -271,78 +267,64 @@ type: keyword - name: event_id type: keyword - required: true description: > The event identifier. The value is specific to the source of the event. - name: keywords type: keyword - required: false description: > The keywords are used to classify an event. - name: channel type: keyword - required: true description: > The name of the channel from which this record was read. This value is one of the names from the `event_logs` collection in the configuration. - name: record_id type: keyword - required: true description: > The record ID of the event log record. The first record written to an event log is record number 1, and other records are numbered sequentially. If the record number reaches the maximum value (2^32^ for the Event Logging API and 2^64^ for the Windows Event Log API), the next record number will be 0. - name: related_activity_id type: keyword - required: false description: > A globally unique identifier that identifies the activity to which control was transferred to. The related events would then have this identifier as their `activity_id` identifier. - name: opcode type: keyword - required: false description: > The opcode defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. - name: provider_guid type: keyword - required: false description: > A globally unique identifier that identifies the provider that logged the event. - name: process.pid type: long - required: false description: > The process_id of the Client Server Runtime Process. - name: provider_name type: keyword - required: true description: > The source of the event log record (the application or service that logged the record). - name: task type: keyword - required: false description: > The task defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. The category used by the Event Logging API (on pre Windows Vista operating systems) is written to this field. - name: process.thread.id type: long - required: false - name: user_data type: object object_type: keyword - required: false description: > The event specific data. This field is mutually exclusive with `event_data`. - name: user.identifier type: keyword - required: false - example: S-1-5-21-3541430928-2051711210-1391384369-1001 description: > The Windows security identifier (SID) of the account associated with this event. @@ -355,17 +337,14 @@ - name: user.domain type: keyword - required: false description: > The domain that the account associated with this event is a member of. - name: user.type type: keyword - required: false description: > The type of account associated with this event. - name: version type: long - required: false description: The version number of the event's definition. diff --git a/packages/windows/manifest.yml b/packages/windows/manifest.yml index d5f148b2ff0..39cd670d09c 100644 --- a/packages/windows/manifest.yml +++ b/packages/windows/manifest.yml @@ -1,6 +1,6 @@ name: windows title: Windows -version: 1.12.0 +version: "1.12.1" description: Collect logs and metrics from Windows OS and services with Elastic Agent. type: integration categories: diff --git a/packages/winlog/changelog.yml b/packages/winlog/changelog.yml index ab370f1b7ef..bfe79e5df90 100644 --- a/packages/winlog/changelog.yml +++ b/packages/winlog/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.5.0" changes: - description: Update to ECS 8.2 (documentation reference only) diff --git a/packages/winlog/data_stream/winlog/fields/winlog.yml b/packages/winlog/data_stream/winlog/fields/winlog.yml index cd357afbe94..21513499696 100644 --- a/packages/winlog/data_stream/winlog/fields/winlog.yml +++ b/packages/winlog/data_stream/winlog/fields/winlog.yml @@ -5,7 +5,6 @@ fields: - name: api - required: true type: keyword description: > The event log API type used to read the record. The possible values are "wineventlog" for the Windows Event Log API or "eventlogging" for the Event Logging API. @@ -14,19 +13,16 @@ - name: activity_id type: keyword - required: false description: > A globally unique identifier that identifies the current activity. The events that are published with this identifier are part of the same activity. - name: channel type: keyword - required: true description: > The name of the channel from which this record was read. This value is one of the names from the `event_logs` collection in the configuration. - name: computer_name type: keyword - required: true description: > The name of the computer that generated the record. When using Windows event forwarding, this name can differ from `agent.hostname`. @@ -45,7 +41,6 @@ - name: event_data type: object object_type: keyword - required: false description: > The event-specific data. This field is mutually exclusive with `user_data`. If you are capturing event data on versions prior to Windows Vista, the parameters in `event_data` are named `param1`, `param2`, and so on, because event log parameters are unnamed in earlier versions of Windows. @@ -471,92 +466,75 @@ type: keyword - name: event_id type: keyword - required: true description: > The event identifier. The value is specific to the source of the event. - name: keywords type: keyword - required: false description: > The keywords are used to classify an event. - name: level type: keyword - required: false description: > The event severity. Levels are Critical, Error, Warning and Information, Verbose - name: outcome type: keyword - required: false description: > Success or Failure of the event. - name: record_id type: keyword - required: true description: > The record ID of the event log record. The first record written to an event log is record number 1, and other records are numbered sequentially. If the record number reaches the maximum value (2^32^ for the Event Logging API and 2^64^ for the Windows Event Log API), the next record number will be 0. - name: related_activity_id type: keyword - required: false description: > A globally unique identifier that identifies the activity to which control was transferred to. The related events would then have this identifier as their `activity_id` identifier. - name: opcode type: keyword - required: false description: > The opcode defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. - name: provider_guid type: keyword - required: false description: > A globally unique identifier that identifies the provider that logged the event. - name: process.pid type: long - required: false description: > The process_id of the Client Server Runtime Process. - name: provider_name type: keyword - required: true description: > The source of the event log record (the application or service that logged the record). - name: task type: keyword - required: false description: > The task defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. The category used by the Event Logging API (on pre Windows Vista operating systems) is written to this field. - name: time_created type: keyword - required: false description: > Time event was created - name: trustAttribute type: keyword - required: false - name: trustDirection type: keyword - required: false - name: trustType type: keyword - required: false - name: process.thread.id type: long - required: false - name: user_data type: object object_type: keyword - required: false description: > The event specific data. This field is mutually exclusive with `event_data`. @@ -582,8 +560,6 @@ type: keyword - name: user.identifier type: keyword - required: false - example: S-1-5-21-3541430928-2051711210-1391384369-1001 description: > The Windows security identifier (SID) of the account associated with this event. @@ -596,17 +572,14 @@ - name: user.domain type: keyword - required: false description: > The domain that the account associated with this event is a member of. - name: user.type type: keyword - required: false description: > The type of account associated with this event. - name: version type: long - required: false description: The version number of the event's definition. diff --git a/packages/winlog/manifest.yml b/packages/winlog/manifest.yml index 15f5a35950c..264c255d14f 100644 --- a/packages/winlog/manifest.yml +++ b/packages/winlog/manifest.yml @@ -3,7 +3,7 @@ name: winlog title: Custom Windows Event Logs description: Collect and parse logs from any Windows event log channel with Elastic Agent. type: integration -version: 1.5.0 +version: "1.5.1" release: ga conditions: kibana.version: '^7.16.0 || ^8.0.0' diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index 2177bace5c5..6d3e4f2f1a9 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.8.0" changes: - description: Make sure field values are valid for ECS diff --git a/packages/zeek/data_stream/capture_loss/fields/agent.yml b/packages/zeek/data_stream/capture_loss/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/capture_loss/fields/agent.yml +++ b/packages/zeek/data_stream/capture_loss/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/capture_loss/fields/beats.yml b/packages/zeek/data_stream/capture_loss/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/capture_loss/fields/beats.yml +++ b/packages/zeek/data_stream/capture_loss/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/connection/fields/agent.yml b/packages/zeek/data_stream/connection/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/connection/fields/agent.yml +++ b/packages/zeek/data_stream/connection/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/connection/fields/beats.yml b/packages/zeek/data_stream/connection/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/connection/fields/beats.yml +++ b/packages/zeek/data_stream/connection/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/connection/fields/ecs.yml b/packages/zeek/data_stream/connection/fields/ecs.yml index f74955ccbab..340a27e4049 100644 --- a/packages/zeek/data_stream/connection/fields/ecs.yml +++ b/packages/zeek/data_stream/connection/fields/ecs.yml @@ -15,7 +15,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -83,7 +82,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/dce_rpc/fields/agent.yml b/packages/zeek/data_stream/dce_rpc/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/dce_rpc/fields/agent.yml +++ b/packages/zeek/data_stream/dce_rpc/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/dce_rpc/fields/beats.yml b/packages/zeek/data_stream/dce_rpc/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/dce_rpc/fields/beats.yml +++ b/packages/zeek/data_stream/dce_rpc/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/dce_rpc/fields/ecs.yml b/packages/zeek/data_stream/dce_rpc/fields/ecs.yml index 81efb6bffbb..b410343599d 100644 --- a/packages/zeek/data_stream/dce_rpc/fields/ecs.yml +++ b/packages/zeek/data_stream/dce_rpc/fields/ecs.yml @@ -15,7 +15,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -73,7 +72,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/dhcp/fields/agent.yml b/packages/zeek/data_stream/dhcp/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/dhcp/fields/agent.yml +++ b/packages/zeek/data_stream/dhcp/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/dhcp/fields/beats.yml b/packages/zeek/data_stream/dhcp/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/dhcp/fields/beats.yml +++ b/packages/zeek/data_stream/dhcp/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/dnp3/fields/agent.yml b/packages/zeek/data_stream/dnp3/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/dnp3/fields/agent.yml +++ b/packages/zeek/data_stream/dnp3/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/dnp3/fields/beats.yml b/packages/zeek/data_stream/dnp3/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/dnp3/fields/beats.yml +++ b/packages/zeek/data_stream/dnp3/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/dnp3/fields/ecs.yml b/packages/zeek/data_stream/dnp3/fields/ecs.yml index 81efb6bffbb..b410343599d 100644 --- a/packages/zeek/data_stream/dnp3/fields/ecs.yml +++ b/packages/zeek/data_stream/dnp3/fields/ecs.yml @@ -15,7 +15,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -73,7 +72,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/dns/fields/agent.yml b/packages/zeek/data_stream/dns/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/dns/fields/agent.yml +++ b/packages/zeek/data_stream/dns/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/dns/fields/beats.yml b/packages/zeek/data_stream/dns/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/dns/fields/beats.yml +++ b/packages/zeek/data_stream/dns/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/dns/fields/ecs.yml b/packages/zeek/data_stream/dns/fields/ecs.yml index b183a600a17..77774519a1a 100644 --- a/packages/zeek/data_stream/dns/fields/ecs.yml +++ b/packages/zeek/data_stream/dns/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -107,7 +106,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/dpd/fields/agent.yml b/packages/zeek/data_stream/dpd/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/dpd/fields/agent.yml +++ b/packages/zeek/data_stream/dpd/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/dpd/fields/beats.yml b/packages/zeek/data_stream/dpd/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/dpd/fields/beats.yml +++ b/packages/zeek/data_stream/dpd/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/dpd/fields/ecs.yml b/packages/zeek/data_stream/dpd/fields/ecs.yml index 8d82c4322c6..af3baf85dfa 100644 --- a/packages/zeek/data_stream/dpd/fields/ecs.yml +++ b/packages/zeek/data_stream/dpd/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -65,7 +64,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/files/fields/agent.yml b/packages/zeek/data_stream/files/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/files/fields/agent.yml +++ b/packages/zeek/data_stream/files/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/files/fields/beats.yml b/packages/zeek/data_stream/files/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/files/fields/beats.yml +++ b/packages/zeek/data_stream/files/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/ftp/fields/agent.yml b/packages/zeek/data_stream/ftp/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/ftp/fields/agent.yml +++ b/packages/zeek/data_stream/ftp/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/ftp/fields/beats.yml b/packages/zeek/data_stream/ftp/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/ftp/fields/beats.yml +++ b/packages/zeek/data_stream/ftp/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/ftp/fields/ecs.yml b/packages/zeek/data_stream/ftp/fields/ecs.yml index c6e37463e57..e8938b5fdb4 100644 --- a/packages/zeek/data_stream/ftp/fields/ecs.yml +++ b/packages/zeek/data_stream/ftp/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -75,7 +74,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/http/fields/agent.yml b/packages/zeek/data_stream/http/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/http/fields/agent.yml +++ b/packages/zeek/data_stream/http/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/http/fields/beats.yml b/packages/zeek/data_stream/http/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/http/fields/beats.yml +++ b/packages/zeek/data_stream/http/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/http/fields/ecs.yml b/packages/zeek/data_stream/http/fields/ecs.yml index 5709043125d..b2e4c3ca4c8 100644 --- a/packages/zeek/data_stream/http/fields/ecs.yml +++ b/packages/zeek/data_stream/http/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -83,7 +82,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/intel/fields/agent.yml b/packages/zeek/data_stream/intel/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/intel/fields/agent.yml +++ b/packages/zeek/data_stream/intel/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/intel/fields/beats.yml b/packages/zeek/data_stream/intel/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/intel/fields/beats.yml +++ b/packages/zeek/data_stream/intel/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/intel/fields/ecs.yml b/packages/zeek/data_stream/intel/fields/ecs.yml index c767792b65c..e1d35e66565 100644 --- a/packages/zeek/data_stream/intel/fields/ecs.yml +++ b/packages/zeek/data_stream/intel/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -61,7 +60,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/irc/fields/agent.yml b/packages/zeek/data_stream/irc/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/irc/fields/agent.yml +++ b/packages/zeek/data_stream/irc/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/irc/fields/beats.yml b/packages/zeek/data_stream/irc/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/irc/fields/beats.yml +++ b/packages/zeek/data_stream/irc/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/irc/fields/ecs.yml b/packages/zeek/data_stream/irc/fields/ecs.yml index e93d9d0a360..ffe5915d53a 100644 --- a/packages/zeek/data_stream/irc/fields/ecs.yml +++ b/packages/zeek/data_stream/irc/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -77,7 +76,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/kerberos/fields/agent.yml b/packages/zeek/data_stream/kerberos/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/kerberos/fields/agent.yml +++ b/packages/zeek/data_stream/kerberos/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/kerberos/fields/beats.yml b/packages/zeek/data_stream/kerberos/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/kerberos/fields/beats.yml +++ b/packages/zeek/data_stream/kerberos/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/kerberos/fields/ecs.yml b/packages/zeek/data_stream/kerberos/fields/ecs.yml index b0571d72cd2..cf3cd0e5e0c 100644 --- a/packages/zeek/data_stream/kerberos/fields/ecs.yml +++ b/packages/zeek/data_stream/kerberos/fields/ecs.yml @@ -15,7 +15,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -77,7 +76,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/modbus/fields/agent.yml b/packages/zeek/data_stream/modbus/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/modbus/fields/agent.yml +++ b/packages/zeek/data_stream/modbus/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/modbus/fields/beats.yml b/packages/zeek/data_stream/modbus/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/modbus/fields/beats.yml +++ b/packages/zeek/data_stream/modbus/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/modbus/fields/ecs.yml b/packages/zeek/data_stream/modbus/fields/ecs.yml index 9a90a894bfc..af267ba03b9 100644 --- a/packages/zeek/data_stream/modbus/fields/ecs.yml +++ b/packages/zeek/data_stream/modbus/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -71,7 +70,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/mysql/fields/agent.yml b/packages/zeek/data_stream/mysql/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/mysql/fields/agent.yml +++ b/packages/zeek/data_stream/mysql/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/mysql/fields/beats.yml b/packages/zeek/data_stream/mysql/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/mysql/fields/beats.yml +++ b/packages/zeek/data_stream/mysql/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/mysql/fields/ecs.yml b/packages/zeek/data_stream/mysql/fields/ecs.yml index 9a90a894bfc..af267ba03b9 100644 --- a/packages/zeek/data_stream/mysql/fields/ecs.yml +++ b/packages/zeek/data_stream/mysql/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -71,7 +70,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/notice/fields/agent.yml b/packages/zeek/data_stream/notice/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/notice/fields/agent.yml +++ b/packages/zeek/data_stream/notice/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/notice/fields/beats.yml b/packages/zeek/data_stream/notice/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/notice/fields/beats.yml +++ b/packages/zeek/data_stream/notice/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/notice/fields/ecs.yml b/packages/zeek/data_stream/notice/fields/ecs.yml index f65bf4ac73c..109dd288264 100644 --- a/packages/zeek/data_stream/notice/fields/ecs.yml +++ b/packages/zeek/data_stream/notice/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -73,7 +72,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/ntlm/fields/agent.yml b/packages/zeek/data_stream/ntlm/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/ntlm/fields/agent.yml +++ b/packages/zeek/data_stream/ntlm/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/ntlm/fields/beats.yml b/packages/zeek/data_stream/ntlm/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/ntlm/fields/beats.yml +++ b/packages/zeek/data_stream/ntlm/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/ntlm/fields/ecs.yml b/packages/zeek/data_stream/ntlm/fields/ecs.yml index 09d99f4edae..bdf829502dd 100644 --- a/packages/zeek/data_stream/ntlm/fields/ecs.yml +++ b/packages/zeek/data_stream/ntlm/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -73,7 +72,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/ntp/fields/agent.yml b/packages/zeek/data_stream/ntp/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/ntp/fields/agent.yml +++ b/packages/zeek/data_stream/ntp/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/ntp/fields/beats.yml b/packages/zeek/data_stream/ntp/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/ntp/fields/beats.yml +++ b/packages/zeek/data_stream/ntp/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/ntp/fields/fields.yml b/packages/zeek/data_stream/ntp/fields/fields.yml index 022ae5dc500..89e0d93eeee 100644 --- a/packages/zeek/data_stream/ntp/fields/fields.yml +++ b/packages/zeek/data_stream/ntp/fields/fields.yml @@ -1,6 +1,5 @@ - name: zeek.ntp type: group - default_field: false description: > Fields exported by the Zeek NTP log. diff --git a/packages/zeek/data_stream/ocsp/fields/agent.yml b/packages/zeek/data_stream/ocsp/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/ocsp/fields/agent.yml +++ b/packages/zeek/data_stream/ocsp/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/ocsp/fields/beats.yml b/packages/zeek/data_stream/ocsp/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/ocsp/fields/beats.yml +++ b/packages/zeek/data_stream/ocsp/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/pe/fields/agent.yml b/packages/zeek/data_stream/pe/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/pe/fields/agent.yml +++ b/packages/zeek/data_stream/pe/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/pe/fields/beats.yml b/packages/zeek/data_stream/pe/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/pe/fields/beats.yml +++ b/packages/zeek/data_stream/pe/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/radius/fields/agent.yml b/packages/zeek/data_stream/radius/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/radius/fields/agent.yml +++ b/packages/zeek/data_stream/radius/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/radius/fields/beats.yml b/packages/zeek/data_stream/radius/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/radius/fields/beats.yml +++ b/packages/zeek/data_stream/radius/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/radius/fields/ecs.yml b/packages/zeek/data_stream/radius/fields/ecs.yml index f5ec185863d..19aad261a8d 100644 --- a/packages/zeek/data_stream/radius/fields/ecs.yml +++ b/packages/zeek/data_stream/radius/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -71,7 +70,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/rdp/fields/agent.yml b/packages/zeek/data_stream/rdp/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/rdp/fields/agent.yml +++ b/packages/zeek/data_stream/rdp/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/rdp/fields/beats.yml b/packages/zeek/data_stream/rdp/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/rdp/fields/beats.yml +++ b/packages/zeek/data_stream/rdp/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/rdp/fields/ecs.yml b/packages/zeek/data_stream/rdp/fields/ecs.yml index 30cd99f0657..6725a479f0f 100644 --- a/packages/zeek/data_stream/rdp/fields/ecs.yml +++ b/packages/zeek/data_stream/rdp/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -67,7 +66,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/rfb/fields/agent.yml b/packages/zeek/data_stream/rfb/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/rfb/fields/agent.yml +++ b/packages/zeek/data_stream/rfb/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/rfb/fields/beats.yml b/packages/zeek/data_stream/rfb/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/rfb/fields/beats.yml +++ b/packages/zeek/data_stream/rfb/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/rfb/fields/ecs.yml b/packages/zeek/data_stream/rfb/fields/ecs.yml index ec8469ad616..2c0ce3b2723 100644 --- a/packages/zeek/data_stream/rfb/fields/ecs.yml +++ b/packages/zeek/data_stream/rfb/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -67,7 +66,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/signature/fields/agent.yml b/packages/zeek/data_stream/signature/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/signature/fields/agent.yml +++ b/packages/zeek/data_stream/signature/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/signature/fields/beats.yml b/packages/zeek/data_stream/signature/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/signature/fields/beats.yml +++ b/packages/zeek/data_stream/signature/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/signature/fields/fields.yml b/packages/zeek/data_stream/signature/fields/fields.yml index 6b3043bf65e..db7f9af5dda 100644 --- a/packages/zeek/data_stream/signature/fields/fields.yml +++ b/packages/zeek/data_stream/signature/fields/fields.yml @@ -1,6 +1,5 @@ - name: zeek.signature type: group - default_field: false description: > Fields exported by the Zeek Signature log. diff --git a/packages/zeek/data_stream/sip/fields/agent.yml b/packages/zeek/data_stream/sip/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/sip/fields/agent.yml +++ b/packages/zeek/data_stream/sip/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/sip/fields/beats.yml b/packages/zeek/data_stream/sip/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/sip/fields/beats.yml +++ b/packages/zeek/data_stream/sip/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/sip/fields/ecs.yml b/packages/zeek/data_stream/sip/fields/ecs.yml index e11680e2ac8..225eb96970d 100644 --- a/packages/zeek/data_stream/sip/fields/ecs.yml +++ b/packages/zeek/data_stream/sip/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -71,7 +70,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/smb_cmd/fields/agent.yml b/packages/zeek/data_stream/smb_cmd/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/smb_cmd/fields/agent.yml +++ b/packages/zeek/data_stream/smb_cmd/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/smb_cmd/fields/beats.yml b/packages/zeek/data_stream/smb_cmd/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/smb_cmd/fields/beats.yml +++ b/packages/zeek/data_stream/smb_cmd/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/smb_cmd/fields/ecs.yml b/packages/zeek/data_stream/smb_cmd/fields/ecs.yml index e15f8b2f76f..403bbdd0241 100644 --- a/packages/zeek/data_stream/smb_cmd/fields/ecs.yml +++ b/packages/zeek/data_stream/smb_cmd/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -73,7 +72,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/smb_files/fields/agent.yml b/packages/zeek/data_stream/smb_files/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/smb_files/fields/agent.yml +++ b/packages/zeek/data_stream/smb_files/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/smb_files/fields/beats.yml b/packages/zeek/data_stream/smb_files/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/smb_files/fields/beats.yml +++ b/packages/zeek/data_stream/smb_files/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/smb_files/fields/ecs.yml b/packages/zeek/data_stream/smb_files/fields/ecs.yml index 1745a32cd5f..4dfb9f58fd6 100644 --- a/packages/zeek/data_stream/smb_files/fields/ecs.yml +++ b/packages/zeek/data_stream/smb_files/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -85,7 +84,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/smb_mapping/fields/agent.yml b/packages/zeek/data_stream/smb_mapping/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/smb_mapping/fields/agent.yml +++ b/packages/zeek/data_stream/smb_mapping/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/smb_mapping/fields/beats.yml b/packages/zeek/data_stream/smb_mapping/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/smb_mapping/fields/beats.yml +++ b/packages/zeek/data_stream/smb_mapping/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/smb_mapping/fields/ecs.yml b/packages/zeek/data_stream/smb_mapping/fields/ecs.yml index 7147180ac12..da21e3d9817 100644 --- a/packages/zeek/data_stream/smb_mapping/fields/ecs.yml +++ b/packages/zeek/data_stream/smb_mapping/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -69,7 +68,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/smtp/fields/agent.yml b/packages/zeek/data_stream/smtp/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/smtp/fields/agent.yml +++ b/packages/zeek/data_stream/smtp/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/smtp/fields/beats.yml b/packages/zeek/data_stream/smtp/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/smtp/fields/beats.yml +++ b/packages/zeek/data_stream/smtp/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/smtp/fields/ecs.yml b/packages/zeek/data_stream/smtp/fields/ecs.yml index 30cd99f0657..6725a479f0f 100644 --- a/packages/zeek/data_stream/smtp/fields/ecs.yml +++ b/packages/zeek/data_stream/smtp/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -67,7 +66,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/snmp/fields/agent.yml b/packages/zeek/data_stream/snmp/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/snmp/fields/agent.yml +++ b/packages/zeek/data_stream/snmp/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/snmp/fields/beats.yml b/packages/zeek/data_stream/snmp/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/snmp/fields/beats.yml +++ b/packages/zeek/data_stream/snmp/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/snmp/fields/ecs.yml b/packages/zeek/data_stream/snmp/fields/ecs.yml index ec8469ad616..2c0ce3b2723 100644 --- a/packages/zeek/data_stream/snmp/fields/ecs.yml +++ b/packages/zeek/data_stream/snmp/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -67,7 +66,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/socks/fields/agent.yml b/packages/zeek/data_stream/socks/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/socks/fields/agent.yml +++ b/packages/zeek/data_stream/socks/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/socks/fields/beats.yml b/packages/zeek/data_stream/socks/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/socks/fields/beats.yml +++ b/packages/zeek/data_stream/socks/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/socks/fields/ecs.yml b/packages/zeek/data_stream/socks/fields/ecs.yml index 386cec39d8a..6374d95d84f 100644 --- a/packages/zeek/data_stream/socks/fields/ecs.yml +++ b/packages/zeek/data_stream/socks/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -69,7 +68,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/ssh/fields/agent.yml b/packages/zeek/data_stream/ssh/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/ssh/fields/agent.yml +++ b/packages/zeek/data_stream/ssh/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/ssh/fields/beats.yml b/packages/zeek/data_stream/ssh/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/ssh/fields/beats.yml +++ b/packages/zeek/data_stream/ssh/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/ssh/fields/ecs.yml b/packages/zeek/data_stream/ssh/fields/ecs.yml index 8dcb36c3b63..08736b90ad8 100644 --- a/packages/zeek/data_stream/ssh/fields/ecs.yml +++ b/packages/zeek/data_stream/ssh/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -69,7 +68,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/ssl/fields/agent.yml b/packages/zeek/data_stream/ssl/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/ssl/fields/agent.yml +++ b/packages/zeek/data_stream/ssl/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/ssl/fields/beats.yml b/packages/zeek/data_stream/ssl/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/ssl/fields/beats.yml +++ b/packages/zeek/data_stream/ssl/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/ssl/fields/ecs.yml b/packages/zeek/data_stream/ssl/fields/ecs.yml index 27c39bf622b..342c75d41f7 100644 --- a/packages/zeek/data_stream/ssl/fields/ecs.yml +++ b/packages/zeek/data_stream/ssl/fields/ecs.yml @@ -15,7 +15,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -69,7 +68,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/stats/fields/agent.yml b/packages/zeek/data_stream/stats/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/stats/fields/agent.yml +++ b/packages/zeek/data_stream/stats/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/stats/fields/beats.yml b/packages/zeek/data_stream/stats/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/stats/fields/beats.yml +++ b/packages/zeek/data_stream/stats/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/syslog/fields/agent.yml b/packages/zeek/data_stream/syslog/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/syslog/fields/agent.yml +++ b/packages/zeek/data_stream/syslog/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/syslog/fields/beats.yml b/packages/zeek/data_stream/syslog/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/syslog/fields/beats.yml +++ b/packages/zeek/data_stream/syslog/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/syslog/fields/ecs.yml b/packages/zeek/data_stream/syslog/fields/ecs.yml index 94f59bc2236..b6df1a7480b 100644 --- a/packages/zeek/data_stream/syslog/fields/ecs.yml +++ b/packages/zeek/data_stream/syslog/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -67,7 +66,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/traceroute/fields/agent.yml b/packages/zeek/data_stream/traceroute/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/traceroute/fields/agent.yml +++ b/packages/zeek/data_stream/traceroute/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/traceroute/fields/beats.yml b/packages/zeek/data_stream/traceroute/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/traceroute/fields/beats.yml +++ b/packages/zeek/data_stream/traceroute/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/traceroute/fields/ecs.yml b/packages/zeek/data_stream/traceroute/fields/ecs.yml index 3cc612d788a..8b9ca506166 100644 --- a/packages/zeek/data_stream/traceroute/fields/ecs.yml +++ b/packages/zeek/data_stream/traceroute/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -59,7 +58,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/tunnel/fields/agent.yml b/packages/zeek/data_stream/tunnel/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/tunnel/fields/agent.yml +++ b/packages/zeek/data_stream/tunnel/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/tunnel/fields/beats.yml b/packages/zeek/data_stream/tunnel/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/tunnel/fields/beats.yml +++ b/packages/zeek/data_stream/tunnel/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/tunnel/fields/ecs.yml b/packages/zeek/data_stream/tunnel/fields/ecs.yml index 00835dedf9c..23390ea6f72 100644 --- a/packages/zeek/data_stream/tunnel/fields/ecs.yml +++ b/packages/zeek/data_stream/tunnel/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -63,7 +62,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/weird/fields/agent.yml b/packages/zeek/data_stream/weird/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/weird/fields/agent.yml +++ b/packages/zeek/data_stream/weird/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/weird/fields/beats.yml b/packages/zeek/data_stream/weird/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/weird/fields/beats.yml +++ b/packages/zeek/data_stream/weird/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/data_stream/weird/fields/ecs.yml b/packages/zeek/data_stream/weird/fields/ecs.yml index 8e984c513f4..0a56c819488 100644 --- a/packages/zeek/data_stream/weird/fields/ecs.yml +++ b/packages/zeek/data_stream/weird/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -61,7 +60,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zeek/data_stream/x509/fields/agent.yml b/packages/zeek/data_stream/x509/fields/agent.yml index 79a7a39864b..fc77e7ba480 100644 --- a/packages/zeek/data_stream/x509/fields/agent.yml +++ b/packages/zeek/data_stream/x509/fields/agent.yml @@ -1,51 +1,35 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -53,111 +37,81 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - name: id - level: core type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." @@ -168,13 +122,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zeek/data_stream/x509/fields/beats.yml b/packages/zeek/data_stream/x509/fields/beats.yml index 470f5fae484..10306366e34 100644 --- a/packages/zeek/data_stream/x509/fields/beats.yml +++ b/packages/zeek/data_stream/x509/fields/beats.yml @@ -6,7 +6,6 @@ name: input.type type: keyword - description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 name: log.file.path type: keyword @@ -17,7 +16,6 @@ name: log.offset type: long - description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 name: tags type: keyword diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index 6c2fe07fb48..00fa8316286 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -1,6 +1,6 @@ name: zeek title: Zeek Logs -version: 1.8.0 +version: "1.8.1" release: ga description: Collect and parse logs from Zeek network security with Elastic Agent. type: integration diff --git a/packages/zerofox/changelog.yml b/packages/zerofox/changelog.yml index 1426081c467..b752c6b8d19 100644 --- a/packages/zerofox/changelog.yml +++ b/packages/zerofox/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.0" changes: - description: Update to ECS 8.2 diff --git a/packages/zerofox/data_stream/alerts/fields/agent.yml b/packages/zerofox/data_stream/alerts/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/zerofox/data_stream/alerts/fields/agent.yml +++ b/packages/zerofox/data_stream/alerts/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zerofox/data_stream/alerts/fields/base-fields.yml b/packages/zerofox/data_stream/alerts/fields/base-fields.yml index 0e4b6bde4fd..c577bff7f17 100644 --- a/packages/zerofox/data_stream/alerts/fields/base-fields.yml +++ b/packages/zerofox/data_stream/alerts/fields/base-fields.yml @@ -29,6 +29,5 @@ value: zerofox.alerts - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/zerofox/manifest.yml b/packages/zerofox/manifest.yml index bcba3369d6f..79ff61e994e 100644 --- a/packages/zerofox/manifest.yml +++ b/packages/zerofox/manifest.yml @@ -1,6 +1,6 @@ name: zerofox title: ZeroFox -version: 1.3.0 +version: "1.3.1" release: ga description: Collect data from ZeroFox Cloud Platform with Elastic Agent. type: integration diff --git a/packages/zookeeper/changelog.yml b/packages/zookeeper/changelog.yml index 6745d60abbe..8b472af6aed 100644 --- a/packages/zookeeper/changelog.yml +++ b/packages/zookeeper/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.1" changes: - description: Add documentation for multi-fields diff --git a/packages/zookeeper/data_stream/connection/fields/agent.yml b/packages/zookeeper/data_stream/connection/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/zookeeper/data_stream/connection/fields/agent.yml +++ b/packages/zookeeper/data_stream/connection/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zookeeper/data_stream/mntr/fields/agent.yml b/packages/zookeeper/data_stream/mntr/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/zookeeper/data_stream/mntr/fields/agent.yml +++ b/packages/zookeeper/data_stream/mntr/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zookeeper/data_stream/server/fields/agent.yml b/packages/zookeeper/data_stream/server/fields/agent.yml index da4e652c53b..7e2781afced 100644 --- a/packages/zookeeper/data_stream/server/fields/agent.yml +++ b/packages/zookeeper/data_stream/server/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zookeeper/manifest.yml b/packages/zookeeper/manifest.yml index e1999772458..78b18df487a 100644 --- a/packages/zookeeper/manifest.yml +++ b/packages/zookeeper/manifest.yml @@ -1,6 +1,6 @@ name: zookeeper title: ZooKeeper Metrics -version: 1.3.1 +version: "1.3.2" description: Collect metrics from ZooKeeper service with Elastic Agent. type: integration icons: diff --git a/packages/zoom/changelog.yml b/packages/zoom/changelog.yml index 08c85456cf0..fea8c062902 100644 --- a/packages/zoom/changelog.yml +++ b/packages/zoom/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "1.3.1" changes: - description: Fix content-type handling. diff --git a/packages/zoom/data_stream/webhook/fields/agent.yml b/packages/zoom/data_stream/webhook/fields/agent.yml index 845b84ed9c0..8b8b9fdae69 100644 --- a/packages/zoom/data_stream/webhook/fields/agent.yml +++ b/packages/zoom/data_stream/webhook/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zoom/data_stream/webhook/fields/fields.yml b/packages/zoom/data_stream/webhook/fields/fields.yml index 1d4a414f54d..704ff3b5e56 100644 --- a/packages/zoom/data_stream/webhook/fields/fields.yml +++ b/packages/zoom/data_stream/webhook/fields/fields.yml @@ -1,6 +1,5 @@ - name: zoom type: group - release: beta fields: - name: master_account_id type: keyword diff --git a/packages/zoom/manifest.yml b/packages/zoom/manifest.yml index 4dfa1433b31..d86e69cc5aa 100644 --- a/packages/zoom/manifest.yml +++ b/packages/zoom/manifest.yml @@ -1,6 +1,6 @@ name: zoom title: Zoom -version: 1.3.1 +version: "1.3.2" release: ga description: Collect data from Zoom Platform API with Elastic Agent. type: integration diff --git a/packages/zscaler/changelog.yml b/packages/zscaler/changelog.yml index 4de5416f605..fdcdbb0c079 100644 --- a/packages/zscaler/changelog.yml +++ b/packages/zscaler/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.2" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.5.1" changes: - description: Mark package as deprecated. Use the zscaler_zia package instead. diff --git a/packages/zscaler/data_stream/zia/fields/base-fields.yml b/packages/zscaler/data_stream/zia/fields/base-fields.yml index 9a64f92d5b5..01366cc0f24 100644 --- a/packages/zscaler/data_stream/zia/fields/base-fields.yml +++ b/packages/zscaler/data_stream/zia/fields/base-fields.yml @@ -27,7 +27,6 @@ type: keyword - name: log.file.path description: Full path to the log file this event came from. - example: /var/log/fun-times.log ignore_above: 1024 type: keyword - name: log.source.address @@ -41,6 +40,5 @@ type: long - name: tags description: List of keywords used to tag each event. - example: '["production", "env2"]' ignore_above: 1024 type: keyword diff --git a/packages/zscaler/data_stream/zia/fields/ecs.yml b/packages/zscaler/data_stream/zia/fields/ecs.yml index a871c6d287f..0c4ef8cfeca 100644 --- a/packages/zscaler/data_stream/zia/fields/ecs.yml +++ b/packages/zscaler/data_stream/zia/fields/ecs.yml @@ -23,7 +23,6 @@ - external: ecs name: destination.geo.country_name - description: Longitude and latitude. - level: core name: destination.geo.location type: geo_point - external: ecs @@ -187,7 +186,6 @@ - external: ecs name: source.geo.country_name - description: Longitude and latitude. - level: core name: source.geo.location type: geo_point - external: ecs diff --git a/packages/zscaler/manifest.yml b/packages/zscaler/manifest.yml index 14247824f9a..65f8597a081 100644 --- a/packages/zscaler/manifest.yml +++ b/packages/zscaler/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler title: Zscaler NSS Logs -version: 0.5.1 +version: "0.5.2" description: Deprecated. Use the Zscaler ZIA integration instead. categories: ["network", "security"] release: experimental diff --git a/packages/zscaler_zia/changelog.yml b/packages/zscaler_zia/changelog.yml index e314cbf50d8..2a903b10671 100644 --- a/packages/zscaler_zia/changelog.yml +++ b/packages/zscaler_zia/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.0.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "2.0.0" changes: - description: Added input for Cloud NSS using HTTP Endpoint input type. diff --git a/packages/zscaler_zia/data_stream/alerts/fields/agent.yml b/packages/zscaler_zia/data_stream/alerts/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/zscaler_zia/data_stream/alerts/fields/agent.yml +++ b/packages/zscaler_zia/data_stream/alerts/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zscaler_zia/data_stream/dns/fields/agent.yml b/packages/zscaler_zia/data_stream/dns/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/zscaler_zia/data_stream/dns/fields/agent.yml +++ b/packages/zscaler_zia/data_stream/dns/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zscaler_zia/data_stream/firewall/fields/agent.yml b/packages/zscaler_zia/data_stream/firewall/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/zscaler_zia/data_stream/firewall/fields/agent.yml +++ b/packages/zscaler_zia/data_stream/firewall/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zscaler_zia/data_stream/tunnel/fields/agent.yml b/packages/zscaler_zia/data_stream/tunnel/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/zscaler_zia/data_stream/tunnel/fields/agent.yml +++ b/packages/zscaler_zia/data_stream/tunnel/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zscaler_zia/data_stream/web/fields/agent.yml b/packages/zscaler_zia/data_stream/web/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/zscaler_zia/data_stream/web/fields/agent.yml +++ b/packages/zscaler_zia/data_stream/web/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zscaler_zia/manifest.yml b/packages/zscaler_zia/manifest.yml index 513de6f32b1..e0a0a7da35a 100644 --- a/packages/zscaler_zia/manifest.yml +++ b/packages/zscaler_zia/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler_zia title: Zscaler Internet Access -version: 2.0.0 +version: "2.0.1" license: basic description: Collect logs from Zscaler Internet Access (ZIA) with Elastic Agent. type: integration diff --git a/packages/zscaler_zpa/changelog.yml b/packages/zscaler_zpa/changelog.yml index 81523cf4d22..20506d37ac2 100644 --- a/packages/zscaler_zpa/changelog.yml +++ b/packages/zscaler_zpa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.1" + changes: + - description: Remove unused field properties and fix typos. + type: bugfix + link: https://github.com/elastic/integrations/pull/3239 - version: "0.2.0" changes: - description: Update ECS to 8.2 diff --git a/packages/zscaler_zpa/data_stream/app_connector_status/fields/agent.yml b/packages/zscaler_zpa/data_stream/app_connector_status/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/zscaler_zpa/data_stream/app_connector_status/fields/agent.yml +++ b/packages/zscaler_zpa/data_stream/app_connector_status/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zscaler_zpa/data_stream/audit/fields/agent.yml b/packages/zscaler_zpa/data_stream/audit/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/zscaler_zpa/data_stream/audit/fields/agent.yml +++ b/packages/zscaler_zpa/data_stream/audit/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zscaler_zpa/data_stream/audit/fields/ecs.yml b/packages/zscaler_zpa/data_stream/audit/fields/ecs.yml index db646bab41a..94ca53dde0c 100644 --- a/packages/zscaler_zpa/data_stream/audit/fields/ecs.yml +++ b/packages/zscaler_zpa/data_stream/audit/fields/ecs.yml @@ -13,7 +13,6 @@ - external: ecs name: observer.geo.country_name - description: Longitude and latitude. - level: core name: observer.geo.location type: geo_point - external: ecs diff --git a/packages/zscaler_zpa/data_stream/browser_access/fields/agent.yml b/packages/zscaler_zpa/data_stream/browser_access/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/fields/agent.yml +++ b/packages/zscaler_zpa/data_stream/browser_access/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zscaler_zpa/data_stream/user_activity/fields/agent.yml b/packages/zscaler_zpa/data_stream/user_activity/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/fields/agent.yml +++ b/packages/zscaler_zpa/data_stream/user_activity/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zscaler_zpa/data_stream/user_activity/fields/ecs.yml b/packages/zscaler_zpa/data_stream/user_activity/fields/ecs.yml index e962c22ab2f..00fbc4a6d8d 100644 --- a/packages/zscaler_zpa/data_stream/user_activity/fields/ecs.yml +++ b/packages/zscaler_zpa/data_stream/user_activity/fields/ecs.yml @@ -1,7 +1,6 @@ - external: ecs name: client.geo.country_iso_code - description: Longitude and latitude. - level: core name: client.geo.location type: geo_point - external: ecs diff --git a/packages/zscaler_zpa/data_stream/user_status/fields/agent.yml b/packages/zscaler_zpa/data_stream/user_status/fields/agent.yml index e313ec82874..8e51d266db1 100644 --- a/packages/zscaler_zpa/data_stream/user_status/fields/agent.yml +++ b/packages/zscaler_zpa/data_stream/user_status/fields/agent.yml @@ -1,53 +1,37 @@ - name: cloud - title: Cloud - group: 2 description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - name: account.id - level: extended type: keyword ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone - level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. - example: us-east-1c - name: instance.id - level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name - level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - name: machine.type - level: extended type: keyword ignore_above: 1024 description: Machine type of the host machine. - example: t2.medium - name: provider - level: extended type: keyword ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region - level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -55,65 +39,50 @@ type: keyword description: Image ID for the cloud instance. - name: container - title: Container - group: 2 description: 'Container fields are used for meta information about the specific container that is the source of information. These fields help correlate data based containers from any runtime.' type: group fields: - name: id - level: core type: keyword ignore_above: 1024 description: Unique container id. - name: image.name - level: extended type: keyword ignore_above: 1024 description: Name of the image the container was built on. - name: labels - level: extended type: object object_type: keyword description: Image labels. - name: name - level: extended type: keyword ignore_above: 1024 description: Container name. - name: host - title: Host - group: 2 description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - name: architecture - level: core type: keyword ignore_above: 1024 description: Operating system architecture. - example: x86_64 - name: domain - level: extended type: keyword ignore_above: 1024 description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - name: hostname - level: core type: keyword ignore_above: 1024 description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id - level: core type: keyword ignore_above: 1024 description: 'Unique host id. @@ -122,58 +91,43 @@ Example: The current usage of `beat.name`.' - name: ip - level: core type: ip description: Host ip addresses. - name: mac - level: core type: keyword ignore_above: 1024 description: Host mac addresses. - name: name - level: core type: keyword ignore_above: 1024 description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family - level: extended type: keyword ignore_above: 1024 description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel - level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - name: os.name - level: extended type: keyword ignore_above: 1024 multi_fields: - name: text type: text norms: false - default_field: false description: Operating system name, without the version. - example: Mac OS X - name: os.platform - level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version - level: extended type: keyword ignore_above: 1024 description: Operating system version as a raw string. - example: 10.14.1 - name: type - level: core type: keyword ignore_above: 1024 description: 'Type of host. @@ -186,13 +140,11 @@ - name: os.build type: keyword - example: "18D109" description: > OS build information. - name: os.codename type: keyword - example: "stretch" description: > OS codename, if any. diff --git a/packages/zscaler_zpa/data_stream/user_status/fields/ecs.yml b/packages/zscaler_zpa/data_stream/user_status/fields/ecs.yml index 7eb11b68a46..46913afeed7 100644 --- a/packages/zscaler_zpa/data_stream/user_status/fields/ecs.yml +++ b/packages/zscaler_zpa/data_stream/user_status/fields/ecs.yml @@ -1,7 +1,6 @@ - external: ecs name: client.geo.country_iso_code - description: Longitude and latitude. - level: core name: client.geo.location type: geo_point - external: ecs @@ -13,7 +12,6 @@ - external: ecs name: server.geo.country_iso_code - description: Longitude and latitude. - level: core name: server.geo.location type: geo_point - external: ecs diff --git a/packages/zscaler_zpa/manifest.yml b/packages/zscaler_zpa/manifest.yml index 79955d06802..c83b386f88e 100644 --- a/packages/zscaler_zpa/manifest.yml +++ b/packages/zscaler_zpa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler_zpa title: "Zscaler Private Access" -version: 0.2.0 +version: "0.2.1" license: basic description: Collect logs from Zscaler Private Access (ZPA) with Elastic Agent. type: integration