diff --git a/go.mod b/go.mod index 8e085d07aaf..d2d07ac11fa 100644 --- a/go.mod +++ b/go.mod @@ -179,3 +179,5 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) + +replace github.com/elastic/package-spec => github.com/jsoriano/package-spec v0.0.0-20220608165341-9e89c82d2c33 diff --git a/go.sum b/go.sum index f958f6f5998..38849edcfb4 100644 --- a/go.sum +++ b/go.sum @@ -447,8 +447,6 @@ github.com/elastic/go-windows v1.0.1 h1:AlYZOldA+UJ0/2nBuqWdo90GFCgG9xuyw9SYzGUt github.com/elastic/go-windows v1.0.1/go.mod h1:FoVvqWSun28vaDQPbj2Elfc0JahhPB7WQEGa3c814Ss= github.com/elastic/package-registry v1.9.0 h1:Lsyv2NFyHcjyilH5QCbOUqAQ5ou/X6kwGnxSy9w3TJM= github.com/elastic/package-registry v1.9.0/go.mod h1:xpU/UP13LG6rhXWrSKDO92am7QneOdbr4BM8EFrscYc= -github.com/elastic/package-spec v1.11.0 h1:atrhfGqCDVOnVO83Qh+doAjWnk/3Cs+d4C0U1YhvhgI= -github.com/elastic/package-spec v1.11.0/go.mod h1:KzGTSDqCkdhmL1IFpOH2ZQNSSE9JEhNtndxU3ZrQilA= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= @@ -824,6 +822,8 @@ github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/ github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/jsoriano/package-spec v0.0.0-20220608165341-9e89c82d2c33 h1:XwgGOb5FnBGA77KBOnip3094Hm040pbotqU1uszCWDg= +github.com/jsoriano/package-spec v0.0.0-20220608165341-9e89c82d2c33/go.mod h1:KzGTSDqCkdhmL1IFpOH2ZQNSSE9JEhNtndxU3ZrQilA= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= diff --git a/packages/activemq/changelog.yml b/packages/activemq/changelog.yml index d1a86f7c13e..0c7899e861f 100644 --- a/packages/activemq/changelog.yml +++ b/packages/activemq/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.3.1" changes: - description: Add documentation for multi-fields diff --git a/packages/activemq/data_stream/audit/fields/ecs.yml b/packages/activemq/data_stream/audit/fields/ecs.yml index 12993b02683..a34bb7b2a25 100644 --- a/packages/activemq/data_stream/audit/fields/ecs.yml +++ b/packages/activemq/data_stream/audit/fields/ecs.yml @@ -82,22 +82,14 @@ name: user.name - external: ecs name: user_agent.device.name -- external: ecs - name: user_agent.device.name -- external: ecs - name: user_agent.name - external: ecs name: user_agent.name - external: ecs name: user_agent.original -- external: ecs - name: user_agent.original - external: ecs name: user_agent.os.full - external: ecs name: user_agent.os.name -- external: ecs - name: user_agent.os.name - external: ecs name: user_agent.os.version - external: ecs diff --git a/packages/activemq/data_stream/audit/fields/fields.yml b/packages/activemq/data_stream/audit/fields/fields.yml deleted file mode 100644 index 25913847839..00000000000 --- a/packages/activemq/data_stream/audit/fields/fields.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: activemq.audit - type: group diff --git a/packages/activemq/data_stream/broker/fields/ecs.yml b/packages/activemq/data_stream/broker/fields/ecs.yml index 12993b02683..a34bb7b2a25 100644 --- a/packages/activemq/data_stream/broker/fields/ecs.yml +++ b/packages/activemq/data_stream/broker/fields/ecs.yml @@ -82,22 +82,14 @@ name: user.name - external: ecs name: user_agent.device.name -- external: ecs - name: user_agent.device.name -- external: ecs - name: user_agent.name - external: ecs name: user_agent.name - external: ecs name: user_agent.original -- external: ecs - name: user_agent.original - external: ecs name: user_agent.os.full - external: ecs name: user_agent.os.name -- external: ecs - name: user_agent.os.name - external: ecs name: user_agent.os.version - external: ecs diff --git a/packages/activemq/data_stream/log/fields/ecs.yml b/packages/activemq/data_stream/log/fields/ecs.yml index 12993b02683..a34bb7b2a25 100644 --- a/packages/activemq/data_stream/log/fields/ecs.yml +++ b/packages/activemq/data_stream/log/fields/ecs.yml @@ -82,22 +82,14 @@ name: user.name - external: ecs name: user_agent.device.name -- external: ecs - name: user_agent.device.name -- external: ecs - name: user_agent.name - external: ecs name: user_agent.name - external: ecs name: user_agent.original -- external: ecs - name: user_agent.original - external: ecs name: user_agent.os.full - external: ecs name: user_agent.os.name -- external: ecs - name: user_agent.os.name - external: ecs name: user_agent.os.version - external: ecs diff --git a/packages/activemq/data_stream/queue/fields/ecs.yml b/packages/activemq/data_stream/queue/fields/ecs.yml index 12993b02683..a34bb7b2a25 100644 --- a/packages/activemq/data_stream/queue/fields/ecs.yml +++ b/packages/activemq/data_stream/queue/fields/ecs.yml @@ -82,22 +82,14 @@ name: user.name - external: ecs name: user_agent.device.name -- external: ecs - name: user_agent.device.name -- external: ecs - name: user_agent.name - external: ecs name: user_agent.name - external: ecs name: user_agent.original -- external: ecs - name: user_agent.original - external: ecs name: user_agent.os.full - external: ecs name: user_agent.os.name -- external: ecs - name: user_agent.os.name - external: ecs name: user_agent.os.version - external: ecs diff --git a/packages/activemq/data_stream/topic/fields/ecs.yml b/packages/activemq/data_stream/topic/fields/ecs.yml index 12993b02683..a34bb7b2a25 100644 --- a/packages/activemq/data_stream/topic/fields/ecs.yml +++ b/packages/activemq/data_stream/topic/fields/ecs.yml @@ -82,22 +82,14 @@ name: user.name - external: ecs name: user_agent.device.name -- external: ecs - name: user_agent.device.name -- external: ecs - name: user_agent.name - external: ecs name: user_agent.name - external: ecs name: user_agent.original -- external: ecs - name: user_agent.original - external: ecs name: user_agent.os.full - external: ecs name: user_agent.os.name -- external: ecs - name: user_agent.os.name - external: ecs name: user_agent.os.version - external: ecs diff --git a/packages/activemq/manifest.yml b/packages/activemq/manifest.yml index 8c88a6d1d42..fad6f520d89 100644 --- a/packages/activemq/manifest.yml +++ b/packages/activemq/manifest.yml @@ -1,6 +1,6 @@ name: activemq title: ActiveMQ -version: 0.3.1 +version: 0.3.2 release: beta description: Collect logs and metrics from ActiveMQ instances with Elastic Agent. type: integration diff --git a/packages/akamai/changelog.yml b/packages/akamai/changelog.yml index d3b67a0c62d..aeecbcd5ceb 100644 --- a/packages/akamai/changelog.yml +++ b/packages/akamai/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/akamai/data_stream/siem/fields/ecs.yml b/packages/akamai/data_stream/siem/fields/ecs.yml index 22e38558e07..76130228c59 100644 --- a/packages/akamai/data_stream/siem/fields/ecs.yml +++ b/packages/akamai/data_stream/siem/fields/ecs.yml @@ -12,8 +12,6 @@ external: ecs - name: client.geo.continent_name external: ecs -- name: client.geo.country_iso_code - external: ecs - name: client.geo.region_iso_code external: ecs - name: client.geo.location diff --git a/packages/akamai/manifest.yml b/packages/akamai/manifest.yml index 0f83a797797..4a387753fc2 100644 --- a/packages/akamai/manifest.yml +++ b/packages/akamai/manifest.yml @@ -1,6 +1,6 @@ name: akamai title: Akamai -version: 1.0.0 +version: 1.0.1 release: ga description: Akamai Integration type: integration diff --git a/packages/apache/changelog.yml b/packages/apache/changelog.yml index ca313e8e6c3..088bd04c86e 100644 --- a/packages/apache/changelog.yml +++ b/packages/apache/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.4.0" changes: - description: Migration of tile map to map in logs dashboard diff --git a/packages/apache/data_stream/access/fields/ecs.yml b/packages/apache/data_stream/access/fields/ecs.yml index 12993b02683..a34bb7b2a25 100644 --- a/packages/apache/data_stream/access/fields/ecs.yml +++ b/packages/apache/data_stream/access/fields/ecs.yml @@ -82,22 +82,14 @@ name: user.name - external: ecs name: user_agent.device.name -- external: ecs - name: user_agent.device.name -- external: ecs - name: user_agent.name - external: ecs name: user_agent.name - external: ecs name: user_agent.original -- external: ecs - name: user_agent.original - external: ecs name: user_agent.os.full - external: ecs name: user_agent.os.name -- external: ecs - name: user_agent.os.name - external: ecs name: user_agent.os.version - external: ecs diff --git a/packages/apache/data_stream/error/fields/base-fields.yml b/packages/apache/data_stream/error/fields/base-fields.yml index e134277b8e1..15365c71bdd 100644 --- a/packages/apache/data_stream/error/fields/base-fields.yml +++ b/packages/apache/data_stream/error/fields/base-fields.yml @@ -10,11 +10,6 @@ - name: '@timestamp' type: date description: Event timestamp. -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword - name: event.module type: constant_keyword description: Event module diff --git a/packages/apache/manifest.yml b/packages/apache/manifest.yml index 06b84d4b75a..68cd2cad7c6 100644 --- a/packages/apache/manifest.yml +++ b/packages/apache/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: apache title: Apache HTTP Server -version: 1.4.0 +version: 1.4.1 license: basic description: Collect logs and metrics from Apache servers with Elastic Agent. type: integration diff --git a/packages/auditd/changelog.yml b/packages/auditd/changelog.yml index 56a6b527ef1..5690cb2f178 100644 --- a/packages/auditd/changelog.yml +++ b/packages/auditd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.1.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "3.1.0" changes: - description: Change title to Auditd Logs diff --git a/packages/auditd/data_stream/log/fields/agent.yml b/packages/auditd/data_stream/log/fields/agent.yml index e313ec82874..f027c185f47 100644 --- a/packages/auditd/data_stream/log/fields/agent.yml +++ b/packages/auditd/data_stream/log/fields/agent.yml @@ -77,11 +77,6 @@ type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 @@ -90,12 +85,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - name: domain level: extended type: keyword diff --git a/packages/auditd/data_stream/log/fields/fields.yml b/packages/auditd/data_stream/log/fields/fields.yml index 90ad2435aea..3d863613f31 100644 --- a/packages/auditd/data_stream/log/fields/fields.yml +++ b/packages/auditd/data_stream/log/fields/fields.yml @@ -36,9 +36,6 @@ type: keyword description: | The first argument to the system call. - - name: a0 - description: The first argument to the system call. - type: keyword - name: addr type: ip - name: rport @@ -175,8 +172,6 @@ type: keyword - name: vm-ctx type: keyword - - name: geoip - type: group - name: uid type: keyword - name: record_type diff --git a/packages/auditd/data_stream/log/fields/package-fields.yml b/packages/auditd/data_stream/log/fields/package-fields.yml index 208d48ec1f7..77be81b7a78 100644 --- a/packages/auditd/data_stream/log/fields/package-fields.yml +++ b/packages/auditd/data_stream/log/fields/package-fields.yml @@ -24,25 +24,6 @@ type: keyword description: | Name of the group. - - name: effective - type: group - fields: - - name: id - type: keyword - description: | - One or multiple unique identifiers of the user. - - name: name - type: keyword - description: | - Short name or login of the user. - - name: group.id - type: keyword - description: | - Unique identifier for the group on the system/platform. - - name: group.name - type: keyword - description: | - Name of the group. - name: filesystem type: group fields: @@ -100,5 +81,3 @@ type: keyword description: | Name of the group. -- name: auditd - type: group diff --git a/packages/auditd/manifest.yml b/packages/auditd/manifest.yml index d0978865445..c9fcad49cf3 100644 --- a/packages/auditd/manifest.yml +++ b/packages/auditd/manifest.yml @@ -1,6 +1,6 @@ name: auditd title: Auditd Logs -version: 3.1.0 +version: 3.1.1 release: ga description: Collect logs from Linux audit daemon with Elastic Agent. type: integration diff --git a/packages/auth0/changelog.yml b/packages/auth0/changelog.yml index efcc0a7517e..e0b7ac4ddc6 100644 --- a/packages/auth0/changelog.yml +++ b/packages/auth0/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/auth0/data_stream/logs/fields/fields.yml b/packages/auth0/data_stream/logs/fields/fields.yml index fc2da86b51d..a1d734682ff 100644 --- a/packages/auth0/data_stream/logs/fields/fields.yml +++ b/packages/auth0/data_stream/logs/fields/fields.yml @@ -61,9 +61,6 @@ - name: strategy_type type: keyword description: Type of strategy involved in the event. - - name: log_id - type: keyword - description: Unique ID of the event. - name: is_mobile type: boolean description: Whether the client was a mobile device (true) or desktop/laptop/server (false). diff --git a/packages/auth0/docs/README.md b/packages/auth0/docs/README.md index a40c20f6acb..a7919e3992a 100644 --- a/packages/auth0/docs/README.md +++ b/packages/auth0/docs/README.md @@ -71,7 +71,7 @@ The Auth0 logs dataset provides events from Auth0 log stream. All Auth0 log even | auth0.logs.data.location_info.latitude | Global latitude (horizontal) position. | keyword | | auth0.logs.data.location_info.longitude | Global longitude (vertical) position. | keyword | | auth0.logs.data.location_info.time_zone | Time zone name as found in the [tz database](https://www.iana.org/time-zones). | keyword | -| auth0.logs.data.log_id | Unique ID of the event. | keyword | +| auth0.logs.data.log_id | Unique log event identifier | keyword | | auth0.logs.data.login.completedAt | Time at which the operation was completed | date | | auth0.logs.data.login.elapsedTime | Number of milliseconds the operation took to complete. | long | | auth0.logs.data.login.initiatedAt | Time at which the operation was initiated | date | diff --git a/packages/auth0/manifest.yml b/packages/auth0/manifest.yml index c92f640b6c5..956b64b6707 100644 --- a/packages/auth0/manifest.yml +++ b/packages/auth0/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: auth0 title: "Auth0 Log Streams Integration" -version: 1.0.0 +version: 1.0.1 license: basic description: Collect logs from Auth0 with Elastic Agent. type: integration diff --git a/packages/aws/changelog.yml b/packages/aws/changelog.yml index ae32f587a32..3ad2f4261d3 100644 --- a/packages/aws/changelog.yml +++ b/packages/aws/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.16.4" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.16.3" changes: - description: Move RDS metrics config from beats to integrations diff --git a/packages/aws/data_stream/billing/fields/agent.yml b/packages/aws/data_stream/billing/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/billing/fields/agent.yml +++ b/packages/aws/data_stream/billing/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/cloudtrail/fields/agent.yml b/packages/aws/data_stream/cloudtrail/fields/agent.yml index da4e652c53b..f159d392948 100644 --- a/packages/aws/data_stream/cloudtrail/fields/agent.yml +++ b/packages/aws/data_stream/cloudtrail/fields/agent.yml @@ -5,14 +5,6 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone level: extended type: keyword @@ -42,12 +34,6 @@ ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/cloudwatch_metrics/fields/agent.yml b/packages/aws/data_stream/cloudwatch_metrics/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/cloudwatch_metrics/fields/agent.yml +++ b/packages/aws/data_stream/cloudwatch_metrics/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/cloudwatch_metrics/fields/fields.yml b/packages/aws/data_stream/cloudwatch_metrics/fields/fields.yml index 0422c9afed4..d466ecf0814 100644 --- a/packages/aws/data_stream/cloudwatch_metrics/fields/fields.yml +++ b/packages/aws/data_stream/cloudwatch_metrics/fields/fields.yml @@ -1,11 +1,6 @@ - name: aws type: group fields: - - name: dimensions.* - type: object - object_type: keyword - object_type_mapping_type: "*" - description: Metric dimensions. - name: cloudwatch type: group fields: diff --git a/packages/aws/data_stream/dynamodb/fields/agent.yml b/packages/aws/data_stream/dynamodb/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/dynamodb/fields/agent.yml +++ b/packages/aws/data_stream/dynamodb/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/ebs/fields/agent.yml b/packages/aws/data_stream/ebs/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/ebs/fields/agent.yml +++ b/packages/aws/data_stream/ebs/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/ec2_metrics/fields/agent.yml b/packages/aws/data_stream/ec2_metrics/fields/agent.yml index 8603c3c91e2..990a769bead 100644 --- a/packages/aws/data_stream/ec2_metrics/fields/agent.yml +++ b/packages/aws/data_stream/ec2_metrics/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -202,18 +164,6 @@ description: > Percent CPU used. This value is normalized by the number of CPU cores and it ranges from 0 to 1. - - name: disk.read.bytes - type: long - format: bytes - description: > - The total number of bytes read successfully in a given period of time. - - - name: disk.write.bytes - type: long - format: bytes - description: > - The total number of bytes write successfully in a given period of time. - - name: network.in.bytes type: long format: bytes diff --git a/packages/aws/data_stream/elb_logs/fields/agent.yml b/packages/aws/data_stream/elb_logs/fields/agent.yml index da4e652c53b..4351e0e8210 100644 --- a/packages/aws/data_stream/elb_logs/fields/agent.yml +++ b/packages/aws/data_stream/elb_logs/fields/agent.yml @@ -36,12 +36,6 @@ ignore_above: 1024 description: Machine type of the host machine. example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region level: extended type: keyword diff --git a/packages/aws/data_stream/elb_metrics/fields/agent.yml b/packages/aws/data_stream/elb_metrics/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/elb_metrics/fields/agent.yml +++ b/packages/aws/data_stream/elb_metrics/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/firewall_logs/fields/agent.yml b/packages/aws/data_stream/firewall_logs/fields/agent.yml index da4e652c53b..f159d392948 100644 --- a/packages/aws/data_stream/firewall_logs/fields/agent.yml +++ b/packages/aws/data_stream/firewall_logs/fields/agent.yml @@ -5,14 +5,6 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone level: extended type: keyword @@ -42,12 +34,6 @@ ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/firewall_metrics/fields/agent.yml b/packages/aws/data_stream/firewall_metrics/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/firewall_metrics/fields/agent.yml +++ b/packages/aws/data_stream/firewall_metrics/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/lambda/fields/agent.yml b/packages/aws/data_stream/lambda/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/lambda/fields/agent.yml +++ b/packages/aws/data_stream/lambda/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/natgateway/fields/agent.yml b/packages/aws/data_stream/natgateway/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/natgateway/fields/agent.yml +++ b/packages/aws/data_stream/natgateway/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/rds/fields/agent.yml b/packages/aws/data_stream/rds/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/rds/fields/agent.yml +++ b/packages/aws/data_stream/rds/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/s3_daily_storage/fields/agent.yml b/packages/aws/data_stream/s3_daily_storage/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/s3_daily_storage/fields/agent.yml +++ b/packages/aws/data_stream/s3_daily_storage/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/s3_request/fields/agent.yml b/packages/aws/data_stream/s3_request/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/s3_request/fields/agent.yml +++ b/packages/aws/data_stream/s3_request/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/s3_storage_lens/fields/agent.yml b/packages/aws/data_stream/s3_storage_lens/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/s3_storage_lens/fields/agent.yml +++ b/packages/aws/data_stream/s3_storage_lens/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/s3access/fields/agent.yml b/packages/aws/data_stream/s3access/fields/agent.yml index da4e652c53b..4351e0e8210 100644 --- a/packages/aws/data_stream/s3access/fields/agent.yml +++ b/packages/aws/data_stream/s3access/fields/agent.yml @@ -36,12 +36,6 @@ ignore_above: 1024 description: Machine type of the host machine. example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region level: extended type: keyword diff --git a/packages/aws/data_stream/sns/fields/agent.yml b/packages/aws/data_stream/sns/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/sns/fields/agent.yml +++ b/packages/aws/data_stream/sns/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/sqs/fields/agent.yml b/packages/aws/data_stream/sqs/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/sqs/fields/agent.yml +++ b/packages/aws/data_stream/sqs/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/transitgateway/fields/agent.yml b/packages/aws/data_stream/transitgateway/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/transitgateway/fields/agent.yml +++ b/packages/aws/data_stream/transitgateway/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/usage/fields/agent.yml b/packages/aws/data_stream/usage/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/usage/fields/agent.yml +++ b/packages/aws/data_stream/usage/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/vpcflow/fields/agent.yml b/packages/aws/data_stream/vpcflow/fields/agent.yml index da4e652c53b..f5878ee6bf7 100644 --- a/packages/aws/data_stream/vpcflow/fields/agent.yml +++ b/packages/aws/data_stream/vpcflow/fields/agent.yml @@ -5,26 +5,12 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword @@ -36,12 +22,6 @@ ignore_above: 1024 description: Machine type of the host machine. example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region level: extended type: keyword diff --git a/packages/aws/data_stream/vpcflow/fields/ecs.yml b/packages/aws/data_stream/vpcflow/fields/ecs.yml index 0c0d9f73c4c..77b14a355c7 100644 --- a/packages/aws/data_stream/vpcflow/fields/ecs.yml +++ b/packages/aws/data_stream/vpcflow/fields/ecs.yml @@ -68,8 +68,6 @@ external: ecs - name: source.as.organization.name external: ecs -- name: source.as.organization.name - external: ecs - name: source.bytes external: ecs - name: source.geo.city_name diff --git a/packages/aws/data_stream/vpn/fields/agent.yml b/packages/aws/data_stream/vpn/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/aws/data_stream/vpn/fields/agent.yml +++ b/packages/aws/data_stream/vpn/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/aws/data_stream/waf/fields/agent.yml b/packages/aws/data_stream/waf/fields/agent.yml index da4e652c53b..4351e0e8210 100644 --- a/packages/aws/data_stream/waf/fields/agent.yml +++ b/packages/aws/data_stream/waf/fields/agent.yml @@ -36,12 +36,6 @@ ignore_above: 1024 description: Machine type of the host machine. example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - name: region level: extended type: keyword diff --git a/packages/aws/docs/cloudtrail.md b/packages/aws/docs/cloudtrail.md index 8a04a6d127f..f482e9994cc 100644 --- a/packages/aws/docs/cloudtrail.md +++ b/packages/aws/docs/cloudtrail.md @@ -63,7 +63,7 @@ events for the account. If user creates a trail, it delivers those events as log | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | diff --git a/packages/aws/docs/cloudwatch.md b/packages/aws/docs/cloudwatch.md index 6c3b055e878..5b5fd8cf46c 100644 --- a/packages/aws/docs/cloudwatch.md +++ b/packages/aws/docs/cloudwatch.md @@ -156,14 +156,14 @@ An example event for `cloudwatch` looks as following: | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | diff --git a/packages/aws/docs/ebs.md b/packages/aws/docs/ebs.md index f8f74442b8a..7f44721b6bb 100644 --- a/packages/aws/docs/ebs.md +++ b/packages/aws/docs/ebs.md @@ -98,7 +98,7 @@ An example event for `ebs` looks as following: | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | diff --git a/packages/aws/docs/ec2.md b/packages/aws/docs/ec2.md index e7294f30d05..a8e5fa034c0 100644 --- a/packages/aws/docs/ec2.md +++ b/packages/aws/docs/ec2.md @@ -303,14 +303,14 @@ An example event for `ec2` looks as following: | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | @@ -327,8 +327,8 @@ An example event for `ec2` looks as following: | host.containerized | If the host is a container. | boolean | | host.cpu.pct | Percent CPU used. This value is normalized by the number of CPU cores and it ranges from 0 to 1. | scaled_float | | host.cpu.usage | Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. Scaling factor: 1000. For example: For a two core host, this value should be the average of the two cores, between 0 and 1. | scaled_float | -| host.disk.read.bytes | The total number of bytes read successfully in a given period of time. | long | -| host.disk.write.bytes | The total number of bytes write successfully in a given period of time. | long | +| host.disk.read.bytes | The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. | long | +| host.disk.write.bytes | The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. | long | | host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | diff --git a/packages/aws/docs/firewall.md b/packages/aws/docs/firewall.md index 23b902c76f7..8a03728c369 100644 --- a/packages/aws/docs/firewall.md +++ b/packages/aws/docs/firewall.md @@ -169,7 +169,7 @@ An example event for `firewall` looks as following: | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | diff --git a/packages/aws/docs/natgateway.md b/packages/aws/docs/natgateway.md index 8eccefa4668..71ef691f226 100644 --- a/packages/aws/docs/natgateway.md +++ b/packages/aws/docs/natgateway.md @@ -126,7 +126,7 @@ An example event for `natgateway` looks as following: | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | diff --git a/packages/aws/docs/rds.md b/packages/aws/docs/rds.md index e9cb808a0a4..55042f6490c 100644 --- a/packages/aws/docs/rds.md +++ b/packages/aws/docs/rds.md @@ -283,7 +283,7 @@ An example event for `rds` looks as following: | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | diff --git a/packages/aws/docs/s3.md b/packages/aws/docs/s3.md index baebc1ecbb6..cdd056dfba9 100644 --- a/packages/aws/docs/s3.md +++ b/packages/aws/docs/s3.md @@ -313,7 +313,7 @@ An example event for `s3_daily_storage` looks as following: | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | diff --git a/packages/aws/docs/s3_storage_lens.md b/packages/aws/docs/s3_storage_lens.md index a1482d649c6..4f7bd9650af 100644 --- a/packages/aws/docs/s3_storage_lens.md +++ b/packages/aws/docs/s3_storage_lens.md @@ -187,14 +187,14 @@ An example event for `s3_storage_lens` looks as following: | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | diff --git a/packages/aws/docs/usage.md b/packages/aws/docs/usage.md index 863a54aeb40..003ebfd76ac 100644 --- a/packages/aws/docs/usage.md +++ b/packages/aws/docs/usage.md @@ -77,7 +77,7 @@ An example event for `usage` looks as following: | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | diff --git a/packages/aws/docs/vpn.md b/packages/aws/docs/vpn.md index 51dd1dd69f1..7f425eb8d94 100644 --- a/packages/aws/docs/vpn.md +++ b/packages/aws/docs/vpn.md @@ -83,7 +83,7 @@ An example event for `vpn` looks as following: | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index 58b344399c2..fba72061b55 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: aws title: AWS -version: 1.16.3 +version: 1.16.4 license: basic description: Collect logs and metrics from Amazon Web Services with Elastic Agent. type: integration diff --git a/packages/azure/changelog.yml b/packages/azure/changelog.yml index 6f0ba17429e..6fb4886f148 100644 --- a/packages/azure/changelog.yml +++ b/packages/azure/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.1.10" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.1.9" changes: - description: Improve handling of IPv6 IP addresses. diff --git a/packages/azure/data_stream/activitylogs/fields/agent.yml b/packages/azure/data_stream/activitylogs/fields/agent.yml index bca66ea4ae0..85704f4c1d4 100644 --- a/packages/azure/data_stream/activitylogs/fields/agent.yml +++ b/packages/azure/data_stream/activitylogs/fields/agent.yml @@ -33,8 +33,6 @@ external: ecs - name: host.id external: ecs -- name: host.ip - external: ecs - name: host.mac external: ecs - name: host.name diff --git a/packages/azure/data_stream/activitylogs/fields/ecs.yml b/packages/azure/data_stream/activitylogs/fields/ecs.yml index ec50849691a..a5a42922f65 100644 --- a/packages/azure/data_stream/activitylogs/fields/ecs.yml +++ b/packages/azure/data_stream/activitylogs/fields/ecs.yml @@ -108,7 +108,5 @@ external: ecs - name: user.id external: ecs -- name: user.name - external: ecs - name: tags external: ecs diff --git a/packages/azure/data_stream/auditlogs/fields/agent.yml b/packages/azure/data_stream/auditlogs/fields/agent.yml index bca66ea4ae0..85704f4c1d4 100644 --- a/packages/azure/data_stream/auditlogs/fields/agent.yml +++ b/packages/azure/data_stream/auditlogs/fields/agent.yml @@ -33,8 +33,6 @@ external: ecs - name: host.id external: ecs -- name: host.ip - external: ecs - name: host.mac external: ecs - name: host.name diff --git a/packages/azure/data_stream/auditlogs/fields/ecs.yml b/packages/azure/data_stream/auditlogs/fields/ecs.yml index e57ea63a5ea..b52fc0d77bc 100644 --- a/packages/azure/data_stream/auditlogs/fields/ecs.yml +++ b/packages/azure/data_stream/auditlogs/fields/ecs.yml @@ -94,7 +94,7 @@ external: ecs - name: source.ip external: ecs -- name: client.ip +- name: source.port external: ecs - name: user.full_name external: ecs @@ -104,7 +104,5 @@ external: ecs - name: user.id external: ecs -- name: user.name - external: ecs - name: tags external: ecs diff --git a/packages/azure/data_stream/auditlogs/fields/fields.yml b/packages/azure/data_stream/auditlogs/fields/fields.yml index 01ff78727da..2b7a11cc71e 100644 --- a/packages/azure/data_stream/auditlogs/fields/fields.yml +++ b/packages/azure/data_stream/auditlogs/fields/fields.yml @@ -148,7 +148,7 @@ ip Address - name: additional_details type: group - field: + fields: - name: user_agent type: keyword description: User agent name. diff --git a/packages/azure/data_stream/eventhub/fields/agent.yml b/packages/azure/data_stream/eventhub/fields/agent.yml index bef5d2f6429..f78c40ec1b0 100644 --- a/packages/azure/data_stream/eventhub/fields/agent.yml +++ b/packages/azure/data_stream/eventhub/fields/agent.yml @@ -33,8 +33,6 @@ external: ecs - name: host.id external: ecs -- name: host.ip - external: ecs - name: host.mac external: ecs - name: host.name diff --git a/packages/azure/data_stream/eventhub/fields/ecs.yml b/packages/azure/data_stream/eventhub/fields/ecs.yml index 58be539b413..cc5b94d7f8f 100644 --- a/packages/azure/data_stream/eventhub/fields/ecs.yml +++ b/packages/azure/data_stream/eventhub/fields/ecs.yml @@ -102,7 +102,5 @@ external: ecs - name: user.id external: ecs -- name: user.name - external: ecs - name: tags external: ecs diff --git a/packages/azure/data_stream/platformlogs/fields/agent.yml b/packages/azure/data_stream/platformlogs/fields/agent.yml index bca66ea4ae0..85704f4c1d4 100644 --- a/packages/azure/data_stream/platformlogs/fields/agent.yml +++ b/packages/azure/data_stream/platformlogs/fields/agent.yml @@ -33,8 +33,6 @@ external: ecs - name: host.id external: ecs -- name: host.ip - external: ecs - name: host.mac external: ecs - name: host.name diff --git a/packages/azure/data_stream/platformlogs/fields/ecs.yml b/packages/azure/data_stream/platformlogs/fields/ecs.yml index 0c09fd21a80..5fe138158eb 100644 --- a/packages/azure/data_stream/platformlogs/fields/ecs.yml +++ b/packages/azure/data_stream/platformlogs/fields/ecs.yml @@ -102,8 +102,6 @@ external: ecs - name: user.id external: ecs -- name: user.name - external: ecs - name: tags external: ecs - name: client.ip diff --git a/packages/azure/data_stream/signinlogs/fields/agent.yml b/packages/azure/data_stream/signinlogs/fields/agent.yml index bca66ea4ae0..85704f4c1d4 100644 --- a/packages/azure/data_stream/signinlogs/fields/agent.yml +++ b/packages/azure/data_stream/signinlogs/fields/agent.yml @@ -33,8 +33,6 @@ external: ecs - name: host.id external: ecs -- name: host.ip - external: ecs - name: host.mac external: ecs - name: host.name diff --git a/packages/azure/data_stream/signinlogs/fields/ecs.yml b/packages/azure/data_stream/signinlogs/fields/ecs.yml index 0dc61a920f7..d898b0e80ab 100644 --- a/packages/azure/data_stream/signinlogs/fields/ecs.yml +++ b/packages/azure/data_stream/signinlogs/fields/ecs.yml @@ -104,8 +104,6 @@ external: ecs - name: user.id external: ecs -- name: user.name - external: ecs - name: user_agent.device.name external: ecs - name: user_agent.name diff --git a/packages/azure/data_stream/springcloudlogs/fields/agent.yml b/packages/azure/data_stream/springcloudlogs/fields/agent.yml index bca66ea4ae0..85704f4c1d4 100644 --- a/packages/azure/data_stream/springcloudlogs/fields/agent.yml +++ b/packages/azure/data_stream/springcloudlogs/fields/agent.yml @@ -33,8 +33,6 @@ external: ecs - name: host.id external: ecs -- name: host.ip - external: ecs - name: host.mac external: ecs - name: host.name diff --git a/packages/azure/data_stream/springcloudlogs/fields/ecs.yml b/packages/azure/data_stream/springcloudlogs/fields/ecs.yml index 332af0ca978..00dddf82cf4 100644 --- a/packages/azure/data_stream/springcloudlogs/fields/ecs.yml +++ b/packages/azure/data_stream/springcloudlogs/fields/ecs.yml @@ -102,8 +102,6 @@ external: ecs - name: user.id external: ecs -- name: user.name - external: ecs - name: tags external: ecs - name: geo.name diff --git a/packages/azure/docs/adlogs.md b/packages/azure/docs/adlogs.md index 5fbb1afb6b9..717216427a4 100644 --- a/packages/azure/docs/adlogs.md +++ b/packages/azure/docs/adlogs.md @@ -131,6 +131,7 @@ An example event for `auditlogs` looks as following: | azure.auditlogs.operation_version | The operation version | keyword | | azure.auditlogs.properties.activity_datetime | Activity timestamp | date | | azure.auditlogs.properties.activity_display_name | Activity display name | keyword | +| azure.auditlogs.properties.additional_details.user_agent | User agent name. | keyword | | azure.auditlogs.properties.authentication_protocol | Authentication protocol type. | keyword | | azure.auditlogs.properties.category | category | keyword | | azure.auditlogs.properties.correlation_id | Correlation ID | keyword | @@ -250,6 +251,7 @@ An example event for `auditlogs` looks as following: | source.geo.region_iso_code | Region ISO code. | keyword | | source.geo.region_name | Region name. | keyword | | source.ip | IP address of the source (IPv4 or IPv6). | ip | +| source.port | Port of the source. | long | | tags | List of keywords used to tag each event. | keyword | | user.domain | Name of the directory the user is a member of. For example, an LDAP or Active Directory domain name. | keyword | | user.full_name | User's full name, if available. | keyword | diff --git a/packages/azure/manifest.yml b/packages/azure/manifest.yml index e937e7abbff..ac4e24d67fa 100644 --- a/packages/azure/manifest.yml +++ b/packages/azure/manifest.yml @@ -1,6 +1,6 @@ name: azure title: Azure Logs -version: 1.1.9 +version: 1.1.10 release: ga description: This Elastic integration collects logs from Azure type: integration diff --git a/packages/azure_application_insights/changelog.yml b/packages/azure_application_insights/changelog.yml index ded5823991e..e07c93136aa 100644 --- a/packages/azure_application_insights/changelog.yml +++ b/packages/azure_application_insights/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.0.3" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.2" changes: - description: Add documentation for multi-fields diff --git a/packages/azure_application_insights/data_stream/app_insights/fields/agent.yml b/packages/azure_application_insights/data_stream/app_insights/fields/agent.yml index da4e652c53b..2db0bb802e6 100644 --- a/packages/azure_application_insights/data_stream/app_insights/fields/agent.yml +++ b/packages/azure_application_insights/data_stream/app_insights/fields/agent.yml @@ -62,26 +62,11 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - name: labels level: extended type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/azure_application_insights/data_stream/app_state/fields/agent.yml b/packages/azure_application_insights/data_stream/app_state/fields/agent.yml index da4e652c53b..2db0bb802e6 100644 --- a/packages/azure_application_insights/data_stream/app_state/fields/agent.yml +++ b/packages/azure_application_insights/data_stream/app_state/fields/agent.yml @@ -62,26 +62,11 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - name: labels level: extended type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/azure_application_insights/manifest.yml b/packages/azure_application_insights/manifest.yml index ff1fd7c3a36..5daeb785ff3 100644 --- a/packages/azure_application_insights/manifest.yml +++ b/packages/azure_application_insights/manifest.yml @@ -1,6 +1,6 @@ name: azure_application_insights title: Azure Application Insights Metrics Overview -version: 1.0.2 +version: 1.0.3 release: ga description: Collect application insights metrics from Azure Monitor with Elastic Agent. type: integration diff --git a/packages/azure_billing/changelog.yml b/packages/azure_billing/changelog.yml index cc853429fcc..915122c570d 100644 --- a/packages/azure_billing/changelog.yml +++ b/packages/azure_billing/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.0.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.1" changes: - description: Remove beta release tag from data streams diff --git a/packages/azure_billing/data_stream/billing/fields/agent.yml b/packages/azure_billing/data_stream/billing/fields/agent.yml index da4e652c53b..2db0bb802e6 100644 --- a/packages/azure_billing/data_stream/billing/fields/agent.yml +++ b/packages/azure_billing/data_stream/billing/fields/agent.yml @@ -62,26 +62,11 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - name: labels level: extended type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/azure_billing/manifest.yml b/packages/azure_billing/manifest.yml index 84a725bf98c..5435b24ea37 100644 --- a/packages/azure_billing/manifest.yml +++ b/packages/azure_billing/manifest.yml @@ -1,6 +1,6 @@ name: azure_billing title: Azure Billing Metrics -version: 1.0.1 +version: 1.0.2 release: ga description: Collect billing metrics with Elastic Agent. type: integration diff --git a/packages/azure_metrics/changelog.yml b/packages/azure_metrics/changelog.yml index 2bdd3883d1f..c8ec225d80c 100644 --- a/packages/azure_metrics/changelog.yml +++ b/packages/azure_metrics/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.0.4" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.3" changes: - description: Add documentation for multi-fields diff --git a/packages/azure_metrics/data_stream/compute_vm/fields/agent.yml b/packages/azure_metrics/data_stream/compute_vm/fields/agent.yml index da4e652c53b..2db0bb802e6 100644 --- a/packages/azure_metrics/data_stream/compute_vm/fields/agent.yml +++ b/packages/azure_metrics/data_stream/compute_vm/fields/agent.yml @@ -62,26 +62,11 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - name: labels level: extended type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/azure_metrics/data_stream/compute_vm_scaleset/fields/agent.yml b/packages/azure_metrics/data_stream/compute_vm_scaleset/fields/agent.yml index da4e652c53b..2db0bb802e6 100644 --- a/packages/azure_metrics/data_stream/compute_vm_scaleset/fields/agent.yml +++ b/packages/azure_metrics/data_stream/compute_vm_scaleset/fields/agent.yml @@ -62,26 +62,11 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - name: labels level: extended type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/azure_metrics/data_stream/container_instance/fields/agent.yml b/packages/azure_metrics/data_stream/container_instance/fields/agent.yml index da4e652c53b..2db0bb802e6 100644 --- a/packages/azure_metrics/data_stream/container_instance/fields/agent.yml +++ b/packages/azure_metrics/data_stream/container_instance/fields/agent.yml @@ -62,26 +62,11 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - name: labels level: extended type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/azure_metrics/data_stream/container_registry/fields/agent.yml b/packages/azure_metrics/data_stream/container_registry/fields/agent.yml index da4e652c53b..2db0bb802e6 100644 --- a/packages/azure_metrics/data_stream/container_registry/fields/agent.yml +++ b/packages/azure_metrics/data_stream/container_registry/fields/agent.yml @@ -62,26 +62,11 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - name: labels level: extended type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/azure_metrics/data_stream/container_service/fields/agent.yml b/packages/azure_metrics/data_stream/container_service/fields/agent.yml index da4e652c53b..2db0bb802e6 100644 --- a/packages/azure_metrics/data_stream/container_service/fields/agent.yml +++ b/packages/azure_metrics/data_stream/container_service/fields/agent.yml @@ -62,26 +62,11 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - name: labels level: extended type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/azure_metrics/data_stream/database_account/fields/agent.yml b/packages/azure_metrics/data_stream/database_account/fields/agent.yml index da4e652c53b..2db0bb802e6 100644 --- a/packages/azure_metrics/data_stream/database_account/fields/agent.yml +++ b/packages/azure_metrics/data_stream/database_account/fields/agent.yml @@ -62,26 +62,11 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - name: labels level: extended type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/azure_metrics/data_stream/monitor/fields/agent.yml b/packages/azure_metrics/data_stream/monitor/fields/agent.yml index da4e652c53b..2db0bb802e6 100644 --- a/packages/azure_metrics/data_stream/monitor/fields/agent.yml +++ b/packages/azure_metrics/data_stream/monitor/fields/agent.yml @@ -62,26 +62,11 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - name: labels level: extended type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/azure_metrics/data_stream/monitor/fields/fields.yml b/packages/azure_metrics/data_stream/monitor/fields/fields.yml deleted file mode 100644 index 6ca122a221a..00000000000 --- a/packages/azure_metrics/data_stream/monitor/fields/fields.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: azure.monitor - type: group - description: > - monitor - diff --git a/packages/azure_metrics/data_stream/storage_account/fields/agent.yml b/packages/azure_metrics/data_stream/storage_account/fields/agent.yml index da4e652c53b..2db0bb802e6 100644 --- a/packages/azure_metrics/data_stream/storage_account/fields/agent.yml +++ b/packages/azure_metrics/data_stream/storage_account/fields/agent.yml @@ -62,26 +62,11 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - name: labels level: extended type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/azure_metrics/manifest.yml b/packages/azure_metrics/manifest.yml index 479d11dda6b..9dae186f643 100644 --- a/packages/azure_metrics/manifest.yml +++ b/packages/azure_metrics/manifest.yml @@ -1,6 +1,6 @@ name: azure_metrics title: Azure Resource Metrics -version: 1.0.3 +version: 1.0.4 release: ga description: Collect metrics from Azure resources with Elastic Agent. type: integration diff --git a/packages/barracuda/changelog.yml b/packages/barracuda/changelog.yml index 108d12d02cd..3a299c7b912 100644 --- a/packages/barracuda/changelog.yml +++ b/packages/barracuda/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.9.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/barracuda/data_stream/spamfirewall/fields/base-fields.yml b/packages/barracuda/data_stream/spamfirewall/fields/base-fields.yml index ba1aef8ef59..2e783256e84 100644 --- a/packages/barracuda/data_stream/spamfirewall/fields/base-fields.yml +++ b/packages/barracuda/data_stream/spamfirewall/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: barracuda.spamfirewall -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/barracuda/data_stream/waf/fields/base-fields.yml b/packages/barracuda/data_stream/waf/fields/base-fields.yml index 10f3201694a..d0d9b118b1d 100644 --- a/packages/barracuda/data_stream/waf/fields/base-fields.yml +++ b/packages/barracuda/data_stream/waf/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: barracuda.waf -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/barracuda/manifest.yml b/packages/barracuda/manifest.yml index cd02944de3d..49eb5e81534 100644 --- a/packages/barracuda/manifest.yml +++ b/packages/barracuda/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: barracuda title: Barracuda Logs -version: 0.9.0 +version: 0.9.1 description: Collect spam and web application firewall logs from Barracuda devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/bluecoat/changelog.yml b/packages/bluecoat/changelog.yml index 5cffd4686b9..58165b1aeec 100644 --- a/packages/bluecoat/changelog.yml +++ b/packages/bluecoat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/bluecoat/data_stream/director/fields/base-fields.yml b/packages/bluecoat/data_stream/director/fields/base-fields.yml index 6a87280d3db..36c3bb3f0ed 100644 --- a/packages/bluecoat/data_stream/director/fields/base-fields.yml +++ b/packages/bluecoat/data_stream/director/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: bluecoat.director -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/bluecoat/manifest.yml b/packages/bluecoat/manifest.yml index 0b4d290b782..3b7e6f7d92d 100644 --- a/packages/bluecoat/manifest.yml +++ b/packages/bluecoat/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: bluecoat title: Blue Coat Director Logs -version: 0.8.0 +version: 0.8.1 description: Collect director logs from Blue Coat devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/carbon_black_cloud/changelog.yml b/packages/carbon_black_cloud/changelog.yml index 50baa53bb7d..d0055bc351d 100644 --- a/packages/carbon_black_cloud/changelog.yml +++ b/packages/carbon_black_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.3" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.2" changes: - description: Fix dashboard issues. diff --git a/packages/carbon_black_cloud/data_stream/alert/fields/agent.yml b/packages/carbon_black_cloud/data_stream/alert/fields/agent.yml index e313ec82874..bf2dfff6756 100644 --- a/packages/carbon_black_cloud/data_stream/alert/fields/agent.yml +++ b/packages/carbon_black_cloud/data_stream/alert/fields/agent.yml @@ -105,38 +105,11 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword @@ -166,12 +139,6 @@ ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - name: type level: core type: keyword diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/fields/agent.yml b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/fields/agent.yml index e313ec82874..c761dfb768a 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/fields/agent.yml +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/fields/agent.yml @@ -105,22 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - name: ip level: core type: ip @@ -130,13 +114,6 @@ type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword @@ -149,29 +126,12 @@ ignore_above: 1024 description: Operating system kernel version as a raw string. example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - name: os.platform level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - name: type level: core type: keyword diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/fields/agent.yml b/packages/carbon_black_cloud/data_stream/endpoint_event/fields/agent.yml index e313ec82874..643c71067ef 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/fields/agent.yml +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/fields/agent.yml @@ -105,61 +105,17 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - name: os.kernel level: extended type: keyword ignore_above: 1024 description: Operating system kernel version as a raw string. example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - name: os.platform level: extended type: keyword diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/fields/agent.yml b/packages/carbon_black_cloud/data_stream/watchlist_hit/fields/agent.yml index e313ec82874..1ff9745963f 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/fields/agent.yml +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/fields/agent.yml @@ -105,38 +105,11 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/fields/fields.yml b/packages/carbon_black_cloud/data_stream/watchlist_hit/fields/fields.yml index 25cb25005ea..6fb882ce295 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/fields/fields.yml +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/fields/fields.yml @@ -53,6 +53,13 @@ - name: publisher type: group description: signature entry for the process as reported by the endpoint. + fields: + - name: name + type: keyword + description: The name of the publisher. + - name: state + type: keyword + description: The state of the publisher. - name: reputation type: keyword description: Reputation of the actor process; applied when event is processed by the Carbon Black Cloud i.e. after sensor delivers event to the cloud. diff --git a/packages/carbon_black_cloud/docs/README.md b/packages/carbon_black_cloud/docs/README.md index b07163713d4..d0d387f0cd9 100644 --- a/packages/carbon_black_cloud/docs/README.md +++ b/packages/carbon_black_cloud/docs/README.md @@ -632,7 +632,7 @@ An example event for `endpoint_event` looks as following: | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | text | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | @@ -823,6 +823,8 @@ An example event for `watchlist_hit` looks as following: | carbon_black_cloud.watchlist_hit.process.parent.publisher.state | The state of the publisher. | keyword | | carbon_black_cloud.watchlist_hit.process.parent.reputation | Reputation of the actor process; applied when event is processed by the Carbon Black Cloud i.e. after sensor delivers event to the cloud. | keyword | | carbon_black_cloud.watchlist_hit.process.parent.username | The username associated with the user context that this process was started under. | keyword | +| carbon_black_cloud.watchlist_hit.process.publisher.name | The name of the publisher. | keyword | +| carbon_black_cloud.watchlist_hit.process.publisher.state | The state of the publisher. | keyword | | carbon_black_cloud.watchlist_hit.process.reputation | Reputation of the actor process; applied when event is processed by the Carbon Black Cloud i.e. after sensor delivers event to the cloud. | keyword | | carbon_black_cloud.watchlist_hit.process.username | The username associated with the user context that this process was started under. | keyword | | carbon_black_cloud.watchlist_hit.report.id | ID of the watchlist report(s) that detected a hit on the process. | keyword | @@ -1029,7 +1031,7 @@ An example event for `asset_vulnerability_summary` looks as following: | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | text | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, windows. If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | | host.os.version | Operating system version as a raw string. | keyword | diff --git a/packages/carbon_black_cloud/manifest.yml b/packages/carbon_black_cloud/manifest.yml index a8ab1f00f15..d37f10abcf3 100644 --- a/packages/carbon_black_cloud/manifest.yml +++ b/packages/carbon_black_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: carbon_black_cloud title: VMware Carbon Black Cloud -version: 1.0.2 +version: 1.0.3 license: basic description: Collect logs from VMWare Carbon Black Cloud with Elastic Agent. type: integration diff --git a/packages/carbonblack_edr/changelog.yml b/packages/carbonblack_edr/changelog.yml index dd47def024a..55f27f1f07d 100644 --- a/packages/carbonblack_edr/changelog.yml +++ b/packages/carbonblack_edr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/carbonblack_edr/data_stream/log/fields/agent.yml b/packages/carbonblack_edr/data_stream/log/fields/agent.yml index 4d9a6f7b362..8d787b7c8dc 100644 --- a/packages/carbonblack_edr/data_stream/log/fields/agent.yml +++ b/packages/carbonblack_edr/data_stream/log/fields/agent.yml @@ -46,13 +46,6 @@ type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword @@ -65,17 +58,6 @@ ignore_above: 1024 description: Operating system kernel version as a raw string. example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - name: os.platform level: extended type: keyword diff --git a/packages/carbonblack_edr/manifest.yml b/packages/carbonblack_edr/manifest.yml index 07261a6ae97..6909bdaf206 100644 --- a/packages/carbonblack_edr/manifest.yml +++ b/packages/carbonblack_edr/manifest.yml @@ -1,6 +1,6 @@ name: carbonblack_edr title: VMware Carbon Black EDR -version: 1.2.0 +version: 1.2.1 release: ga description: Collect logs from VMware Carbon Black EDR with Elastic Agent. type: integration diff --git a/packages/cassandra/changelog.yml b/packages/cassandra/changelog.yml index 439f7d6a778..bd7c3dd6bc9 100644 --- a/packages/cassandra/changelog.yml +++ b/packages/cassandra/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.2.3" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.2.2" changes: - description: Fix typo in config template for ignoring host enrichment diff --git a/packages/cassandra/data_stream/metrics/fields/ecs.yml b/packages/cassandra/data_stream/metrics/fields/ecs.yml index ada632fe019..64eca720df2 100644 --- a/packages/cassandra/data_stream/metrics/fields/ecs.yml +++ b/packages/cassandra/data_stream/metrics/fields/ecs.yml @@ -86,22 +86,14 @@ name: user.name - external: ecs name: user_agent.device.name -- external: ecs - name: user_agent.device.name -- external: ecs - name: user_agent.name - external: ecs name: user_agent.name - external: ecs name: user_agent.original -- external: ecs - name: user_agent.original - external: ecs name: user_agent.os.full - external: ecs name: user_agent.os.name -- external: ecs - name: user_agent.os.name - external: ecs name: user_agent.os.version - external: ecs diff --git a/packages/cassandra/data_stream/metrics/fields/fields.yml b/packages/cassandra/data_stream/metrics/fields/fields.yml index 9deb596f458..5058d2ab128 100644 --- a/packages/cassandra/data_stream/metrics/fields/fields.yml +++ b/packages/cassandra/data_stream/metrics/fields/fields.yml @@ -283,16 +283,6 @@ type: long - name: active type: long - - name: request_response_stage - type: group - fields: - - name: request - type: group - fields: - - name: pending - type: long - - name: active - type: long - name: read_stage type: group fields: diff --git a/packages/cassandra/manifest.yml b/packages/cassandra/manifest.yml index c0b35b54ea1..6968de8a4df 100644 --- a/packages/cassandra/manifest.yml +++ b/packages/cassandra/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cassandra title: "Cassandra" -version: 1.2.2 +version: 1.2.3 license: basic description: "This Elastic integration collects logs and metrics from cassandra." type: integration diff --git a/packages/checkpoint/changelog.yml b/packages/checkpoint/changelog.yml index 9354e1e7e09..aa1350eea0e 100644 --- a/packages/checkpoint/changelog.yml +++ b/packages/checkpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.5.0" changes: - description: Add TLS and custom options support to TCP input. diff --git a/packages/checkpoint/data_stream/firewall/fields/agent.yml b/packages/checkpoint/data_stream/firewall/fields/agent.yml index 79a7a39864b..915a21e22ae 100644 --- a/packages/checkpoint/data_stream/firewall/fields/agent.yml +++ b/packages/checkpoint/data_stream/firewall/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -116,11 +111,6 @@ type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family level: extended type: keyword @@ -133,29 +123,12 @@ ignore_above: 1024 description: Operating system kernel version as a raw string. example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - name: os.platform level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - name: type level: core type: keyword diff --git a/packages/checkpoint/docs/README.md b/packages/checkpoint/docs/README.md index fc596238769..a0b057cdb9f 100644 --- a/packages/checkpoint/docs/README.md +++ b/packages/checkpoint/docs/README.md @@ -592,7 +592,7 @@ An example event for `firewall` looks as following: | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | text | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | diff --git a/packages/checkpoint/manifest.yml b/packages/checkpoint/manifest.yml index 2605e5ca2e1..daf6421a14e 100644 --- a/packages/checkpoint/manifest.yml +++ b/packages/checkpoint/manifest.yml @@ -1,6 +1,6 @@ name: checkpoint title: Check Point -version: 1.5.0 +version: 1.5.1 release: ga description: Collect logs from Check Point with Elastic Agent. type: integration diff --git a/packages/cisco/changelog.yml b/packages/cisco/changelog.yml index 25aa36491a9..bda17ade9ee 100644 --- a/packages/cisco/changelog.yml +++ b/packages/cisco/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.13.3" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.13.2" changes: - description: Make fields agree with ECS diff --git a/packages/cisco/data_stream/asa/fields/base-fields.yml b/packages/cisco/data_stream/asa/fields/base-fields.yml index 4d6bf1902fe..6036c4f4d9f 100644 --- a/packages/cisco/data_stream/asa/fields/base-fields.yml +++ b/packages/cisco/data_stream/asa/fields/base-fields.yml @@ -15,6 +15,3 @@ type: constant_keyword description: Event dataset value: cisco.asa -- name: '@timestamp' - type: date - description: Event timestamp. diff --git a/packages/cisco/data_stream/asa/fields/ecs.yml b/packages/cisco/data_stream/asa/fields/ecs.yml index 26c8e662c42..ee8b04ed51f 100644 --- a/packages/cisco/data_stream/asa/fields/ecs.yml +++ b/packages/cisco/data_stream/asa/fields/ecs.yml @@ -48,8 +48,6 @@ name: event.code - external: ecs name: event.created -- external: ecs - name: event.created - external: ecs name: event.duration - external: ecs @@ -200,8 +198,6 @@ name: user.email - external: ecs name: user.name -- external: ecs - name: server.domain - external: ecs name: server.address - external: ecs diff --git a/packages/cisco/data_stream/ftd/fields/base-fields.yml b/packages/cisco/data_stream/ftd/fields/base-fields.yml index 919ded43d4a..0adbb933598 100644 --- a/packages/cisco/data_stream/ftd/fields/base-fields.yml +++ b/packages/cisco/data_stream/ftd/fields/base-fields.yml @@ -15,6 +15,3 @@ type: constant_keyword description: Event dataset value: cisco.ftd -- name: '@timestamp' - type: date - description: Event timestamp. diff --git a/packages/cisco/data_stream/ftd/fields/ecs.yml b/packages/cisco/data_stream/ftd/fields/ecs.yml index 1e4950c9bfe..f611e8ee32a 100644 --- a/packages/cisco/data_stream/ftd/fields/ecs.yml +++ b/packages/cisco/data_stream/ftd/fields/ecs.yml @@ -56,8 +56,6 @@ name: event.code - external: ecs name: event.created -- external: ecs - name: event.created - external: ecs name: event.duration - external: ecs @@ -230,8 +228,6 @@ name: user.name - external: ecs name: user_agent.original -- external: ecs - name: server.domain - external: ecs name: server.address - external: ecs diff --git a/packages/cisco/data_stream/ios/fields/base-fields.yml b/packages/cisco/data_stream/ios/fields/base-fields.yml index 00107880f51..5c2bd7ccbda 100644 --- a/packages/cisco/data_stream/ios/fields/base-fields.yml +++ b/packages/cisco/data_stream/ios/fields/base-fields.yml @@ -15,6 +15,3 @@ type: constant_keyword description: Event dataset value: cisco.ios -- name: '@timestamp' - type: date - description: Event timestamp. diff --git a/packages/cisco/data_stream/ios/fields/ecs.yml b/packages/cisco/data_stream/ios/fields/ecs.yml index f1b640bd5ec..7f5efc110d4 100644 --- a/packages/cisco/data_stream/ios/fields/ecs.yml +++ b/packages/cisco/data_stream/ios/fields/ecs.yml @@ -36,8 +36,6 @@ name: event.code - external: ecs name: event.created -- external: ecs - name: event.created - external: ecs name: event.duration - external: ecs @@ -88,8 +86,6 @@ name: source.port - external: ecs name: source.user.name -- external: ecs - name: source.address - external: ecs name: source.as.number - external: ecs diff --git a/packages/cisco/data_stream/meraki/fields/agent.yml b/packages/cisco/data_stream/meraki/fields/agent.yml index da4e652c53b..38bb8dcec56 100644 --- a/packages/cisco/data_stream/meraki/fields/agent.yml +++ b/packages/cisco/data_stream/meraki/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +114,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/cisco/data_stream/meraki/fields/base-fields.yml b/packages/cisco/data_stream/meraki/fields/base-fields.yml index 774b6eba7f9..e32ab63a97b 100644 --- a/packages/cisco/data_stream/meraki/fields/base-fields.yml +++ b/packages/cisco/data_stream/meraki/fields/base-fields.yml @@ -7,9 +7,6 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. -- name: '@timestamp' - type: date - description: Event timestamp. - name: event.module type: constant_keyword description: Event module @@ -18,10 +15,6 @@ type: constant_keyword description: Event dataset value: cisco.meraki -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword - name: input.type description: Type of Filebeat input. type: keyword @@ -39,8 +32,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/cisco/data_stream/nexus/fields/agent.yml b/packages/cisco/data_stream/nexus/fields/agent.yml index da4e652c53b..38bb8dcec56 100644 --- a/packages/cisco/data_stream/nexus/fields/agent.yml +++ b/packages/cisco/data_stream/nexus/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +114,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/cisco/data_stream/nexus/fields/base-fields.yml b/packages/cisco/data_stream/nexus/fields/base-fields.yml index b676b8221c0..4f3c8eaa3e0 100644 --- a/packages/cisco/data_stream/nexus/fields/base-fields.yml +++ b/packages/cisco/data_stream/nexus/fields/base-fields.yml @@ -15,13 +15,6 @@ type: constant_keyword description: Event dataset value: cisco.nexus -- name: '@timestamp' - type: date - description: Event timestamp. -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword - name: input.type description: Type of Filebeat input. type: keyword @@ -39,8 +32,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/cisco/docs/README.md b/packages/cisco/docs/README.md index 7eca6d6e14b..750e050d29e 100644 --- a/packages/cisco/docs/README.md +++ b/packages/cisco/docs/README.md @@ -134,7 +134,7 @@ An example event for `asa` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | cisco.asa.assigned_ip | The IP address assigned to a VPN client successfully connecting | ip | | cisco.asa.burst.avg_rate | The current average burst rate seen | keyword | | cisco.asa.burst.configured_avg_rate | The current configured average burst rate allowed | keyword | @@ -502,7 +502,7 @@ An example event for `ftd` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | cisco.ftd.assigned_ip | The IP address assigned to a VPN client successfully connecting | ip | | cisco.ftd.burst.avg_rate | The current average burst rate seen | keyword | | cisco.ftd.burst.configured_avg_rate | The current configured average burst rate allowed | keyword | @@ -806,7 +806,7 @@ An example event for `ios` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | cisco.ios.access_list | Name of the IP access list. | keyword | | cisco.ios.action | Action taken by the device | keyword | | cisco.ios.facility | The facility to which the message refers (for example, SNMP, SYS, and so forth). A facility can be a hardware device, a protocol, or a module of the system software. It denotes the source or the cause of the system message. | keyword | @@ -1930,7 +1930,7 @@ An example event for `meraki` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | client.domain | The domain name of the client system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | client.registered_domain | The highest registered client domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". | keyword | | client.subdomain | The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. | keyword | diff --git a/packages/cisco/manifest.yml b/packages/cisco/manifest.yml index 97ab3fcce30..2b4ec970c68 100644 --- a/packages/cisco/manifest.yml +++ b/packages/cisco/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco title: Cisco -version: 0.13.2 +version: 0.13.3 license: basic description: Deprecated. Use a specific Cisco package instead. type: integration diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index f2836b68e1a..57d373a3900 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "2.4.1" changes: - description: Ensure invalid event.outcome does not get recorded in event diff --git a/packages/cisco_asa/data_stream/log/fields/base-fields.yml b/packages/cisco_asa/data_stream/log/fields/base-fields.yml index efbed64fadb..4a5f0534389 100644 --- a/packages/cisco_asa/data_stream/log/fields/base-fields.yml +++ b/packages/cisco_asa/data_stream/log/fields/base-fields.yml @@ -15,6 +15,3 @@ type: constant_keyword description: Event dataset value: cisco_asa.log -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/cisco_asa/data_stream/log/fields/ecs.yml b/packages/cisco_asa/data_stream/log/fields/ecs.yml index 71143f2c0c2..6779904532a 100644 --- a/packages/cisco_asa/data_stream/log/fields/ecs.yml +++ b/packages/cisco_asa/data_stream/log/fields/ecs.yml @@ -50,8 +50,6 @@ name: event.code - external: ecs name: event.created -- external: ecs - name: event.created - external: ecs name: event.duration - external: ecs @@ -208,8 +206,6 @@ name: user.email - external: ecs name: user.name -- external: ecs - name: server.domain - external: ecs name: server.address - external: ecs diff --git a/packages/cisco_asa/docs/README.md b/packages/cisco_asa/docs/README.md index f46ca4ceb73..f37ac16ea80 100644 --- a/packages/cisco_asa/docs/README.md +++ b/packages/cisco_asa/docs/README.md @@ -127,7 +127,7 @@ An example event for `log` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | cisco.asa.assigned_ip | The IP address assigned to a VPN client successfully connecting | ip | | cisco.asa.burst.avg_rate | The current average burst rate seen | keyword | | cisco.asa.burst.configured_avg_rate | The current configured average burst rate allowed | keyword | diff --git a/packages/cisco_asa/manifest.yml b/packages/cisco_asa/manifest.yml index 00ed0442888..f0cc6e7c4f7 100644 --- a/packages/cisco_asa/manifest.yml +++ b/packages/cisco_asa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_asa title: Cisco ASA -version: 2.4.1 +version: 2.4.2 license: basic description: Collect logs from Cisco ASA with Elastic Agent. type: integration diff --git a/packages/cisco_ftd/changelog.yml b/packages/cisco_ftd/changelog.yml index 25bb324a63c..3432d53544a 100644 --- a/packages/cisco_ftd/changelog.yml +++ b/packages/cisco_ftd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "2.2.1" changes: - description: Remove invalid values from ECS fields diff --git a/packages/cisco_ftd/data_stream/log/fields/base-fields.yml b/packages/cisco_ftd/data_stream/log/fields/base-fields.yml index e02b7e2a255..c867421badf 100644 --- a/packages/cisco_ftd/data_stream/log/fields/base-fields.yml +++ b/packages/cisco_ftd/data_stream/log/fields/base-fields.yml @@ -15,6 +15,3 @@ type: constant_keyword description: Event dataset value: cisco_ftd.log -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/cisco_ftd/data_stream/log/fields/ecs.yml b/packages/cisco_ftd/data_stream/log/fields/ecs.yml index 63bbe0f7fa4..23cf593c2ea 100644 --- a/packages/cisco_ftd/data_stream/log/fields/ecs.yml +++ b/packages/cisco_ftd/data_stream/log/fields/ecs.yml @@ -58,8 +58,6 @@ name: event.code - external: ecs name: event.created -- external: ecs - name: event.created - external: ecs name: event.duration - external: ecs @@ -238,8 +236,6 @@ name: user.name - external: ecs name: user_agent.original -- external: ecs - name: server.domain - external: ecs name: server.address - external: ecs diff --git a/packages/cisco_ftd/manifest.yml b/packages/cisco_ftd/manifest.yml index 271de485edf..4cef366ed14 100644 --- a/packages/cisco_ftd/manifest.yml +++ b/packages/cisco_ftd/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ftd title: Cisco FTD -version: 2.2.1 +version: 2.2.2 license: basic description: Collect logs from Cisco FTD with Elastic Agent. type: integration diff --git a/packages/cisco_ios/changelog.yml b/packages/cisco_ios/changelog.yml index 528ef49b314..8376695c9db 100644 --- a/packages/cisco_ios/changelog.yml +++ b/packages/cisco_ios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.6.0" changes: - description: Add TLS system test diff --git a/packages/cisco_ios/data_stream/log/fields/base-fields.yml b/packages/cisco_ios/data_stream/log/fields/base-fields.yml index 30f3b7cd066..2af9255d83b 100644 --- a/packages/cisco_ios/data_stream/log/fields/base-fields.yml +++ b/packages/cisco_ios/data_stream/log/fields/base-fields.yml @@ -15,6 +15,3 @@ type: constant_keyword description: Event dataset value: cisco_ios.log -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/cisco_ios/data_stream/log/fields/ecs.yml b/packages/cisco_ios/data_stream/log/fields/ecs.yml index aa2cf73fd85..903e7852795 100644 --- a/packages/cisco_ios/data_stream/log/fields/ecs.yml +++ b/packages/cisco_ios/data_stream/log/fields/ecs.yml @@ -36,8 +36,6 @@ name: event.code - external: ecs name: event.created -- external: ecs - name: event.created - external: ecs name: event.duration - external: ecs diff --git a/packages/cisco_ios/docs/README.md b/packages/cisco_ios/docs/README.md index 865021f3756..b07b3c65ef3 100644 --- a/packages/cisco_ios/docs/README.md +++ b/packages/cisco_ios/docs/README.md @@ -95,7 +95,7 @@ An example event for `log` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | cisco.ios.access_list | Name of the IP access list. | keyword | | cisco.ios.action | Action taken by the device | keyword | | cisco.ios.facility | The facility to which the message refers (for example, SNMP, SYS, and so forth). A facility can be a hardware device, a protocol, or a module of the system software. It denotes the source or the cause of the system message. | keyword | diff --git a/packages/cisco_ios/manifest.yml b/packages/cisco_ios/manifest.yml index 66155027bbb..20c42c5b2ef 100644 --- a/packages/cisco_ios/manifest.yml +++ b/packages/cisco_ios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ios title: Cisco IOS -version: 1.6.0 +version: 1.6.1 license: basic description: Collect logs from Cisco IOS with Elastic Agent. type: integration diff --git a/packages/cisco_ise/changelog.yml b/packages/cisco_ise/changelog.yml index f5b286a4da3..77151e46353 100644 --- a/packages/cisco_ise/changelog.yml +++ b/packages/cisco_ise/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.1.0" changes: - description: Initial draft of the package diff --git a/packages/cisco_ise/data_stream/log/fields/agent.yml b/packages/cisco_ise/data_stream/log/fields/agent.yml index 6e1bac042bc..98d2f9f38d5 100644 --- a/packages/cisco_ise/data_stream/log/fields/agent.yml +++ b/packages/cisco_ise/data_stream/log/fields/agent.yml @@ -97,20 +97,11 @@ description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword ignore_above: 1024 description: 'Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/cisco_ise/data_stream/log/fields/fields.yml b/packages/cisco_ise/data_stream/log/fields/fields.yml index 2426988f9f0..d88771e9dc2 100644 --- a/packages/cisco_ise/data_stream/log/fields/fields.yml +++ b/packages/cisco_ise/data_stream/log/fields/fields.yml @@ -739,8 +739,6 @@ type: keyword - name: step_latency type: keyword - - name: state - type: keyword - name: status type: keyword - name: sysstats diff --git a/packages/cisco_ise/manifest.yml b/packages/cisco_ise/manifest.yml index 17b83743aae..5de2928366e 100644 --- a/packages/cisco_ise/manifest.yml +++ b/packages/cisco_ise/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ise title: Cisco ISE -version: 0.1.0 +version: 0.1.1 license: basic description: Collect logs from Cisco ISE with Elastic Agent. type: integration diff --git a/packages/cisco_meraki/changelog.yml b/packages/cisco_meraki/changelog.yml index cf4226f784a..b0041b463d3 100644 --- a/packages/cisco_meraki/changelog.yml +++ b/packages/cisco_meraki/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on topA +- version: "0.5.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.5.0" changes: - description: Replace RSA2ELK with Syslog and Webhook integration diff --git a/packages/cisco_meraki/data_stream/events/fields/agent.yml b/packages/cisco_meraki/data_stream/events/fields/agent.yml index 162c9f3aa38..90bd07fa045 100644 --- a/packages/cisco_meraki/data_stream/events/fields/agent.yml +++ b/packages/cisco_meraki/data_stream/events/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +114,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/cisco_meraki/data_stream/events/fields/base-fields.yml b/packages/cisco_meraki/data_stream/events/fields/base-fields.yml index ebba8d4244b..71da0e30206 100644 --- a/packages/cisco_meraki/data_stream/events/fields/base-fields.yml +++ b/packages/cisco_meraki/data_stream/events/fields/base-fields.yml @@ -7,9 +7,6 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. - name: event.module type: constant_keyword description: Event module @@ -18,15 +15,3 @@ type: constant_keyword description: Event dataset value: cisco_meraki.events -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword -- name: input.type - description: Type of Filebeat input. - type: keyword -- name: log.file.path - description: Full path to the log file this event came from. - example: /var/log/fun-times.log - ignore_above: 1024 - type: keyword diff --git a/packages/cisco_meraki/data_stream/events/fields/ecs.yml b/packages/cisco_meraki/data_stream/events/fields/ecs.yml index 1689c91fbc3..0ad0ce22490 100644 --- a/packages/cisco_meraki/data_stream/events/fields/ecs.yml +++ b/packages/cisco_meraki/data_stream/events/fields/ecs.yml @@ -280,10 +280,6 @@ name: threat.indicator.file.name - external: ecs name: threat.indicator.file.hash.sha256 -- external: ecs - name: network.direction -- external: ecs - name: network.protocol - external: ecs name: client.geo.city_name - external: ecs diff --git a/packages/cisco_meraki/data_stream/log/fields/agent.yml b/packages/cisco_meraki/data_stream/log/fields/agent.yml index 162c9f3aa38..90bd07fa045 100644 --- a/packages/cisco_meraki/data_stream/log/fields/agent.yml +++ b/packages/cisco_meraki/data_stream/log/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +114,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/cisco_meraki/data_stream/log/fields/base-fields.yml b/packages/cisco_meraki/data_stream/log/fields/base-fields.yml index 7691cacc73e..57cd7d544ae 100644 --- a/packages/cisco_meraki/data_stream/log/fields/base-fields.yml +++ b/packages/cisco_meraki/data_stream/log/fields/base-fields.yml @@ -7,9 +7,6 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. - name: event.module type: constant_keyword description: Event module @@ -18,10 +15,3 @@ type: constant_keyword description: Event dataset value: cisco_meraki.log -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword -- name: input.type - description: Type of Filebeat input. - type: keyword diff --git a/packages/cisco_meraki/data_stream/log/fields/ecs.yml b/packages/cisco_meraki/data_stream/log/fields/ecs.yml index d0f1e65d677..81eccba0695 100644 --- a/packages/cisco_meraki/data_stream/log/fields/ecs.yml +++ b/packages/cisco_meraki/data_stream/log/fields/ecs.yml @@ -280,10 +280,6 @@ name: threat.indicator.file.name - external: ecs name: threat.indicator.file.hash.sha256 -- external: ecs - name: network.direction -- external: ecs - name: network.protocol - external: ecs name: client.geo.city_name - external: ecs diff --git a/packages/cisco_meraki/docs/README.md b/packages/cisco_meraki/docs/README.md index baea4f77535..4e5897bfe75 100644 --- a/packages/cisco_meraki/docs/README.md +++ b/packages/cisco_meraki/docs/README.md @@ -57,7 +57,7 @@ The `cisco_meraki.log` dataset provides events from the configured syslog server | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | cisco_meraki.8021x_auth | | flattened | | cisco_meraki.8021x_deauth | | flattened | | cisco_meraki.8021x_eap_failure | | flattened | @@ -190,7 +190,7 @@ The `cisco_meraki.log` dataset provides events from the configured syslog server | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | http.request.referrer | Referrer for this HTTP request. | keyword | -| input.type | Type of Filebeat input. | keyword | +| input.type | Input type. | keyword | | log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword | | log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | | log.offset | Offset of the entry in the log file. | long | @@ -387,7 +387,7 @@ An example event for `log` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | cisco_meraki.event.alertData | Additional alert data (differs based on alert type) | flattened | | cisco_meraki.event.alertId | ID for this alert message | keyword | | cisco_meraki.event.alertLevel | Alert level (informational, critical etc.) | keyword | @@ -512,7 +512,7 @@ An example event for `log` looks as following: | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | http.request.referrer | Referrer for this HTTP request. | keyword | -| input.type | Type of Filebeat input. | keyword | +| input.type | Input type. | keyword | | log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword | | log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | | log.offset | Offset of the entry in the log file. | long | diff --git a/packages/cisco_meraki/manifest.yml b/packages/cisco_meraki/manifest.yml index 82b34c4a6e3..219b1ca60b2 100644 --- a/packages/cisco_meraki/manifest.yml +++ b/packages/cisco_meraki/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_meraki title: Cisco Meraki Integration -version: 0.5.0 +version: 0.5.1 license: basic description: Collect events from Cisco Meraki. type: integration diff --git a/packages/cisco_nexus/changelog.yml b/packages/cisco_nexus/changelog.yml index 8f64cd4c1e7..5cc762751c2 100644 --- a/packages/cisco_nexus/changelog.yml +++ b/packages/cisco_nexus/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.5.1" changes: - description: Updated readme file diff --git a/packages/cisco_nexus/data_stream/log/fields/agent.yml b/packages/cisco_nexus/data_stream/log/fields/agent.yml index da4e652c53b..38bb8dcec56 100644 --- a/packages/cisco_nexus/data_stream/log/fields/agent.yml +++ b/packages/cisco_nexus/data_stream/log/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +114,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/cisco_nexus/data_stream/log/fields/base-fields.yml b/packages/cisco_nexus/data_stream/log/fields/base-fields.yml index 40f5ce6158c..2edfc68eac0 100644 --- a/packages/cisco_nexus/data_stream/log/fields/base-fields.yml +++ b/packages/cisco_nexus/data_stream/log/fields/base-fields.yml @@ -15,13 +15,6 @@ type: constant_keyword description: Event dataset value: cisco_nexus.log -- name: "@timestamp" - type: date - description: Event timestamp. -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword - name: input.type description: Type of Filebeat input. type: keyword @@ -39,8 +32,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/cisco_nexus/manifest.yml b/packages/cisco_nexus/manifest.yml index 07ba21375a0..c0c96597935 100644 --- a/packages/cisco_nexus/manifest.yml +++ b/packages/cisco_nexus/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_nexus title: Cisco Nexus -version: 0.5.1 +version: 0.5.2 license: basic description: Collect logs from Cisco Nexus with Elastic Agent. type: integration diff --git a/packages/cisco_secure_email_gateway/changelog.yml b/packages/cisco_secure_email_gateway/changelog.yml index 2647aa64d82..d715da18129 100644 --- a/packages/cisco_secure_email_gateway/changelog.yml +++ b/packages/cisco_secure_email_gateway/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.1.0" changes: - description: Initial draft of the package diff --git a/packages/cisco_secure_email_gateway/data_stream/log/fields/fields.yml b/packages/cisco_secure_email_gateway/data_stream/log/fields/fields.yml index 0b6fbd185e1..5b8eee05bcb 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/fields/fields.yml +++ b/packages/cisco_secure_email_gateway/data_stream/log/fields/fields.yml @@ -502,5 +502,3 @@ - name: type type: keyword description: Input type. -- name: input.type - type: keyword diff --git a/packages/cisco_secure_email_gateway/docs/README.md b/packages/cisco_secure_email_gateway/docs/README.md index 31559fa4eec..601a29c3afc 100644 --- a/packages/cisco_secure_email_gateway/docs/README.md +++ b/packages/cisco_secure_email_gateway/docs/README.md @@ -500,7 +500,7 @@ An example event for `log` looks as following: | http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | http.response.status_code | HTTP response status code. | long | | http.version | HTTP version. | keyword | -| input.type | | keyword | +| input.type | Input type | keyword | | log.file.path | File path from which the log event was read / sent from. | keyword | | log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | | log.offset | Log offset | long | diff --git a/packages/cisco_secure_email_gateway/manifest.yml b/packages/cisco_secure_email_gateway/manifest.yml index 613e1e10bc4..0daa2718ed0 100644 --- a/packages/cisco_secure_email_gateway/manifest.yml +++ b/packages/cisco_secure_email_gateway/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_email_gateway title: Cisco Secure Email Gateway -version: 0.1.0 +version: 0.1.1 license: basic description: Collect logs from Cisco Secure Email Gateway with Elastic Agent. type: integration diff --git a/packages/cisco_secure_endpoint/changelog.yml b/packages/cisco_secure_endpoint/changelog.yml index 5b895cf5aa5..af11d05636c 100644 --- a/packages/cisco_secure_endpoint/changelog.yml +++ b/packages/cisco_secure_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "2.4.0" changes: - description: Update to ECS 8.2 diff --git a/packages/cisco_secure_endpoint/data_stream/event/fields/base-fields.yml b/packages/cisco_secure_endpoint/data_stream/event/fields/base-fields.yml index 351ac771303..7e2ae7c8427 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/fields/base-fields.yml +++ b/packages/cisco_secure_endpoint/data_stream/event/fields/base-fields.yml @@ -18,10 +18,6 @@ type: constant_keyword description: Event dataset value: cisco_secure_endpoint.event -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword - name: input.type description: Type of Filebeat input. type: keyword diff --git a/packages/cisco_secure_endpoint/data_stream/event/fields/ecs.yml b/packages/cisco_secure_endpoint/data_stream/event/fields/ecs.yml index e6934866f97..a111f41da68 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/fields/ecs.yml +++ b/packages/cisco_secure_endpoint/data_stream/event/fields/ecs.yml @@ -24,8 +24,6 @@ name: event.category - external: ecs name: event.id -- external: ecs - name: event.code - external: ecs name: event.timezone - name: related.ip diff --git a/packages/cisco_secure_endpoint/manifest.yml b/packages/cisco_secure_endpoint/manifest.yml index 90e6bfe9ab0..d37e6b5f6c6 100644 --- a/packages/cisco_secure_endpoint/manifest.yml +++ b/packages/cisco_secure_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_endpoint title: Cisco Secure Endpoint (AMP) -version: 2.4.0 +version: 2.4.1 license: basic description: Collect logs from Cisco Secure Endpoint (AMP) with Elastic Agent. type: integration diff --git a/packages/cisco_umbrella/changelog.yml b/packages/cisco_umbrella/changelog.yml index 7896c19512c..fc84b5380a2 100644 --- a/packages/cisco_umbrella/changelog.yml +++ b/packages/cisco_umbrella/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/cisco_umbrella/data_stream/log/fields/agent.yml b/packages/cisco_umbrella/data_stream/log/fields/agent.yml index da4e652c53b..38bb8dcec56 100644 --- a/packages/cisco_umbrella/data_stream/log/fields/agent.yml +++ b/packages/cisco_umbrella/data_stream/log/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +114,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/cisco_umbrella/data_stream/log/fields/base-fields.yml b/packages/cisco_umbrella/data_stream/log/fields/base-fields.yml index 1fb9b67d579..2c6581fc21d 100644 --- a/packages/cisco_umbrella/data_stream/log/fields/base-fields.yml +++ b/packages/cisco_umbrella/data_stream/log/fields/base-fields.yml @@ -15,10 +15,6 @@ type: constant_keyword description: Event dataset value: cisco_umbrella.log -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword - name: input.type description: Type of Filebeat input. type: keyword diff --git a/packages/cisco_umbrella/data_stream/log/fields/fields.yml b/packages/cisco_umbrella/data_stream/log/fields/fields.yml index 930527b81dd..988bee4a887 100644 --- a/packages/cisco_umbrella/data_stream/log/fields/fields.yml +++ b/packages/cisco_umbrella/data_stream/log/fields/fields.yml @@ -79,10 +79,6 @@ description: > The unique identity of the network tunnel. - - name: identities - type: keyword - - name: identity_types - type: keyword - name: request_method type: keyword - name: dlp_status diff --git a/packages/cisco_umbrella/docs/README.md b/packages/cisco_umbrella/docs/README.md index 10abae05905..cd685ef5e9c 100644 --- a/packages/cisco_umbrella/docs/README.md +++ b/packages/cisco_umbrella/docs/README.md @@ -136,8 +136,8 @@ An example event for `log` looks as following: | cisco.umbrella.destination_lists_id | | keyword | | cisco.umbrella.dlp_status | | keyword | | cisco.umbrella.file_name | | keyword | -| cisco.umbrella.identities | | keyword | -| cisco.umbrella.identity_types | | keyword | +| cisco.umbrella.identities | An array of the different identities related to the event. | keyword | +| cisco.umbrella.identity_types | The type of identity that made the request. For example, Roaming Computer or Network. | keyword | | cisco.umbrella.origin_id | The unique identity of the network tunnel. | keyword | | cisco.umbrella.policy_identity_type | The first identity type matched with this request. Available in version 3 and above. | keyword | | cisco.umbrella.puas | A list of all potentially unwanted application (PUA) results for the proxied file as returned by the antivirus scanner. | keyword | diff --git a/packages/cisco_umbrella/manifest.yml b/packages/cisco_umbrella/manifest.yml index 3a7ccb15310..bb5cdff6384 100644 --- a/packages/cisco_umbrella/manifest.yml +++ b/packages/cisco_umbrella/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_umbrella title: Cisco Umbrella -version: 1.0.0 +version: 1.0.1 license: basic description: Collect logs from Cisco Umbrella with Elastic Agent. type: integration diff --git a/packages/cloudflare/changelog.yml b/packages/cloudflare/changelog.yml index eee53d09551..e9db965e9ed 100644 --- a/packages/cloudflare/changelog.yml +++ b/packages/cloudflare/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.0.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "2.0.0" changes: - description: Migrate map visualisation from tile_map to map object diff --git a/packages/cloudflare/data_stream/logpull/fields/ecs.yml b/packages/cloudflare/data_stream/logpull/fields/ecs.yml index 9a9a6402b06..a76befc86ca 100644 --- a/packages/cloudflare/data_stream/logpull/fields/ecs.yml +++ b/packages/cloudflare/data_stream/logpull/fields/ecs.yml @@ -12,8 +12,6 @@ external: ecs - name: client.geo.continent_name external: ecs -- name: client.geo.country_iso_code - external: ecs - name: client.geo.region_iso_code external: ecs - name: client.geo.location diff --git a/packages/cloudflare/manifest.yml b/packages/cloudflare/manifest.yml index 9a3ccc70af6..ddbc27b8a2b 100644 --- a/packages/cloudflare/manifest.yml +++ b/packages/cloudflare/manifest.yml @@ -1,6 +1,6 @@ name: cloudflare title: Cloudflare -version: 2.0.0 +version: 2.0.1 release: ga description: Collect and parse logs from Cloudflare API with Elastic Agent. type: integration diff --git a/packages/cockroachdb/changelog.yml b/packages/cockroachdb/changelog.yml index e30a931c212..080fadba6d5 100644 --- a/packages/cockroachdb/changelog.yml +++ b/packages/cockroachdb/changelog.yml @@ -1,3 +1,8 @@ +- version: "0.2.4" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.2.3" changes: - description: Add link to vendor documentation in readme diff --git a/packages/cockroachdb/data_stream/status/fields/agent.yml b/packages/cockroachdb/data_stream/status/fields/agent.yml index 79a7a39864b..fab944f3ca9 100644 --- a/packages/cockroachdb/data_stream/status/fields/agent.yml +++ b/packages/cockroachdb/data_stream/status/fields/agent.yml @@ -58,26 +58,11 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - name: labels level: extended type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/cockroachdb/manifest.yml b/packages/cockroachdb/manifest.yml index 4d3f6d09179..9be99b0428e 100644 --- a/packages/cockroachdb/manifest.yml +++ b/packages/cockroachdb/manifest.yml @@ -1,6 +1,6 @@ name: cockroachdb title: CockroachDB Metrics -version: 0.2.3 +version: 0.2.4 release: beta description: Collect metrics from CockroachDB servers with Elastic Agent. type: integration diff --git a/packages/cyberark/changelog.yml b/packages/cyberark/changelog.yml index 89a5da4e6f9..29eaceabe1c 100644 --- a/packages/cyberark/changelog.yml +++ b/packages/cyberark/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.5.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/cyberark/data_stream/corepas/fields/base-fields.yml b/packages/cyberark/data_stream/corepas/fields/base-fields.yml index 21c3c25647b..96b7f318d5a 100644 --- a/packages/cyberark/data_stream/corepas/fields/base-fields.yml +++ b/packages/cyberark/data_stream/corepas/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: cyberark.corepas -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/cyberark/manifest.yml b/packages/cyberark/manifest.yml index 32ede926a24..85f3952ae7a 100644 --- a/packages/cyberark/manifest.yml +++ b/packages/cyberark/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cyberark title: CyberArk -version: 0.5.0 +version: 0.5.1 description: Deprecated. Use CyberArk Privileged Access Security instead. categories: ["security"] release: experimental diff --git a/packages/cyberarkpas/changelog.yml b/packages/cyberarkpas/changelog.yml index 897327ebd07..0dd4cbf1c14 100644 --- a/packages/cyberarkpas/changelog.yml +++ b/packages/cyberarkpas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "2.4.0" changes: - description: Update to ECS 8.2 diff --git a/packages/cyberarkpas/data_stream/audit/fields/ecs.yml b/packages/cyberarkpas/data_stream/audit/fields/ecs.yml index 52bc05f570c..335c8d127fb 100644 --- a/packages/cyberarkpas/data_stream/audit/fields/ecs.yml +++ b/packages/cyberarkpas/data_stream/audit/fields/ecs.yml @@ -42,8 +42,6 @@ name: event.ingested - external: ecs name: event.kind -- external: ecs - name: event.module - external: ecs name: event.original - external: ecs diff --git a/packages/cyberarkpas/manifest.yml b/packages/cyberarkpas/manifest.yml index 5ad51e71e92..f91b837e6ae 100644 --- a/packages/cyberarkpas/manifest.yml +++ b/packages/cyberarkpas/manifest.yml @@ -1,6 +1,6 @@ name: cyberarkpas title: CyberArk Privileged Access Security Logs -version: 2.4.0 +version: 2.4.1 release: ga description: Collect audit logs from Cyberark Vault servers with Elastic Agent. type: integration diff --git a/packages/cylance/changelog.yml b/packages/cylance/changelog.yml index 0658b99d1dd..7dd2fc21646 100644 --- a/packages/cylance/changelog.yml +++ b/packages/cylance/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.8.1" changes: - description: Format host.mac as per ECS. diff --git a/packages/cylance/data_stream/protect/fields/base-fields.yml b/packages/cylance/data_stream/protect/fields/base-fields.yml index f7a828b7532..669ad8ae0b3 100644 --- a/packages/cylance/data_stream/protect/fields/base-fields.yml +++ b/packages/cylance/data_stream/protect/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: cylance.protect -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/cylance/manifest.yml b/packages/cylance/manifest.yml index ecc403f9e80..e250082e925 100644 --- a/packages/cylance/manifest.yml +++ b/packages/cylance/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cylance title: CylanceProtect Logs -version: "0.8.1" +version: "0.8.2" description: Collect logs from CylanceProtect devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/elastic_agent/changelog.yml b/packages/elastic_agent/changelog.yml index eec3ed933fb..5934340d0a2 100644 --- a/packages/elastic_agent/changelog.yml +++ b/packages/elastic_agent/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.4" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.3.3" changes: - description: Add configuration for cloudbeat logs and metrics. diff --git a/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/beat-stats-fields.yml b/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/beat-stats-fields.yml index 8fd2649426a..9668b294980 100644 --- a/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/beat-stats-fields.yml +++ b/packages/elastic_agent/data_stream/elastic_agent_metrics/fields/beat-stats-fields.yml @@ -176,52 +176,6 @@ description: > Type of output - - name: events - type: group - description: > - Event counters - - fields: - - name: acked - type: long - description: > - Number of events acknowledged - - - name: active - type: long - description: > - Number of active events - - - name: batches - type: long - description: > - Number of event batches - - - name: dropped - type: long - description: > - Number of events dropped - - - name: duplicates - type: long - description: > - Number of events duplicated - - - name: failed - type: long - description: > - Number of events failed - - - name: toomany - type: long - description: > - Number of too many events - - - name: total - type: long - description: > - Total number of events - - name: read type: group description: > @@ -238,19 +192,3 @@ description: > Number of read errors - - name: write - type: group - description: > - Write stats - - fields: - - name: bytes - type: long - description: > - Number of bytes written - - - name: errors - type: long - description: > - Number of write errors - diff --git a/packages/elastic_agent/manifest.yml b/packages/elastic_agent/manifest.yml index aa76c27645b..4a426de62be 100644 --- a/packages/elastic_agent/manifest.yml +++ b/packages/elastic_agent/manifest.yml @@ -1,6 +1,6 @@ name: elastic_agent title: Elastic Agent -version: 1.3.3 +version: 1.3.4 release: ga description: Collect logs and metrics from Elastic Agents. type: integration diff --git a/packages/elasticsearch/changelog.yml b/packages/elasticsearch/changelog.yml index c768eb508a6..8e2d92ec6ba 100644 --- a/packages/elasticsearch/changelog.yml +++ b/packages/elasticsearch/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.3" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.2.2" changes: - description: Add documentation for multi-fields diff --git a/packages/elasticsearch/data_stream/ccr/fields/base-fields.yml b/packages/elasticsearch/data_stream/ccr/fields/base-fields.yml index 7c798f4534c..a3e80e3a547 100644 --- a/packages/elasticsearch/data_stream/ccr/fields/base-fields.yml +++ b/packages/elasticsearch/data_stream/ccr/fields/base-fields.yml @@ -7,6 +7,3 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. -- name: '@timestamp' - type: date - description: Event timestamp. diff --git a/packages/elasticsearch/data_stream/deprecation/fields/fields.yml b/packages/elasticsearch/data_stream/deprecation/fields/fields.yml deleted file mode 100644 index dfe88fe875d..00000000000 --- a/packages/elasticsearch/data_stream/deprecation/fields/fields.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: elasticsearch.deprecation - type: group diff --git a/packages/elasticsearch/data_stream/ml_job/fields/base-fields.yml b/packages/elasticsearch/data_stream/ml_job/fields/base-fields.yml index 7c798f4534c..a3e80e3a547 100644 --- a/packages/elasticsearch/data_stream/ml_job/fields/base-fields.yml +++ b/packages/elasticsearch/data_stream/ml_job/fields/base-fields.yml @@ -7,6 +7,3 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. -- name: '@timestamp' - type: date - description: Event timestamp. diff --git a/packages/elasticsearch/manifest.yml b/packages/elasticsearch/manifest.yml index 494e901d7dc..ca968f66414 100644 --- a/packages/elasticsearch/manifest.yml +++ b/packages/elasticsearch/manifest.yml @@ -1,6 +1,6 @@ name: elasticsearch title: Elasticsearch -version: 0.2.2 +version: 0.2.3 release: experimental description: Elasticsearch Integration type: integration diff --git a/packages/f5/changelog.yml b/packages/f5/changelog.yml index 285606778d7..9067eab66f0 100644 --- a/packages/f5/changelog.yml +++ b/packages/f5/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.9.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/f5/data_stream/bigipafm/fields/base-fields.yml b/packages/f5/data_stream/bigipafm/fields/base-fields.yml index a4f2b5492fe..62774970e58 100644 --- a/packages/f5/data_stream/bigipafm/fields/base-fields.yml +++ b/packages/f5/data_stream/bigipafm/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: f5.bigipafm -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/f5/data_stream/bigipapm/fields/base-fields.yml b/packages/f5/data_stream/bigipapm/fields/base-fields.yml index 88bd33161a9..6735d33f76a 100644 --- a/packages/f5/data_stream/bigipapm/fields/base-fields.yml +++ b/packages/f5/data_stream/bigipapm/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: f5.bigipapm -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/f5/manifest.yml b/packages/f5/manifest.yml index 5293560f166..4d4d776cf02 100644 --- a/packages/f5/manifest.yml +++ b/packages/f5/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: f5 title: F5 Logs -version: 0.9.0 +version: 0.9.1 description: Collect and parse logs from F5 devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/fim/changelog.yml b/packages/fim/changelog.yml index e07ad471d73..40dda76d8b7 100644 --- a/packages/fim/changelog.yml +++ b/packages/fim/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.0" changes: - description: "Make GA and compatible with 8.2" diff --git a/packages/fim/data_stream/event/fields/agent.yml b/packages/fim/data_stream/event/fields/agent.yml index e313ec82874..f027c185f47 100644 --- a/packages/fim/data_stream/event/fields/agent.yml +++ b/packages/fim/data_stream/event/fields/agent.yml @@ -77,11 +77,6 @@ type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 @@ -90,12 +85,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - name: domain level: extended type: keyword diff --git a/packages/fim/manifest.yml b/packages/fim/manifest.yml index c3e5b35b589..a4d3a036d90 100644 --- a/packages/fim/manifest.yml +++ b/packages/fim/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: fim title: "File Integrity Monitoring" -version: 1.0.0 +version: 1.0.1 license: basic release: ga description: "The File Integrity Monitoring integration reports filesystem changes in real time." diff --git a/packages/fireeye/changelog.yml b/packages/fireeye/changelog.yml index 3e1575fc75b..d1832cce44d 100644 --- a/packages/fireeye/changelog.yml +++ b/packages/fireeye/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.3.1" changes: - description: Move invalid field value in sample event file diff --git a/packages/fireeye/data_stream/nx/fields/agent.yml b/packages/fireeye/data_stream/nx/fields/agent.yml index a371c03d96d..368be734273 100644 --- a/packages/fireeye/data_stream/nx/fields/agent.yml +++ b/packages/fireeye/data_stream/nx/fields/agent.yml @@ -107,10 +107,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/fireeye/data_stream/nx/fields/ecs.yml b/packages/fireeye/data_stream/nx/fields/ecs.yml index f1d3ef0500a..e42fbd85c1a 100644 --- a/packages/fireeye/data_stream/nx/fields/ecs.yml +++ b/packages/fireeye/data_stream/nx/fields/ecs.yml @@ -62,8 +62,6 @@ name: source.ip - external: ecs name: destination.address -- external: ecs - name: destination.port - external: ecs name: destination.as.number - external: ecs diff --git a/packages/fireeye/manifest.yml b/packages/fireeye/manifest.yml index e8c250355fb..7be14fcc7ed 100644 --- a/packages/fireeye/manifest.yml +++ b/packages/fireeye/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: fireeye title: "Fireeye" -version: 1.3.1 +version: 1.3.2 license: basic description: "This Elastic integration collects Fireeye NX logs." type: integration diff --git a/packages/fortinet/changelog.yml b/packages/fortinet/changelog.yml index 927672491e4..304460f166e 100644 --- a/packages/fortinet/changelog.yml +++ b/packages/fortinet/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.6.1" changes: - description: Format source.mac and destination.mac as per ECS for the Fortimanager data stream. diff --git a/packages/fortinet/data_stream/clientendpoint/fields/agent.yml b/packages/fortinet/data_stream/clientendpoint/fields/agent.yml index da4e652c53b..38bb8dcec56 100644 --- a/packages/fortinet/data_stream/clientendpoint/fields/agent.yml +++ b/packages/fortinet/data_stream/clientendpoint/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +114,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/fortinet/data_stream/clientendpoint/fields/base-fields.yml b/packages/fortinet/data_stream/clientendpoint/fields/base-fields.yml index 82f01336920..08b97d5f8d8 100644 --- a/packages/fortinet/data_stream/clientendpoint/fields/base-fields.yml +++ b/packages/fortinet/data_stream/clientendpoint/fields/base-fields.yml @@ -15,13 +15,6 @@ type: constant_keyword description: Event dataset value: fortinet.clientendpoint -- name: '@timestamp' - type: date - description: Event timestamp. -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword - name: input.type description: Type of Filebeat input. type: keyword @@ -39,8 +32,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/fortinet/data_stream/firewall/fields/agent.yml b/packages/fortinet/data_stream/firewall/fields/agent.yml index f6127c3e224..8e774447801 100644 --- a/packages/fortinet/data_stream/firewall/fields/agent.yml +++ b/packages/fortinet/data_stream/firewall/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword diff --git a/packages/fortinet/data_stream/firewall/fields/ecs.yml b/packages/fortinet/data_stream/firewall/fields/ecs.yml index c17ad238522..48b2e3a03aa 100644 --- a/packages/fortinet/data_stream/firewall/fields/ecs.yml +++ b/packages/fortinet/data_stream/firewall/fields/ecs.yml @@ -72,16 +72,12 @@ name: event.category - external: ecs name: event.code -- external: ecs - name: event.dataset - external: ecs name: event.duration - external: ecs name: event.ingested - external: ecs name: event.kind -- external: ecs - name: event.module - external: ecs name: event.outcome - external: ecs diff --git a/packages/fortinet/data_stream/fortimail/fields/agent.yml b/packages/fortinet/data_stream/fortimail/fields/agent.yml index da4e652c53b..38bb8dcec56 100644 --- a/packages/fortinet/data_stream/fortimail/fields/agent.yml +++ b/packages/fortinet/data_stream/fortimail/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +114,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/fortinet/data_stream/fortimail/fields/base-fields.yml b/packages/fortinet/data_stream/fortimail/fields/base-fields.yml index 50a37950c47..835e6882275 100644 --- a/packages/fortinet/data_stream/fortimail/fields/base-fields.yml +++ b/packages/fortinet/data_stream/fortimail/fields/base-fields.yml @@ -15,13 +15,6 @@ type: constant_keyword description: Event dataset value: fortinet.fortimail -- name: '@timestamp' - type: date - description: Event timestamp. -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword - name: input.type description: Type of Filebeat input. type: keyword @@ -39,8 +32,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/fortinet/data_stream/fortimanager/fields/agent.yml b/packages/fortinet/data_stream/fortimanager/fields/agent.yml index da4e652c53b..38bb8dcec56 100644 --- a/packages/fortinet/data_stream/fortimanager/fields/agent.yml +++ b/packages/fortinet/data_stream/fortimanager/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +114,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/fortinet/data_stream/fortimanager/fields/base-fields.yml b/packages/fortinet/data_stream/fortimanager/fields/base-fields.yml index bbad94843bc..d9f35d7c497 100644 --- a/packages/fortinet/data_stream/fortimanager/fields/base-fields.yml +++ b/packages/fortinet/data_stream/fortimanager/fields/base-fields.yml @@ -15,13 +15,6 @@ type: constant_keyword description: Event dataset value: fortinet.fortimanager -- name: '@timestamp' - type: date - description: Event timestamp. -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword - name: input.type description: Type of Filebeat input. type: keyword @@ -39,8 +32,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/fortinet/docs/README.md b/packages/fortinet/docs/README.md index e5f17a143da..9535e4f602b 100644 --- a/packages/fortinet/docs/README.md +++ b/packages/fortinet/docs/README.md @@ -229,7 +229,7 @@ An example event for `firewall` looks as following: | event.ingested | Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` \< `event.created` \< `event.ingested`. | date | | event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | | event.message | Log message optimized for viewing in a log viewer. | text | -| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | +| event.module | Event module | constant_keyword | | event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. | keyword | | event.reference | Reference URL linking to additional information about this event. This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. | keyword | | event.start | event.start contains the date when the event started or when the activity was first observed. | date | diff --git a/packages/fortinet/manifest.yml b/packages/fortinet/manifest.yml index 25f9d292a2e..be239a2c800 100644 --- a/packages/fortinet/manifest.yml +++ b/packages/fortinet/manifest.yml @@ -1,6 +1,6 @@ name: fortinet title: Fortinet Logs -version: "1.6.1" +version: "1.6.2" release: ga description: Collect logs from Fortinet instances with Elastic Agent. type: integration diff --git a/packages/google_workspace/changelog.yml b/packages/google_workspace/changelog.yml index 080f3c9a752..b97571d8669 100644 --- a/packages/google_workspace/changelog.yml +++ b/packages/google_workspace/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.5.0" changes: - description: Allow to set credentials directly in the config. diff --git a/packages/google_workspace/data_stream/admin/fields/agent.yml b/packages/google_workspace/data_stream/admin/fields/agent.yml index e313ec82874..616523c9e12 100644 --- a/packages/google_workspace/data_stream/admin/fields/agent.yml +++ b/packages/google_workspace/data_stream/admin/fields/agent.yml @@ -77,11 +77,6 @@ type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/google_workspace/data_stream/drive/fields/agent.yml b/packages/google_workspace/data_stream/drive/fields/agent.yml index e313ec82874..616523c9e12 100644 --- a/packages/google_workspace/data_stream/drive/fields/agent.yml +++ b/packages/google_workspace/data_stream/drive/fields/agent.yml @@ -77,11 +77,6 @@ type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/google_workspace/data_stream/groups/fields/agent.yml b/packages/google_workspace/data_stream/groups/fields/agent.yml index e313ec82874..616523c9e12 100644 --- a/packages/google_workspace/data_stream/groups/fields/agent.yml +++ b/packages/google_workspace/data_stream/groups/fields/agent.yml @@ -77,11 +77,6 @@ type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/google_workspace/data_stream/login/fields/agent.yml b/packages/google_workspace/data_stream/login/fields/agent.yml index e313ec82874..616523c9e12 100644 --- a/packages/google_workspace/data_stream/login/fields/agent.yml +++ b/packages/google_workspace/data_stream/login/fields/agent.yml @@ -77,11 +77,6 @@ type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/google_workspace/data_stream/saml/fields/agent.yml b/packages/google_workspace/data_stream/saml/fields/agent.yml index e313ec82874..616523c9e12 100644 --- a/packages/google_workspace/data_stream/saml/fields/agent.yml +++ b/packages/google_workspace/data_stream/saml/fields/agent.yml @@ -77,11 +77,6 @@ type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/google_workspace/data_stream/user_accounts/fields/agent.yml b/packages/google_workspace/data_stream/user_accounts/fields/agent.yml index e313ec82874..616523c9e12 100644 --- a/packages/google_workspace/data_stream/user_accounts/fields/agent.yml +++ b/packages/google_workspace/data_stream/user_accounts/fields/agent.yml @@ -77,11 +77,6 @@ type: object object_type: keyword description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/google_workspace/manifest.yml b/packages/google_workspace/manifest.yml index 77b1ab10bc8..5fb6f620f84 100644 --- a/packages/google_workspace/manifest.yml +++ b/packages/google_workspace/manifest.yml @@ -1,6 +1,6 @@ name: google_workspace title: Google Workspace Audit Reports -version: 1.5.0 +version: 1.5.1 release: ga description: Collect audit reports from Google Workspaces with Elastic Agent. type: integration diff --git a/packages/hadoop/changelog.yml b/packages/hadoop/changelog.yml index 841e0feaebc..66e06a47e04 100644 --- a/packages/hadoop/changelog.yml +++ b/packages/hadoop/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.2.0" changes: - description: Add dashboard and visualizations for Hadoop. diff --git a/packages/hadoop/data_stream/application/fields/beats.yml b/packages/hadoop/data_stream/application/fields/beats.yml index ede69588554..22565288a1d 100644 --- a/packages/hadoop/data_stream/application/fields/beats.yml +++ b/packages/hadoop/data_stream/application/fields/beats.yml @@ -1,6 +1,3 @@ - name: input.type description: Type of Filebeat input. type: keyword -- name: tags - type: keyword - description: User defined tags diff --git a/packages/hadoop/docs/README.md b/packages/hadoop/docs/README.md index 6338972541a..d2147f9a394 100644 --- a/packages/hadoop/docs/README.md +++ b/packages/hadoop/docs/README.md @@ -101,7 +101,7 @@ An example event for `application` looks as following: | hadoop.application.time.started | Application start time | date | | hadoop.application.vcore_seconds | The amount of CPU resources the application has allocated | long | | input.type | Type of Filebeat input. | keyword | -| tags | User defined tags | keyword | +| tags | List of keywords used to tag each event. | keyword | ## cluster diff --git a/packages/hadoop/manifest.yml b/packages/hadoop/manifest.yml index e44ade35e89..76b81f23766 100644 --- a/packages/hadoop/manifest.yml +++ b/packages/hadoop/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: hadoop title: Hadoop -version: 0.2.0 +version: 0.2.1 license: basic description: Collect metrics from Apache Hadoop with Elastic Agent. type: integration diff --git a/packages/haproxy/changelog.yml b/packages/haproxy/changelog.yml index e52bacbfb89..f7d9df892de 100644 --- a/packages/haproxy/changelog.yml +++ b/packages/haproxy/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.2.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.2.0" changes: - description: Migrate tile map to map object in dashboards diff --git a/packages/haproxy/data_stream/log/fields/package-fields.yml b/packages/haproxy/data_stream/log/fields/package-fields.yml index 37f723783c9..5c30409d63a 100644 --- a/packages/haproxy/data_stream/log/fields/package-fields.yml +++ b/packages/haproxy/data_stream/log/fields/package-fields.yml @@ -64,9 +64,3 @@ - name: retries type: long description: Number of connection retries experienced by this session when trying to connect to the server. - - name: client - type: group - - name: destination - type: group - - name: geoip - type: group diff --git a/packages/haproxy/manifest.yml b/packages/haproxy/manifest.yml index b0815bf8b55..fc6d6ffe66c 100644 --- a/packages/haproxy/manifest.yml +++ b/packages/haproxy/manifest.yml @@ -1,6 +1,6 @@ name: haproxy title: HAProxy -version: 1.2.0 +version: 1.2.1 description: Collect logs and metrics from HAProxy servers with Elastic Agent. type: integration icons: diff --git a/packages/hid_bravura_monitor/changelog.yml b/packages/hid_bravura_monitor/changelog.yml index 4c880e07b99..447b4eb1e18 100644 --- a/packages/hid_bravura_monitor/changelog.yml +++ b/packages/hid_bravura_monitor/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.3" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.2" changes: - description: Add documentation for multi-fields diff --git a/packages/hid_bravura_monitor/data_stream/log/fields/base-fields.yml b/packages/hid_bravura_monitor/data_stream/log/fields/base-fields.yml index cf3e4e13849..46908d2a37e 100644 --- a/packages/hid_bravura_monitor/data_stream/log/fields/base-fields.yml +++ b/packages/hid_bravura_monitor/data_stream/log/fields/base-fields.yml @@ -7,9 +7,6 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. -- name: '@timestamp' - type: date - description: Event timestamp. - name: event.module type: constant_keyword description: Event module @@ -21,6 +18,3 @@ - name: log.flags description: Flags for the log file. type: keyword -- name: log.offset - description: Offset of the entry in the log file. - type: long diff --git a/packages/hid_bravura_monitor/data_stream/log/fields/ecs.yml b/packages/hid_bravura_monitor/data_stream/log/fields/ecs.yml index eaee751dad7..fb78acf4391 100644 --- a/packages/hid_bravura_monitor/data_stream/log/fields/ecs.yml +++ b/packages/hid_bravura_monitor/data_stream/log/fields/ecs.yml @@ -48,8 +48,6 @@ name: event.code - external: ecs name: event.created -- external: ecs - name: event.created - external: ecs name: event.duration - external: ecs @@ -206,8 +204,6 @@ name: user.id - external: ecs name: user.name -- external: ecs - name: server.domain - external: ecs name: server.address - external: ecs diff --git a/packages/hid_bravura_monitor/data_stream/winlog/fields/agent.yml b/packages/hid_bravura_monitor/data_stream/winlog/fields/agent.yml index da4e652c53b..5d8b5c2999b 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/fields/agent.yml +++ b/packages/hid_bravura_monitor/data_stream/winlog/fields/agent.yml @@ -130,13 +130,6 @@ type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/hid_bravura_monitor/data_stream/winlog/fields/ecs.yml b/packages/hid_bravura_monitor/data_stream/winlog/fields/ecs.yml index cf2eb514531..6e6c455ef16 100644 --- a/packages/hid_bravura_monitor/data_stream/winlog/fields/ecs.yml +++ b/packages/hid_bravura_monitor/data_stream/winlog/fields/ecs.yml @@ -12,8 +12,6 @@ name: event.ingested - external: ecs name: event.kind -- external: ecs - name: event.module - external: ecs name: event.outcome - external: ecs diff --git a/packages/hid_bravura_monitor/docs/README.md b/packages/hid_bravura_monitor/docs/README.md index 5018e8a093b..7fc6aec5d89 100644 --- a/packages/hid_bravura_monitor/docs/README.md +++ b/packages/hid_bravura_monitor/docs/README.md @@ -239,7 +239,7 @@ An example event for `log` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | client.address | Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | | client.domain | Client domain. | keyword | | client.ip | IP address of the client (IPv4 or IPv6). | ip | @@ -557,7 +557,7 @@ An example event for `winlog` looks as following: | event.dataset | Event dataset. | constant_keyword | | event.ingested | Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` \< `event.created` \< `event.ingested`. | date | | event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | -| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | +| event.module | Event module | constant_keyword | | event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. | keyword | | event.provider | Source of the event. Event transports such as Syslog or the Windows Event Log typically mention the source of an event. It can be the name of the software that generated the event (e.g. Sysmon, httpd), or of a subsystem of the operating system (kernel, Microsoft-Windows-Security-Auditing). | keyword | | event.sequence | Sequence number of the event. The sequence number is a value published by some event sources, to make the exact ordering of events unambiguous, regardless of the timestamp precision. | long | diff --git a/packages/hid_bravura_monitor/manifest.yml b/packages/hid_bravura_monitor/manifest.yml index eb761c62d82..d9abe868bef 100644 --- a/packages/hid_bravura_monitor/manifest.yml +++ b/packages/hid_bravura_monitor/manifest.yml @@ -1,6 +1,6 @@ name: hid_bravura_monitor title: Hitachi ID Bravura Monitor -version: 1.0.2 +version: 1.0.3 categories: ["security"] release: ga description: Collect logs from Hitachi ID Security Fabric with Elastic Agent. diff --git a/packages/iis/changelog.yml b/packages/iis/changelog.yml index b6ad15f7456..1bf4f9fc95b 100644 --- a/packages/iis/changelog.yml +++ b/packages/iis/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.9.0" changes: - description: Migrating the tile_map to map object in dashboard diff --git a/packages/iis/data_stream/access/fields/agent.yml b/packages/iis/data_stream/access/fields/agent.yml index da4e652c53b..3cb905c19c2 100644 --- a/packages/iis/data_stream/access/fields/agent.yml +++ b/packages/iis/data_stream/access/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword diff --git a/packages/iis/data_stream/access/fields/ecs.yml b/packages/iis/data_stream/access/fields/ecs.yml index 80a028d9cb0..295c38639a3 100644 --- a/packages/iis/data_stream/access/fields/ecs.yml +++ b/packages/iis/data_stream/access/fields/ecs.yml @@ -72,22 +72,14 @@ name: user.name - external: ecs name: user_agent.device.name -- external: ecs - name: user_agent.device.name -- external: ecs - name: user_agent.name - external: ecs name: user_agent.name - external: ecs name: user_agent.original -- external: ecs - name: user_agent.original - external: ecs name: user_agent.os.full - external: ecs name: user_agent.os.name -- external: ecs - name: user_agent.os.name - external: ecs name: user_agent.os.version - external: ecs diff --git a/packages/iis/data_stream/access/fields/fields.yml b/packages/iis/data_stream/access/fields/fields.yml index 2e401415de1..e3c835f4d8b 100644 --- a/packages/iis/data_stream/access/fields/fields.yml +++ b/packages/iis/data_stream/access/fields/fields.yml @@ -21,7 +21,3 @@ type: keyword description: | The content of the cookie sent or received, if any. - - name: user_agent - type: group - - name: geoip - type: group diff --git a/packages/iis/data_stream/error/fields/fields.yml b/packages/iis/data_stream/error/fields/fields.yml index 2a0e9d30eee..a04c95f932b 100644 --- a/packages/iis/data_stream/error/fields/fields.yml +++ b/packages/iis/data_stream/error/fields/fields.yml @@ -9,5 +9,3 @@ type: keyword description: | The IIS application pool name. - - name: geoip - type: group diff --git a/packages/iis/manifest.yml b/packages/iis/manifest.yml index f4bf2603c87..4283b952702 100644 --- a/packages/iis/manifest.yml +++ b/packages/iis/manifest.yml @@ -1,6 +1,6 @@ name: iis title: IIS -version: 0.9.0 +version: 0.9.1 description: Collect logs and metrics from Internet Information Services (IIS) servers with Elastic Agent. type: integration icons: diff --git a/packages/imperva/changelog.yml b/packages/imperva/changelog.yml index 7b520319361..b9b64f90a6e 100644 --- a/packages/imperva/changelog.yml +++ b/packages/imperva/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/imperva/data_stream/securesphere/fields/base-fields.yml b/packages/imperva/data_stream/securesphere/fields/base-fields.yml index dc56d4aaff7..9ce3355258d 100644 --- a/packages/imperva/data_stream/securesphere/fields/base-fields.yml +++ b/packages/imperva/data_stream/securesphere/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: imperva.securesphere -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/imperva/manifest.yml b/packages/imperva/manifest.yml index e3b683c8f8a..bc07e692640 100644 --- a/packages/imperva/manifest.yml +++ b/packages/imperva/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: imperva title: Imperva SecureSphere Logs -version: 0.8.0 +version: 0.8.1 description: Collect SecureSphere logs from Imperva devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/infoblox/changelog.yml b/packages/infoblox/changelog.yml index 65c9b154a58..fcccc1abbb1 100644 --- a/packages/infoblox/changelog.yml +++ b/packages/infoblox/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.8.1" changes: - description: Mark package as deprecated. Please migrate to the infoblox_nios package. diff --git a/packages/infoblox/data_stream/nios/fields/base-fields.yml b/packages/infoblox/data_stream/nios/fields/base-fields.yml index f9d913dd565..8abe062e052 100644 --- a/packages/infoblox/data_stream/nios/fields/base-fields.yml +++ b/packages/infoblox/data_stream/nios/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: infoblox.nios -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/infoblox/manifest.yml b/packages/infoblox/manifest.yml index 3b58b30f642..71c9d39f175 100644 --- a/packages/infoblox/manifest.yml +++ b/packages/infoblox/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: infoblox title: Infoblox Logs -version: "0.8.1" +version: "0.8.2" description: Deprecated. Use a product-specific Infoblox package instead. categories: ["network"] release: experimental diff --git a/packages/infoblox_nios/changelog.yml b/packages/infoblox_nios/changelog.yml index af71c49ef4d..a6608863535 100644 --- a/packages/infoblox_nios/changelog.yml +++ b/packages/infoblox_nios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.1.0" changes: - description: Initial draft of the package. diff --git a/packages/infoblox_nios/data_stream/log/fields/agent.yml b/packages/infoblox_nios/data_stream/log/fields/agent.yml index 6639aec94a9..0f6bda97446 100644 --- a/packages/infoblox_nios/data_stream/log/fields/agent.yml +++ b/packages/infoblox_nios/data_stream/log/fields/agent.yml @@ -107,10 +107,6 @@ type: keyword ignore_above: 1024 description: 'Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/infoblox_nios/manifest.yml b/packages/infoblox_nios/manifest.yml index def5dd278a5..57f3f9d6a98 100644 --- a/packages/infoblox_nios/manifest.yml +++ b/packages/infoblox_nios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: infoblox_nios title: Infoblox NIOS -version: 0.1.0 +version: 0.1.1 license: basic description: Collect logs from Infoblox NIOS with Elastic Agent. type: integration diff --git a/packages/juniper/changelog.yml b/packages/juniper/changelog.yml index 11a217e4c81..bba301e7738 100644 --- a/packages/juniper/changelog.yml +++ b/packages/juniper/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.1.1" changes: - description: Add documentation for multi-fields diff --git a/packages/juniper/data_stream/junos/fields/agent.yml b/packages/juniper/data_stream/junos/fields/agent.yml index da4e652c53b..38bb8dcec56 100644 --- a/packages/juniper/data_stream/junos/fields/agent.yml +++ b/packages/juniper/data_stream/junos/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +114,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/juniper/data_stream/junos/fields/base-fields.yml b/packages/juniper/data_stream/junos/fields/base-fields.yml index 6092398a3f1..8401571ede4 100644 --- a/packages/juniper/data_stream/junos/fields/base-fields.yml +++ b/packages/juniper/data_stream/junos/fields/base-fields.yml @@ -15,13 +15,6 @@ type: constant_keyword description: Event dataset value: juniper.junos -- name: '@timestamp' - type: date - description: Event timestamp. -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword - name: input.type description: Type of Filebeat input. type: keyword @@ -39,8 +32,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/juniper/data_stream/netscreen/fields/agent.yml b/packages/juniper/data_stream/netscreen/fields/agent.yml index da4e652c53b..38bb8dcec56 100644 --- a/packages/juniper/data_stream/netscreen/fields/agent.yml +++ b/packages/juniper/data_stream/netscreen/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +114,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/juniper/data_stream/netscreen/fields/base-fields.yml b/packages/juniper/data_stream/netscreen/fields/base-fields.yml index db5ff9a4dad..181f1fddbeb 100644 --- a/packages/juniper/data_stream/netscreen/fields/base-fields.yml +++ b/packages/juniper/data_stream/netscreen/fields/base-fields.yml @@ -15,13 +15,6 @@ type: constant_keyword description: Event dataset value: juniper.netscreen -- name: '@timestamp' - type: date - description: Event timestamp. -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword - name: input.type description: Type of Filebeat input. type: keyword @@ -39,8 +32,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/juniper/data_stream/srx/fields/agent.yml b/packages/juniper/data_stream/srx/fields/agent.yml index c5d5959b5ab..3d3ef02e8c5 100644 --- a/packages/juniper/data_stream/srx/fields/agent.yml +++ b/packages/juniper/data_stream/srx/fields/agent.yml @@ -5,83 +5,9 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - name: image.id type: keyword description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 @@ -90,95 +16,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' - name: containerized type: boolean description: > diff --git a/packages/juniper/data_stream/srx/fields/base-fields.yml b/packages/juniper/data_stream/srx/fields/base-fields.yml index 2b9703542a6..5e633cd76ab 100644 --- a/packages/juniper/data_stream/srx/fields/base-fields.yml +++ b/packages/juniper/data_stream/srx/fields/base-fields.yml @@ -15,6 +15,3 @@ type: constant_keyword description: Event dataset value: juniper.srx -- name: '@timestamp' - type: date - description: Event timestamp. diff --git a/packages/juniper/docs/README.md b/packages/juniper/docs/README.md index f1cbbdd29f3..ab2082048e0 100644 --- a/packages/juniper/docs/README.md +++ b/packages/juniper/docs/README.md @@ -47,7 +47,7 @@ The following processes and tags are supported: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | agent.build.original | Extended build information for the agent. This field is intended to contain any build information that a data source may provide, no specific formatting is required. | keyword | | agent.ephemeral_id | Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not. | keyword | | agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | @@ -101,7 +101,7 @@ The following processes and tags are supported: | cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | | cloud.project.name | The cloud project name. Examples: Google Cloud Project name, Azure Project name. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | code_signature.exists | Boolean to capture if a signature is present. | boolean | | code_signature.status | Additional information about the certificate status. This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. | keyword | | code_signature.subject_name | Subject name of the code signer | keyword | @@ -319,7 +319,7 @@ The following processes and tags are supported: | host.os.full.text | Multi-field of `host.os.full`. | match_only_text | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | text | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | @@ -882,7 +882,7 @@ The `junos` dataset collects Juniper JUNOS logs. | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | agent.build.original | Extended build information for the agent. This field is intended to contain any build information that a data source may provide, no specific formatting is required. | keyword | | agent.ephemeral_id | Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not. | keyword | | agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | @@ -936,7 +936,7 @@ The `junos` dataset collects Juniper JUNOS logs. | cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | | cloud.project.name | The cloud project name. Examples: Google Cloud Project name, Azure Project name. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | code_signature.exists | Boolean to capture if a signature is present. | boolean | | code_signature.status | Additional information about the certificate status. This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. | keyword | | code_signature.subject_name | Subject name of the code signer | keyword | @@ -1154,7 +1154,7 @@ The `junos` dataset collects Juniper JUNOS logs. | host.os.full.text | Multi-field of `host.os.full`. | match_only_text | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | text | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | diff --git a/packages/juniper/manifest.yml b/packages/juniper/manifest.yml index 74ccaa02073..d9fdfcf1822 100644 --- a/packages/juniper/manifest.yml +++ b/packages/juniper/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper title: Juniper Logs -version: 1.1.1 +version: 1.1.2 description: Deprecated. Use a specific Juniper package instead. categories: ["network", "security"] release: ga diff --git a/packages/juniper_junos/changelog.yml b/packages/juniper_junos/changelog.yml index fd36fca681e..b8e526f08e0 100644 --- a/packages/juniper_junos/changelog.yml +++ b/packages/juniper_junos/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.2.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/juniper_junos/data_stream/log/fields/agent.yml b/packages/juniper_junos/data_stream/log/fields/agent.yml index da4e652c53b..38bb8dcec56 100644 --- a/packages/juniper_junos/data_stream/log/fields/agent.yml +++ b/packages/juniper_junos/data_stream/log/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +114,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/juniper_junos/data_stream/log/fields/base-fields.yml b/packages/juniper_junos/data_stream/log/fields/base-fields.yml index d93730c7a76..5b3ee114e0f 100644 --- a/packages/juniper_junos/data_stream/log/fields/base-fields.yml +++ b/packages/juniper_junos/data_stream/log/fields/base-fields.yml @@ -15,13 +15,6 @@ type: constant_keyword description: Event dataset value: juniper_junos.log -- name: '@timestamp' - type: date - description: Event timestamp. -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword - name: input.type description: Type of Filebeat input. type: keyword @@ -39,8 +32,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/juniper_junos/manifest.yml b/packages/juniper_junos/manifest.yml index 3f4ba534485..23d0d28294e 100644 --- a/packages/juniper_junos/manifest.yml +++ b/packages/juniper_junos/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_junos title: Juniper JunOS -version: 0.2.0 +version: 0.2.1 description: Collect logs from Juniper JunOS with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/juniper_netscreen/changelog.yml b/packages/juniper_netscreen/changelog.yml index 722ca318d5b..72eca74a7bd 100644 --- a/packages/juniper_netscreen/changelog.yml +++ b/packages/juniper_netscreen/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.2.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/juniper_netscreen/data_stream/log/fields/agent.yml b/packages/juniper_netscreen/data_stream/log/fields/agent.yml index da4e652c53b..38bb8dcec56 100644 --- a/packages/juniper_netscreen/data_stream/log/fields/agent.yml +++ b/packages/juniper_netscreen/data_stream/log/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +114,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/juniper_netscreen/data_stream/log/fields/base-fields.yml b/packages/juniper_netscreen/data_stream/log/fields/base-fields.yml index 82882053b69..905f87d3120 100644 --- a/packages/juniper_netscreen/data_stream/log/fields/base-fields.yml +++ b/packages/juniper_netscreen/data_stream/log/fields/base-fields.yml @@ -15,13 +15,6 @@ type: constant_keyword description: Event dataset value: juniper_netscreen.log -- name: '@timestamp' - type: date - description: Event timestamp. -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword - name: input.type description: Type of Filebeat input. type: keyword @@ -39,8 +32,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/juniper_netscreen/manifest.yml b/packages/juniper_netscreen/manifest.yml index c446eabb620..2f781dfca0e 100644 --- a/packages/juniper_netscreen/manifest.yml +++ b/packages/juniper_netscreen/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_netscreen title: Juniper NetScreen -version: 0.2.0 +version: 0.2.1 description: Collect logs from Juniper NetScreen with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/juniper_srx/changelog.yml b/packages/juniper_srx/changelog.yml index 72c2583f37e..3ffd615eab2 100644 --- a/packages/juniper_srx/changelog.yml +++ b/packages/juniper_srx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.3.0" changes: - description: Add TLS and custom options support to TCP input diff --git a/packages/juniper_srx/data_stream/log/fields/agent.yml b/packages/juniper_srx/data_stream/log/fields/agent.yml index c5d5959b5ab..3d3ef02e8c5 100644 --- a/packages/juniper_srx/data_stream/log/fields/agent.yml +++ b/packages/juniper_srx/data_stream/log/fields/agent.yml @@ -5,83 +5,9 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - name: image.id type: keyword description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 @@ -90,95 +16,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' - name: containerized type: boolean description: > diff --git a/packages/juniper_srx/data_stream/log/fields/base-fields.yml b/packages/juniper_srx/data_stream/log/fields/base-fields.yml index 5b1dbba23c1..5d7fc0ea18a 100644 --- a/packages/juniper_srx/data_stream/log/fields/base-fields.yml +++ b/packages/juniper_srx/data_stream/log/fields/base-fields.yml @@ -15,6 +15,3 @@ type: constant_keyword description: Event dataset value: juniper_srx.log -- name: '@timestamp' - type: date - description: Event timestamp. diff --git a/packages/juniper_srx/docs/README.md b/packages/juniper_srx/docs/README.md index cd744d74530..685b9788488 100644 --- a/packages/juniper_srx/docs/README.md +++ b/packages/juniper_srx/docs/README.md @@ -43,7 +43,7 @@ The following processes and tags are supported: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | agent.build.original | Extended build information for the agent. This field is intended to contain any build information that a data source may provide, no specific formatting is required. | keyword | | agent.ephemeral_id | Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not. | keyword | | agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | @@ -97,7 +97,7 @@ The following processes and tags are supported: | cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | | cloud.project.name | The cloud project name. Examples: Google Cloud Project name, Azure Project name. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | code_signature.exists | Boolean to capture if a signature is present. | boolean | | code_signature.status | Additional information about the certificate status. This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. | keyword | | code_signature.subject_name | Subject name of the code signer | keyword | @@ -315,7 +315,7 @@ The following processes and tags are supported: | host.os.full.text | Multi-field of `host.os.full`. | match_only_text | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | text | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | diff --git a/packages/juniper_srx/manifest.yml b/packages/juniper_srx/manifest.yml index f191409b24e..e92c8a32d96 100644 --- a/packages/juniper_srx/manifest.yml +++ b/packages/juniper_srx/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_srx title: Juniper SRX -version: 1.3.0 +version: 1.3.1 description: Collect logs from Juniper SRX devices with Elastic Agent. categories: ["network", "security"] release: ga diff --git a/packages/kibana/changelog.yml b/packages/kibana/changelog.yml index e56de683304..5d3f21799c3 100644 --- a/packages/kibana/changelog.yml +++ b/packages/kibana/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.5" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.4" changes: - description: Add link to Kibana documentation diff --git a/packages/kibana/data_stream/stats/fields/package-fields.yml b/packages/kibana/data_stream/stats/fields/package-fields.yml index 72c7fcfdc31..e82d2c938ac 100644 --- a/packages/kibana/data_stream/stats/fields/package-fields.yml +++ b/packages/kibana/data_stream/stats/fields/package-fields.yml @@ -49,5 +49,3 @@ - name: response_times.average type: alias path: kibana.stats.response_time.avg.ms -- name: kibana - type: group diff --git a/packages/kibana/data_stream/status/fields/package-fields.yml b/packages/kibana/data_stream/status/fields/package-fields.yml deleted file mode 100644 index da76c81093f..00000000000 --- a/packages/kibana/data_stream/status/fields/package-fields.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: kibana - type: group diff --git a/packages/kibana/manifest.yml b/packages/kibana/manifest.yml index 416540b1522..6a7451a42e7 100644 --- a/packages/kibana/manifest.yml +++ b/packages/kibana/manifest.yml @@ -1,6 +1,6 @@ name: kibana title: Kibana -version: 1.0.4 +version: 1.0.5 release: experimental description: Collect logs and metrics from Kibana with Elastic Agent. type: integration diff --git a/packages/kubernetes/changelog.yml b/packages/kubernetes/changelog.yml index 613c78671e3..68b3c252eae 100644 --- a/packages/kubernetes/changelog.yml +++ b/packages/kubernetes/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.19.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.19.1" changes: - description: Add documentation for volume field diff --git a/packages/kubernetes/data_stream/pod/fields/fields.yml b/packages/kubernetes/data_stream/pod/fields/fields.yml index 3f18b91dffe..e10c881e106 100644 --- a/packages/kubernetes/data_stream/pod/fields/fields.yml +++ b/packages/kubernetes/data_stream/pod/fields/fields.yml @@ -139,6 +139,3 @@ metric_type: counter description: | Total major page faults - - name: ip - type: ip - description: Kubernetes pod IP diff --git a/packages/kubernetes/data_stream/state_job/fields/fields.yml b/packages/kubernetes/data_stream/state_job/fields/fields.yml index dd96148faec..5c9c47cdf2b 100644 --- a/packages/kubernetes/data_stream/state_job/fields/fields.yml +++ b/packages/kubernetes/data_stream/state_job/fields/fields.yml @@ -1,12 +1,6 @@ - name: kubernetes.job type: group fields: - - name: name - dimension: true - type: keyword - description: > - The name of the job resource - - name: pods type: group description: > diff --git a/packages/kubernetes/data_stream/state_pod/fields/fields.yml b/packages/kubernetes/data_stream/state_pod/fields/fields.yml index 67d4cb4b223..f541d55d39a 100644 --- a/packages/kubernetes/data_stream/state_pod/fields/fields.yml +++ b/packages/kubernetes/data_stream/state_pod/fields/fields.yml @@ -1,10 +1,6 @@ - name: kubernetes.pod type: group fields: - - name: ip - type: ip - description: | - Kubernetes pod IP - name: host_ip type: ip description: | diff --git a/packages/kubernetes/manifest.yml b/packages/kubernetes/manifest.yml index 3b45c6ce5e7..8b1de9d58da 100644 --- a/packages/kubernetes/manifest.yml +++ b/packages/kubernetes/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: kubernetes title: Kubernetes -version: 1.19.1 +version: 1.19.2 license: basic description: Collect logs and metrics from Kubernetes clusters with Elastic Agent. type: integration diff --git a/packages/linux/changelog.yml b/packages/linux/changelog.yml index 153c75c4224..bfc4b91d52b 100644 --- a/packages/linux/changelog.yml +++ b/packages/linux/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.6.7" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.6.6" changes: - description: Fix mapping in vmstat memory diff --git a/packages/linux/data_stream/service/fields/agent.yml b/packages/linux/data_stream/service/fields/agent.yml index da4e652c53b..dabba6195b1 100644 --- a/packages/linux/data_stream/service/fields/agent.yml +++ b/packages/linux/data_stream/service/fields/agent.yml @@ -90,12 +90,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - name: domain level: extended type: keyword @@ -121,64 +115,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' - name: containerized type: boolean description: > diff --git a/packages/linux/manifest.yml b/packages/linux/manifest.yml index 9e72a0c80fc..cbc0581eabf 100644 --- a/packages/linux/manifest.yml +++ b/packages/linux/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: linux title: Linux Metrics -version: 0.6.6 +version: 0.6.7 license: basic description: Collect metrics from Linux servers with Elastic Agent. type: integration diff --git a/packages/logstash/changelog.yml b/packages/logstash/changelog.yml index b129bde28fb..96876e59be7 100644 --- a/packages/logstash/changelog.yml +++ b/packages/logstash/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.1.0" changes: - description: Make experimental package stop breaking stack version ^8.0.0 by fixing compatible version range diff --git a/packages/logstash/data_stream/node/fields/package-fields.yml b/packages/logstash/data_stream/node/fields/package-fields.yml index fdb0b7a24d4..05abe1ccb4c 100644 --- a/packages/logstash/data_stream/node/fields/package-fields.yml +++ b/packages/logstash/data_stream/node/fields/package-fields.yml @@ -90,5 +90,3 @@ - name: pipeline.hash type: alias path: logstash.node.state.pipeline.hash -- name: logstash - type: group diff --git a/packages/logstash/data_stream/node_stats/fields/package-fields.yml b/packages/logstash/data_stream/node_stats/fields/package-fields.yml index fdb0b7a24d4..05abe1ccb4c 100644 --- a/packages/logstash/data_stream/node_stats/fields/package-fields.yml +++ b/packages/logstash/data_stream/node_stats/fields/package-fields.yml @@ -90,5 +90,3 @@ - name: pipeline.hash type: alias path: logstash.node.state.pipeline.hash -- name: logstash - type: group diff --git a/packages/logstash/manifest.yml b/packages/logstash/manifest.yml index cdf625b2760..a78d844dbd1 100644 --- a/packages/logstash/manifest.yml +++ b/packages/logstash/manifest.yml @@ -1,6 +1,6 @@ name: logstash title: Logstash -version: 1.1.0 +version: 1.1.1 release: experimental description: Collect logs and metrics from Logstash with Elastic Agent. type: integration diff --git a/packages/m365_defender/changelog.yml b/packages/m365_defender/changelog.yml index 9f8bcc0fd6d..6611678bcbb 100644 --- a/packages/m365_defender/changelog.yml +++ b/packages/m365_defender/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.5" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.4" changes: - description: Update duplication handling to also support Redirect type alerts diff --git a/packages/m365_defender/data_stream/log/fields/ecs.yml b/packages/m365_defender/data_stream/log/fields/ecs.yml index be5c5190a6f..90a15fb258a 100644 --- a/packages/m365_defender/data_stream/log/fields/ecs.yml +++ b/packages/m365_defender/data_stream/log/fields/ecs.yml @@ -56,8 +56,6 @@ name: url.full - external: ecs name: url.domain -- external: ecs - name: url.full - external: ecs name: url.extension - external: ecs diff --git a/packages/m365_defender/manifest.yml b/packages/m365_defender/manifest.yml index af9523bc4c4..308bac6bf30 100644 --- a/packages/m365_defender/manifest.yml +++ b/packages/m365_defender/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: m365_defender title: M365 Defender Logs -version: 1.0.4 +version: 1.0.5 description: Collect logs from M365 Defender API with Elastic Agent. categories: - "network" diff --git a/packages/microsoft/changelog.yml b/packages/microsoft/changelog.yml index a3f35e968a2..9f21ef73eff 100644 --- a/packages/microsoft/changelog.yml +++ b/packages/microsoft/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.2.1" changes: - description: Add documentation for multi-fields diff --git a/packages/microsoft/data_stream/defender_atp/fields/agent.yml b/packages/microsoft/data_stream/defender_atp/fields/agent.yml index e313ec82874..ee2550ac82e 100644 --- a/packages/microsoft/data_stream/defender_atp/fields/agent.yml +++ b/packages/microsoft/data_stream/defender_atp/fields/agent.yml @@ -54,34 +54,6 @@ - name: image.id type: keyword description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/microsoft/data_stream/dhcp/fields/agent.yml b/packages/microsoft/data_stream/dhcp/fields/agent.yml index da4e652c53b..38bb8dcec56 100644 --- a/packages/microsoft/data_stream/dhcp/fields/agent.yml +++ b/packages/microsoft/data_stream/dhcp/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +114,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/microsoft/data_stream/dhcp/fields/base-fields.yml b/packages/microsoft/data_stream/dhcp/fields/base-fields.yml index cd35075f6e4..5eb984d0e1a 100644 --- a/packages/microsoft/data_stream/dhcp/fields/base-fields.yml +++ b/packages/microsoft/data_stream/dhcp/fields/base-fields.yml @@ -15,13 +15,6 @@ type: constant_keyword description: Event dataset value: microsoft.dhcp -- name: '@timestamp' - type: date - description: Event timestamp. -- name: container.id - description: Unique container id. - ignore_above: 1024 - type: keyword - name: input.type description: Type of Filebeat input. type: keyword @@ -39,8 +32,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/microsoft/manifest.yml b/packages/microsoft/manifest.yml index 54af6e2c478..1250b906477 100644 --- a/packages/microsoft/manifest.yml +++ b/packages/microsoft/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft title: Microsoft -version: 1.2.1 +version: 1.2.2 description: Deprecated. Use a specific Microsoft package instead. categories: - "network" diff --git a/packages/microsoft_defender_endpoint/changelog.yml b/packages/microsoft_defender_endpoint/changelog.yml index 37ca39fa024..cfbf60e450f 100644 --- a/packages/microsoft_defender_endpoint/changelog.yml +++ b/packages/microsoft_defender_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "2.2.0" changes: - description: Update to ECS 8.2 diff --git a/packages/microsoft_defender_endpoint/data_stream/log/fields/agent.yml b/packages/microsoft_defender_endpoint/data_stream/log/fields/agent.yml index e313ec82874..ee2550ac82e 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/fields/agent.yml +++ b/packages/microsoft_defender_endpoint/data_stream/log/fields/agent.yml @@ -54,34 +54,6 @@ - name: image.id type: keyword description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 diff --git a/packages/microsoft_defender_endpoint/manifest.yml b/packages/microsoft_defender_endpoint/manifest.yml index 6c6cdbf891f..7613fb46282 100644 --- a/packages/microsoft_defender_endpoint/manifest.yml +++ b/packages/microsoft_defender_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_defender_endpoint title: Microsoft Defender for Endpoint -version: 2.2.0 +version: 2.2.1 description: Collect logs from Microsoft Defender for Endpoint with Elastic Agent. categories: - "network" diff --git a/packages/mimecast/changelog.yml b/packages/mimecast/changelog.yml index 4b785f46f91..b09fed55eb1 100644 --- a/packages/mimecast/changelog.yml +++ b/packages/mimecast/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.0.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.0" changes: - description: Make ga with zip support for SIEM events. diff --git a/packages/mimecast/data_stream/siem_logs/fields/ecs.yml b/packages/mimecast/data_stream/siem_logs/fields/ecs.yml index 31577dc1b52..863be6474cd 100644 --- a/packages/mimecast/data_stream/siem_logs/fields/ecs.yml +++ b/packages/mimecast/data_stream/siem_logs/fields/ecs.yml @@ -12,8 +12,6 @@ name: email.attachments.file.mime_type - external: ecs name: email.attachments.file.name -- external: ecs - name: email.attachments.file.name - external: ecs name: email.attachments.file.size - external: ecs @@ -36,8 +34,6 @@ name: error.type - external: ecs name: event.action -- external: ecs - name: event.action - external: ecs name: event.created - external: ecs diff --git a/packages/mimecast/data_stream/ttp_ap_logs/fields/ecs.yml b/packages/mimecast/data_stream/ttp_ap_logs/fields/ecs.yml index 8c473b28e22..d942cd864e0 100644 --- a/packages/mimecast/data_stream/ttp_ap_logs/fields/ecs.yml +++ b/packages/mimecast/data_stream/ttp_ap_logs/fields/ecs.yml @@ -6,8 +6,6 @@ name: email.attachments.file.hash.sha256 - external: ecs name: email.attachments.file.mime_type -- external: ecs - name: email.attachments.file.mime_type - external: ecs name: email.attachments.file.name - external: ecs @@ -22,8 +20,6 @@ name: email.to.address - external: ecs name: event.action -- external: ecs - name: event.action - external: ecs name: event.created - external: ecs diff --git a/packages/mimecast/data_stream/ttp_ip_logs/fields/ecs.yml b/packages/mimecast/data_stream/ttp_ip_logs/fields/ecs.yml index 9a1770633fc..ae101f9d829 100644 --- a/packages/mimecast/data_stream/ttp_ip_logs/fields/ecs.yml +++ b/packages/mimecast/data_stream/ttp_ip_logs/fields/ecs.yml @@ -10,8 +10,6 @@ name: email.to.address - external: ecs name: event.action -- external: ecs - name: event.action - external: ecs name: event.created - external: ecs diff --git a/packages/mimecast/data_stream/ttp_url_logs/fields/ecs.yml b/packages/mimecast/data_stream/ttp_url_logs/fields/ecs.yml index 622f81b6fc7..faf406570c5 100644 --- a/packages/mimecast/data_stream/ttp_url_logs/fields/ecs.yml +++ b/packages/mimecast/data_stream/ttp_url_logs/fields/ecs.yml @@ -12,8 +12,6 @@ name: email.to.address - external: ecs name: event.action -- external: ecs - name: event.action - external: ecs name: event.created - external: ecs diff --git a/packages/mimecast/manifest.yml b/packages/mimecast/manifest.yml index 8cce9b1e1e0..a367adfc31e 100644 --- a/packages/mimecast/manifest.yml +++ b/packages/mimecast/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: mimecast title: "Mimecast" -version: 1.0.0 +version: 1.0.1 license: basic description: "Collect logs from the Mimecast API with Elastic Agent." type: integration diff --git a/packages/modsecurity/changelog.yml b/packages/modsecurity/changelog.yml index 1873cac5797..a86cdce6de1 100644 --- a/packages/modsecurity/changelog.yml +++ b/packages/modsecurity/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/modsecurity/data_stream/auditlog/fields/agent.yml b/packages/modsecurity/data_stream/auditlog/fields/agent.yml index e313ec82874..3c8ad89f032 100644 --- a/packages/modsecurity/data_stream/auditlog/fields/agent.yml +++ b/packages/modsecurity/data_stream/auditlog/fields/agent.yml @@ -121,10 +121,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/modsecurity/manifest.yml b/packages/modsecurity/manifest.yml index efe0c508988..e2268375502 100644 --- a/packages/modsecurity/manifest.yml +++ b/packages/modsecurity/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: modsecurity title: "ModSecurity Audit" -version: 1.0.0 +version: 1.0.1 license: basic description: "ModSecurity Audit Log Integration" type: integration diff --git a/packages/mongodb/changelog.yml b/packages/mongodb/changelog.yml index a8f17ebdebf..b98712d8137 100644 --- a/packages/mongodb/changelog.yml +++ b/packages/mongodb/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.3" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.3.2" changes: - description: Add documentation for multi-fields diff --git a/packages/mongodb/data_stream/collstats/fields/base-fields.yml b/packages/mongodb/data_stream/collstats/fields/base-fields.yml index 20a5c443b50..14cf6ae2090 100644 --- a/packages/mongodb/data_stream/collstats/fields/base-fields.yml +++ b/packages/mongodb/data_stream/collstats/fields/base-fields.yml @@ -18,6 +18,3 @@ - name: '@timestamp' type: date description: Event timestamp. -- name: service.address - type: keyword - description: Address of the machine where the service is running. diff --git a/packages/mongodb/data_stream/dbstats/fields/base-fields.yml b/packages/mongodb/data_stream/dbstats/fields/base-fields.yml index c10e432de6b..f6348f95f7a 100644 --- a/packages/mongodb/data_stream/dbstats/fields/base-fields.yml +++ b/packages/mongodb/data_stream/dbstats/fields/base-fields.yml @@ -18,6 +18,3 @@ - name: '@timestamp' type: date description: Event timestamp. -- name: service.address - type: keyword - description: Address of the machine where the service is running. diff --git a/packages/mongodb/data_stream/metrics/fields/base-fields.yml b/packages/mongodb/data_stream/metrics/fields/base-fields.yml index b7da7cc1960..e43aa3d82c5 100644 --- a/packages/mongodb/data_stream/metrics/fields/base-fields.yml +++ b/packages/mongodb/data_stream/metrics/fields/base-fields.yml @@ -18,6 +18,3 @@ - name: '@timestamp' type: date description: Event timestamp. -- name: service.address - type: keyword - description: Address of the machine where the service is running. diff --git a/packages/mongodb/data_stream/replstatus/fields/base-fields.yml b/packages/mongodb/data_stream/replstatus/fields/base-fields.yml index c3ee6a0e1ee..570a470e320 100644 --- a/packages/mongodb/data_stream/replstatus/fields/base-fields.yml +++ b/packages/mongodb/data_stream/replstatus/fields/base-fields.yml @@ -18,6 +18,3 @@ - name: '@timestamp' type: date description: Event timestamp. -- name: service.address - type: keyword - description: Address of the machine where the service is running. diff --git a/packages/mongodb/docs/README.md b/packages/mongodb/docs/README.md index f76e221f0eb..88193362b07 100644 --- a/packages/mongodb/docs/README.md +++ b/packages/mongodb/docs/README.md @@ -988,7 +988,7 @@ The fields reported are: | mongodb.replstatus.optimes.last_committed | Information, from the viewpoint of this member, regarding the most recent operation that has been written to a majority of replica set members. | long | | mongodb.replstatus.server_date | Reflects the current time according to the server that processed the replSetGetStatus command. | date | | mongodb.replstatus.set_name | The name of the replica set. | keyword | -| service.address | Address of the machine where the service is running. | keyword | +| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | diff --git a/packages/mongodb/manifest.yml b/packages/mongodb/manifest.yml index 581eb1fd769..b6fd2d10e16 100644 --- a/packages/mongodb/manifest.yml +++ b/packages/mongodb/manifest.yml @@ -1,6 +1,6 @@ name: mongodb title: MongoDB -version: 1.3.2 +version: 1.3.3 description: Collect logs and metrics from MongoDB instances with Elastic Agent. type: integration categories: diff --git a/packages/mysql/changelog.yml b/packages/mysql/changelog.yml index fc6a32a0e03..a6cdf0f83e2 100644 --- a/packages/mysql/changelog.yml +++ b/packages/mysql/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.3.1" changes: - description: Add documentation for multi-fields diff --git a/packages/mysql/data_stream/error/fields/fields.yml b/packages/mysql/data_stream/error/fields/fields.yml index 6f5883d4d12..33f95664d61 100644 --- a/packages/mysql/data_stream/error/fields/fields.yml +++ b/packages/mysql/data_stream/error/fields/fields.yml @@ -1,5 +1,3 @@ -- name: mysql.error - type: group - name: event.code type: keyword description: Identification code for this event diff --git a/packages/mysql/manifest.yml b/packages/mysql/manifest.yml index f552761ff7e..074a4070adc 100644 --- a/packages/mysql/manifest.yml +++ b/packages/mysql/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: mysql title: MySQL -version: 1.3.1 +version: 1.3.2 license: basic description: Collect logs and metrics from MySQL servers with Elastic Agent. type: integration diff --git a/packages/netflow/changelog.yml b/packages/netflow/changelog.yml index b521cdc808d..505ac4ab851 100644 --- a/packages/netflow/changelog.yml +++ b/packages/netflow/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.0.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "2.0.1" changes: - description: Fix invalid value in sample event diff --git a/packages/netflow/data_stream/log/fields/agent.yml b/packages/netflow/data_stream/log/fields/agent.yml index da4e652c53b..7829f106b67 100644 --- a/packages/netflow/data_stream/log/fields/agent.yml +++ b/packages/netflow/data_stream/log/fields/agent.yml @@ -5,83 +5,12 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. - name: image.id type: keyword description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. - name: host title: Host group: 2 @@ -90,12 +19,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - name: domain level: extended type: keyword @@ -105,80 +28,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' - name: containerized type: boolean description: > diff --git a/packages/netflow/data_stream/log/fields/base-fields.yml b/packages/netflow/data_stream/log/fields/base-fields.yml index 12d5ac2a456..008a46bbbb1 100644 --- a/packages/netflow/data_stream/log/fields/base-fields.yml +++ b/packages/netflow/data_stream/log/fields/base-fields.yml @@ -15,6 +15,3 @@ type: constant_keyword description: Event dataset value: netflow.log -- name: '@timestamp' - type: date - description: Event timestamp. diff --git a/packages/netflow/docs/README.md b/packages/netflow/docs/README.md index 57624813693..fccb3cf0bd7 100644 --- a/packages/netflow/docs/README.md +++ b/packages/netflow/docs/README.md @@ -20,7 +20,7 @@ The `log` dataset collects netflow logs. | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | agent.ephemeral_id | Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not. | keyword | | agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | agent.name | Custom name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty. | keyword | @@ -70,7 +70,7 @@ The `log` dataset collects netflow logs. | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.image.tag | Container image tags. | keyword | @@ -216,7 +216,7 @@ The `log` dataset collects netflow logs. | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | -| host.mac | Host mac addresses. | keyword | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | @@ -225,7 +225,7 @@ The `log` dataset collects netflow logs. | host.os.full.text | Multi-field of `host.os.full`. | match_only_text | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | text | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | diff --git a/packages/netflow/manifest.yml b/packages/netflow/manifest.yml index 092fa3f54e4..839d0b0457d 100644 --- a/packages/netflow/manifest.yml +++ b/packages/netflow/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netflow title: NetFlow Records -version: 2.0.1 +version: 2.0.2 license: basic description: Collect flow records from NetFlow and IPFIX exporters with Elastic Agent. type: integration diff --git a/packages/netscout/changelog.yml b/packages/netscout/changelog.yml index ee67a524187..f2c512d09c8 100644 --- a/packages/netscout/changelog.yml +++ b/packages/netscout/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/netscout/data_stream/sightline/fields/base-fields.yml b/packages/netscout/data_stream/sightline/fields/base-fields.yml index 32ac5000dd4..4e3ab698685 100644 --- a/packages/netscout/data_stream/sightline/fields/base-fields.yml +++ b/packages/netscout/data_stream/sightline/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: netscout.sightline -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/netscout/manifest.yml b/packages/netscout/manifest.yml index 48e6adf6e22..88898e93e3c 100644 --- a/packages/netscout/manifest.yml +++ b/packages/netscout/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netscout title: Arbor Peakflow SP Logs -version: 0.8.0 +version: 0.8.1 description: Collect and parse logs from Netscout Arbor Peakflow SP with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/netskope/changelog.yml b/packages/netskope/changelog.yml index ea7a8ffeeef..f743c512a19 100644 --- a/packages/netskope/changelog.yml +++ b/packages/netskope/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/netskope/data_stream/alerts/fields/agent.yml b/packages/netskope/data_stream/alerts/fields/agent.yml index e313ec82874..56de8d91448 100644 --- a/packages/netskope/data_stream/alerts/fields/agent.yml +++ b/packages/netskope/data_stream/alerts/fields/agent.yml @@ -5,14 +5,6 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - name: availability_zone level: extended type: keyword @@ -105,13 +97,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -149,17 +134,6 @@ ignore_above: 1024 description: Operating system kernel version as a raw string. example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - name: os.platform level: extended type: keyword diff --git a/packages/netskope/data_stream/alerts/fields/ecs.yml b/packages/netskope/data_stream/alerts/fields/ecs.yml index fd79c8e0e94..eb88b129f66 100644 --- a/packages/netskope/data_stream/alerts/fields/ecs.yml +++ b/packages/netskope/data_stream/alerts/fields/ecs.yml @@ -33,8 +33,6 @@ name: destination.geo.region_name - external: ecs name: destination.geo.timezone -- external: ecs - name: destination.ip - external: ecs name: destination.port - external: ecs @@ -86,8 +84,6 @@ name: source.geo.region_name - external: ecs name: source.geo.timezone -- external: ecs - name: source.ip - external: ecs name: source.port - external: ecs diff --git a/packages/netskope/data_stream/events/fields/agent.yml b/packages/netskope/data_stream/events/fields/agent.yml index e313ec82874..74d8fc01ac0 100644 --- a/packages/netskope/data_stream/events/fields/agent.yml +++ b/packages/netskope/data_stream/events/fields/agent.yml @@ -42,12 +42,6 @@ ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -105,13 +99,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword diff --git a/packages/netskope/data_stream/events/fields/ecs.yml b/packages/netskope/data_stream/events/fields/ecs.yml index 74357380c59..a3cd1f44581 100644 --- a/packages/netskope/data_stream/events/fields/ecs.yml +++ b/packages/netskope/data_stream/events/fields/ecs.yml @@ -4,16 +4,12 @@ name: client.bytes - external: ecs name: client.nat.ip -- external: ecs - name: client.packets - external: ecs name: cloud.account.name - external: ecs name: cloud.region - external: ecs name: cloud.service.name -- external: ecs - name: client.bytes - external: ecs name: destination.address - external: ecs diff --git a/packages/netskope/data_stream/events/fields/fields.yml b/packages/netskope/data_stream/events/fields/fields.yml index e5521ff3c57..89cb9dbdd10 100644 --- a/packages/netskope/data_stream/events/fields/fields.yml +++ b/packages/netskope/data_stream/events/fields/fields.yml @@ -1132,10 +1132,6 @@ type: keyword description: | N/A - - name: url - type: flattened - description: | - URL of the application that the user visited as provided by the log or data plane traffic. - name: url_to_activity type: keyword description: | diff --git a/packages/netskope/docs/README.md b/packages/netskope/docs/README.md index 7e045449c3a..2525c880149 100644 --- a/packages/netskope/docs/README.md +++ b/packages/netskope/docs/README.md @@ -2499,7 +2499,7 @@ An example event for `alerts` looks as following: | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | cloud.service.name | The cloud service name is intended to distinguish services running on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App Engine, Azure VM vs App Server. Examples: app engine, app service, cloud run, fargate, lambda. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | diff --git a/packages/netskope/manifest.yml b/packages/netskope/manifest.yml index 1bab472bb70..8804b80b62b 100644 --- a/packages/netskope/manifest.yml +++ b/packages/netskope/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: netskope title: "Netskope" -version: 1.0.0 +version: 1.0.1 license: basic description: Collect logs from Netskope with Elastic Agent. type: integration diff --git a/packages/nginx/changelog.yml b/packages/nginx/changelog.yml index 214c19b6607..e6fd1e545ba 100644 --- a/packages/nginx/changelog.yml +++ b/packages/nginx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.4.0" changes: - description: Migration of tile map to map object in dashboards diff --git a/packages/nginx/data_stream/access/fields/agent.yml b/packages/nginx/data_stream/access/fields/agent.yml index e313ec82874..3c8ad89f032 100644 --- a/packages/nginx/data_stream/access/fields/agent.yml +++ b/packages/nginx/data_stream/access/fields/agent.yml @@ -121,10 +121,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/nginx/data_stream/access/fields/fields.yml b/packages/nginx/data_stream/access/fields/fields.yml index 2a7290273e0..92fff330148 100644 --- a/packages/nginx/data_stream/access/fields/fields.yml +++ b/packages/nginx/data_stream/access/fields/fields.yml @@ -5,8 +5,6 @@ type: array description: | An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. Real source IP is restored to `source.ip`. - - name: geoip - type: group - name: event.created type: date description: Date/time when the event was first read by an agent, or by your pipeline. diff --git a/packages/nginx/data_stream/error/fields/agent.yml b/packages/nginx/data_stream/error/fields/agent.yml index e313ec82874..3c8ad89f032 100644 --- a/packages/nginx/data_stream/error/fields/agent.yml +++ b/packages/nginx/data_stream/error/fields/agent.yml @@ -121,10 +121,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/nginx/data_stream/stubstatus/fields/agent.yml b/packages/nginx/data_stream/stubstatus/fields/agent.yml index da4e652c53b..cf8456f8583 100644 --- a/packages/nginx/data_stream/stubstatus/fields/agent.yml +++ b/packages/nginx/data_stream/stubstatus/fields/agent.yml @@ -121,10 +121,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/nginx/manifest.yml b/packages/nginx/manifest.yml index 122834de562..ca01603cf30 100644 --- a/packages/nginx/manifest.yml +++ b/packages/nginx/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: nginx title: Nginx -version: 1.4.0 +version: 1.4.1 license: basic description: Collect logs and metrics from Nginx HTTP servers with Elastic Agent. type: integration diff --git a/packages/nginx_ingress_controller/changelog.yml b/packages/nginx_ingress_controller/changelog.yml index 3e1380e655b..b1eaf8333dc 100644 --- a/packages/nginx_ingress_controller/changelog.yml +++ b/packages/nginx_ingress_controller/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.4.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.4.0" changes: - description: Migration of tile map to map object in dashboards diff --git a/packages/nginx_ingress_controller/data_stream/access/fields/agent.yml b/packages/nginx_ingress_controller/data_stream/access/fields/agent.yml index e313ec82874..3c8ad89f032 100644 --- a/packages/nginx_ingress_controller/data_stream/access/fields/agent.yml +++ b/packages/nginx_ingress_controller/data_stream/access/fields/agent.yml @@ -121,10 +121,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/nginx_ingress_controller/data_stream/access/fields/fields.yml b/packages/nginx_ingress_controller/data_stream/access/fields/fields.yml index 6bd08859f44..c85d01365cc 100644 --- a/packages/nginx_ingress_controller/data_stream/access/fields/fields.yml +++ b/packages/nginx_ingress_controller/data_stream/access/fields/fields.yml @@ -49,8 +49,6 @@ type: keyword description: | The port of the upstream server. - - name: geoip - type: group - name: event.created type: date description: Date/time when the event was first read by an agent, or by your pipeline. diff --git a/packages/nginx_ingress_controller/manifest.yml b/packages/nginx_ingress_controller/manifest.yml index f82de8d432b..e85e78fc0b0 100644 --- a/packages/nginx_ingress_controller/manifest.yml +++ b/packages/nginx_ingress_controller/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: nginx_ingress_controller title: Nginx Ingress Controller Logs -version: 1.4.0 +version: 1.4.1 license: basic description: Collect and parse logs from Nginx Ingress Controller instances with Elastic Agent. type: integration diff --git a/packages/o365/changelog.yml b/packages/o365/changelog.yml index ea174eb581a..0d51d2592d6 100644 --- a/packages/o365/changelog.yml +++ b/packages/o365/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.5.1" changes: - description: Fix processing of ModifiedProperties when it is a list of strings diff --git a/packages/o365/data_stream/audit/fields/agent.yml b/packages/o365/data_stream/audit/fields/agent.yml index da4e652c53b..40b6d6a32a2 100644 --- a/packages/o365/data_stream/audit/fields/agent.yml +++ b/packages/o365/data_stream/audit/fields/agent.yml @@ -62,11 +62,6 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -112,15 +107,6 @@ description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - name: ip level: core type: ip @@ -130,13 +116,6 @@ type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/o365/manifest.yml b/packages/o365/manifest.yml index ccb1b423ba1..75ea4a8f854 100644 --- a/packages/o365/manifest.yml +++ b/packages/o365/manifest.yml @@ -1,6 +1,6 @@ name: o365 title: Office 365 Logs -version: 1.5.1 +version: 1.5.2 release: ga description: Collect and parse event logs from Office 365 with Elastic Agent. type: integration diff --git a/packages/okta/changelog.yml b/packages/okta/changelog.yml index a47019c5ec1..5547a323427 100644 --- a/packages/okta/changelog.yml +++ b/packages/okta/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.7.0" changes: - description: Add flattened `okta.request.ip_chain.*` fields diff --git a/packages/okta/data_stream/system/fields/agent.yml b/packages/okta/data_stream/system/fields/agent.yml index da4e652c53b..9dfc8d1aebc 100644 --- a/packages/okta/data_stream/system/fields/agent.yml +++ b/packages/okta/data_stream/system/fields/agent.yml @@ -62,11 +62,6 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword diff --git a/packages/okta/manifest.yml b/packages/okta/manifest.yml index 90fa9e27612..ed4a63a0fdd 100644 --- a/packages/okta/manifest.yml +++ b/packages/okta/manifest.yml @@ -1,6 +1,6 @@ name: okta title: Okta Logs -version: 1.7.0 +version: 1.7.1 release: ga description: Collect and parse event logs from Okta API with Elastic Agent. type: integration diff --git a/packages/panw/changelog.yml b/packages/panw/changelog.yml index e8cc6db8f7b..4a33b74bd7e 100644 --- a/packages/panw/changelog.yml +++ b/packages/panw/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.3" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "2.2.2" changes: - description: Fix mapping for zone breakout diff --git a/packages/panw/data_stream/panos/fields/agent.yml b/packages/panw/data_stream/panos/fields/agent.yml index 79a7a39864b..c73d2525553 100644 --- a/packages/panw/data_stream/panos/fields/agent.yml +++ b/packages/panw/data_stream/panos/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword diff --git a/packages/panw/data_stream/panos/fields/ecs.yml b/packages/panw/data_stream/panos/fields/ecs.yml index 16126fc7a6a..01c27725b4e 100644 --- a/packages/panw/data_stream/panos/fields/ecs.yml +++ b/packages/panw/data_stream/panos/fields/ecs.yml @@ -84,8 +84,6 @@ name: file.type - external: ecs name: labels -- external: ecs - name: labels - external: ecs name: log.level - external: ecs diff --git a/packages/panw/manifest.yml b/packages/panw/manifest.yml index 249116c4fd8..1449ce60162 100644 --- a/packages/panw/manifest.yml +++ b/packages/panw/manifest.yml @@ -1,6 +1,6 @@ name: panw title: Palo Alto Networks Logs -version: 2.2.2 +version: 2.2.3 release: ga description: Collect PAN-OS firewall monitoring logs from Palo Alto Networks devices with Elastic Agent. type: integration diff --git a/packages/panw_cortex_xdr/changelog.yml b/packages/panw_cortex_xdr/changelog.yml index 8c70991118a..17bdc49ec51 100644 --- a/packages/panw_cortex_xdr/changelog.yml +++ b/packages/panw_cortex_xdr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.2.0" changes: - description: Update to ECS 8.2 to use new email field set. diff --git a/packages/panw_cortex_xdr/data_stream/alerts/fields/agent.yml b/packages/panw_cortex_xdr/data_stream/alerts/fields/agent.yml index da4e652c53b..93798337211 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/fields/agent.yml +++ b/packages/panw_cortex_xdr/data_stream/alerts/fields/agent.yml @@ -96,40 +96,6 @@ ignore_above: 1024 description: Operating system architecture. example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - name: name level: core type: keyword @@ -166,12 +132,6 @@ ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - name: type level: core type: keyword diff --git a/packages/panw_cortex_xdr/docs/README.md b/packages/panw_cortex_xdr/docs/README.md index e3584237329..cb094bee06a 100644 --- a/packages/panw_cortex_xdr/docs/README.md +++ b/packages/panw_cortex_xdr/docs/README.md @@ -189,7 +189,7 @@ An example event for `alerts` looks as following: | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | -| host.mac | Host mac addresses. | keyword | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | diff --git a/packages/panw_cortex_xdr/manifest.yml b/packages/panw_cortex_xdr/manifest.yml index 9bf158448b7..a1ea8e995d5 100644 --- a/packages/panw_cortex_xdr/manifest.yml +++ b/packages/panw_cortex_xdr/manifest.yml @@ -1,6 +1,6 @@ name: panw_cortex_xdr title: Palo Alto Cortex XDR Logs -version: 1.2.0 +version: 1.2.1 release: ga description: Collect and parse logs from Palo Alto Cortex XDR API with Elastic Agent. type: integration diff --git a/packages/pfsense/changelog.yml b/packages/pfsense/changelog.yml index a82207b850e..caa8b8652da 100644 --- a/packages/pfsense/changelog.yml +++ b/packages/pfsense/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.1" changes: - description: Format client.mac as per ECS. diff --git a/packages/pfsense/data_stream/log/fields/fields.yml b/packages/pfsense/data_stream/log/fields/fields.yml index 7a350eba173..dc5a1fed682 100644 --- a/packages/pfsense/data_stream/log/fields/fields.yml +++ b/packages/pfsense/data_stream/log/fields/fields.yml @@ -198,12 +198,6 @@ - name: retries type: long description: Number of connection retries experienced by this session when trying to connect to the server. - - name: client - type: group - - name: destination - type: group - - name: geoip - type: group - name: haproxy.http type: group fields: diff --git a/packages/pfsense/manifest.yml b/packages/pfsense/manifest.yml index 69b14b9e330..f738f802565 100644 --- a/packages/pfsense/manifest.yml +++ b/packages/pfsense/manifest.yml @@ -1,6 +1,6 @@ name: pfsense title: pfSense Logs -version: "1.0.1" +version: "1.0.2" release: ga description: Collect and parse logs from pfSense and OPNsense devices with Elastic Agent. type: integration diff --git a/packages/postgresql/changelog.yml b/packages/postgresql/changelog.yml index 3bd69bed416..6ea69cfd5ce 100644 --- a/packages/postgresql/changelog.yml +++ b/packages/postgresql/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.3.1" changes: - description: Add documentation for multi-fields diff --git a/packages/postgresql/data_stream/activity/fields/package-fields.yml b/packages/postgresql/data_stream/activity/fields/package-fields.yml deleted file mode 100644 index 7094d614dd0..00000000000 --- a/packages/postgresql/data_stream/activity/fields/package-fields.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: postgresql - type: group diff --git a/packages/postgresql/data_stream/bgwriter/fields/package-fields.yml b/packages/postgresql/data_stream/bgwriter/fields/package-fields.yml deleted file mode 100644 index 7094d614dd0..00000000000 --- a/packages/postgresql/data_stream/bgwriter/fields/package-fields.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: postgresql - type: group diff --git a/packages/postgresql/data_stream/database/fields/package-fields.yml b/packages/postgresql/data_stream/database/fields/package-fields.yml deleted file mode 100644 index 7094d614dd0..00000000000 --- a/packages/postgresql/data_stream/database/fields/package-fields.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: postgresql - type: group diff --git a/packages/postgresql/data_stream/log/fields/fields.yml b/packages/postgresql/data_stream/log/fields/fields.yml index f25e9ba928a..3da3419b123 100644 --- a/packages/postgresql/data_stream/log/fields/fields.yml +++ b/packages/postgresql/data_stream/log/fields/fields.yml @@ -93,12 +93,6 @@ type: keyword description: | Type of backend of this event. Possible types are autovacuum launcher, autovacuum worker, logical replication launcher, logical replication worker, parallel worker, background writer, client backend, checkpointer, startup, walreceiver, walsender and walwriter. In addition, background workers registered by extensions may have additional types. -- name: event.kind - type: keyword - description: Event kind (e.g. event) -- name: event.category - type: keyword - description: Event category (e.g. database) - name: event.code type: keyword description: Identification code for this event diff --git a/packages/postgresql/data_stream/log/fields/package-fields.yml b/packages/postgresql/data_stream/log/fields/package-fields.yml deleted file mode 100644 index 7094d614dd0..00000000000 --- a/packages/postgresql/data_stream/log/fields/package-fields.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: postgresql - type: group diff --git a/packages/postgresql/data_stream/statement/fields/package-fields.yml b/packages/postgresql/data_stream/statement/fields/package-fields.yml deleted file mode 100644 index 7094d614dd0..00000000000 --- a/packages/postgresql/data_stream/statement/fields/package-fields.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: postgresql - type: group diff --git a/packages/postgresql/docs/README.md b/packages/postgresql/docs/README.md index 2f302307e38..f7aa346d54d 100644 --- a/packages/postgresql/docs/README.md +++ b/packages/postgresql/docs/README.md @@ -64,7 +64,7 @@ persistent connections, so enable with care. | error.code | Error code describing the error. | keyword | | error.id | Unique identifier for the error. | keyword | | error.message | Error message. | match_only_text | -| event.category | Event category (e.g. database) | keyword | +| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | | event.code | Identification code for this event | keyword | | event.dataset | Event dataset | constant_keyword | | event.duration | Duration of the event in nanoseconds. If event.start and event.end are known this value should be the difference between the end and start time. | long | diff --git a/packages/postgresql/manifest.yml b/packages/postgresql/manifest.yml index 21d829758e6..513a10619f5 100644 --- a/packages/postgresql/manifest.yml +++ b/packages/postgresql/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: postgresql title: PostgreSQL -version: 1.3.1 +version: 1.3.2 license: basic description: Collect logs and metrics from PostgreSQL servers with Elastic Agent. type: integration diff --git a/packages/proofpoint/changelog.yml b/packages/proofpoint/changelog.yml index 190acf9f69b..e034823b8f2 100644 --- a/packages/proofpoint/changelog.yml +++ b/packages/proofpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.7.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.7.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/proofpoint/data_stream/emailsecurity/fields/base-fields.yml b/packages/proofpoint/data_stream/emailsecurity/fields/base-fields.yml index a8d761fd165..be33504baba 100644 --- a/packages/proofpoint/data_stream/emailsecurity/fields/base-fields.yml +++ b/packages/proofpoint/data_stream/emailsecurity/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: proofpoint.emailsecurity -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/proofpoint/manifest.yml b/packages/proofpoint/manifest.yml index 48391488a56..59367adaf08 100644 --- a/packages/proofpoint/manifest.yml +++ b/packages/proofpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: proofpoint title: Proofpoint Email Security Logs -version: 0.7.0 +version: 0.7.1 description: Collect logs from Proofpoint Email Security devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/pulse_connect_secure/changelog.yml b/packages/pulse_connect_secure/changelog.yml index 08294e1f18d..a3c05ff04d9 100644 --- a/packages/pulse_connect_secure/changelog.yml +++ b/packages/pulse_connect_secure/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/pulse_connect_secure/data_stream/log/fields/ecs.yml b/packages/pulse_connect_secure/data_stream/log/fields/ecs.yml index cd455914c85..199a1b1d4c1 100644 --- a/packages/pulse_connect_secure/data_stream/log/fields/ecs.yml +++ b/packages/pulse_connect_secure/data_stream/log/fields/ecs.yml @@ -84,20 +84,6 @@ name: user_agent.os.version - external: ecs name: source.address -- external: ecs - name: source.as.number -- external: ecs - name: source.as.organization.name -- external: ecs - name: source.geo.continent_name -- external: ecs - name: source.geo.country_iso_code -- external: ecs - name: source.geo.country_name -- description: Longitude and latitude. - level: core - name: source.geo.location - type: geo_point - external: ecs name: source.ip - external: ecs diff --git a/packages/pulse_connect_secure/manifest.yml b/packages/pulse_connect_secure/manifest.yml index 221ee6509d6..a1d00eb1c07 100644 --- a/packages/pulse_connect_secure/manifest.yml +++ b/packages/pulse_connect_secure/manifest.yml @@ -1,6 +1,6 @@ name: pulse_connect_secure title: Pulse Connect Secure -version: 1.0.0 +version: 1.0.1 release: ga description: Collect logs from Pulse Connect Secure with Elastic Agent. type: integration diff --git a/packages/radware/changelog.yml b/packages/radware/changelog.yml index 8bfaf111c92..7fe73e222cc 100644 --- a/packages/radware/changelog.yml +++ b/packages/radware/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.7.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.7.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/radware/data_stream/defensepro/fields/base-fields.yml b/packages/radware/data_stream/defensepro/fields/base-fields.yml index 2070b87dc06..e64eec82c49 100644 --- a/packages/radware/data_stream/defensepro/fields/base-fields.yml +++ b/packages/radware/data_stream/defensepro/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: radware.defensepro -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/radware/manifest.yml b/packages/radware/manifest.yml index df4b23bad95..4ebda644250 100644 --- a/packages/radware/manifest.yml +++ b/packages/radware/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: radware title: Radware DefensePro Logs -version: 0.7.0 +version: 0.7.1 description: Collect defensePro logs from Radware devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/redis/changelog.yml b/packages/redis/changelog.yml index d961f36cb9b..f42981ddb17 100644 --- a/packages/redis/changelog.yml +++ b/packages/redis/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.3.1" changes: - description: Add documentation for multi-fields diff --git a/packages/redis/data_stream/info/fields/fields.yml b/packages/redis/data_stream/info/fields/fields.yml index ffb6963100a..30b8053595e 100644 --- a/packages/redis/data_stream/info/fields/fields.yml +++ b/packages/redis/data_stream/info/fields/fields.yml @@ -448,9 +448,3 @@ type: long description: | Count of slow operations -- name: service.address - type: keyword - description: Client address -- name: service.version - type: keyword - description: Version of the service the data was collected from diff --git a/packages/redis/docs/README.md b/packages/redis/docs/README.md index 32f54e9afb1..1c5229eb2bf 100644 --- a/packages/redis/docs/README.md +++ b/packages/redis/docs/README.md @@ -467,9 +467,9 @@ An example event for `info` looks as following: | redis.info.stats.sync.full | The number of full resyncs with slaves | long | | redis.info.stats.sync.partial.err | The number of denied partial resync requests | long | | redis.info.stats.sync.partial.ok | The number of accepted partial resync requests | long | -| service.address | Client address | keyword | +| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | -| service.version | Version of the service the data was collected from | keyword | +| service.version | Version of the service the data was collected from. This allows to look at a data set only for a specific version of a service. | keyword | ### key diff --git a/packages/redis/manifest.yml b/packages/redis/manifest.yml index 6e10c8446be..1071894da7e 100644 --- a/packages/redis/manifest.yml +++ b/packages/redis/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: redis title: Redis -version: 1.3.1 +version: 1.3.2 license: basic description: Collect logs and metrics from Redis servers with Elastic Agent. type: integration diff --git a/packages/sonicwall/changelog.yml b/packages/sonicwall/changelog.yml index 87dad420e4a..e1e81ef19f6 100644 --- a/packages/sonicwall/changelog.yml +++ b/packages/sonicwall/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.3" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.8.2" changes: - description: Mark package as deprecated. Please migrate to the sonicwall_firewall package. diff --git a/packages/sonicwall/data_stream/firewall/fields/base-fields.yml b/packages/sonicwall/data_stream/firewall/fields/base-fields.yml index a73f5492de5..5134e801922 100644 --- a/packages/sonicwall/data_stream/firewall/fields/base-fields.yml +++ b/packages/sonicwall/data_stream/firewall/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: sonicwall.firewall -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/sonicwall/manifest.yml b/packages/sonicwall/manifest.yml index 262ab60e52a..96c300d86e0 100644 --- a/packages/sonicwall/manifest.yml +++ b/packages/sonicwall/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sonicwall title: Sonicwall-FW Logs -version: "0.8.2" +version: "0.8.3" description: Deprecated. Collect logs from Sonicwall devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/sophos/changelog.yml b/packages/sophos/changelog.yml index 5280809e22f..aadfb21a405 100644 --- a/packages/sophos/changelog.yml +++ b/packages/sophos/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "2.2.1" changes: - description: Format source.mac and destination.mac as per ECS for the UTM data stream. diff --git a/packages/sophos/data_stream/utm/fields/base-fields.yml b/packages/sophos/data_stream/utm/fields/base-fields.yml index 0c50a776378..15da1486fe7 100644 --- a/packages/sophos/data_stream/utm/fields/base-fields.yml +++ b/packages/sophos/data_stream/utm/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: sophos.utm -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/sophos/data_stream/xg/fields/fields.yml b/packages/sophos/data_stream/xg/fields/fields.yml index 6dd56deeab8..6917e482311 100644 --- a/packages/sophos/data_stream/xg/fields/fields.yml +++ b/packages/sophos/data_stream/xg/fields/fields.yml @@ -684,10 +684,6 @@ type: keyword description: | Syslog server name - - name: syslog_server_name - type: keyword - description: | - Syslog server name. - name: system_cpu type: float description: | diff --git a/packages/sophos/docs/README.md b/packages/sophos/docs/README.md index 7d950b445d8..12c3c24d2a4 100644 --- a/packages/sophos/docs/README.md +++ b/packages/sophos/docs/README.md @@ -26,7 +26,7 @@ The `utm` dataset collects Astaro Security Gateway logs. | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | client.domain | The domain name of the client system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | client.registered_domain | The highest registered client domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". | keyword | | client.subdomain | The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. | keyword | diff --git a/packages/sophos/manifest.yml b/packages/sophos/manifest.yml index dfe23ea68ab..ba7e8927393 100644 --- a/packages/sophos/manifest.yml +++ b/packages/sophos/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: sophos title: Sophos Logs -version: "2.2.1" +version: "2.2.2" description: Collect and parse logs from Sophos Products with Elastic Agent. categories: ["security"] release: ga diff --git a/packages/squid/changelog.yml b/packages/squid/changelog.yml index 6170e02fe30..4acd1b4ea13 100644 --- a/packages/squid/changelog.yml +++ b/packages/squid/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.8.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/squid/data_stream/log/fields/base-fields.yml b/packages/squid/data_stream/log/fields/base-fields.yml index 8243e1ed2f0..c25d7cae586 100644 --- a/packages/squid/data_stream/log/fields/base-fields.yml +++ b/packages/squid/data_stream/log/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: squid.log -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/squid/data_stream/log/fields/ecs.yml b/packages/squid/data_stream/log/fields/ecs.yml index 20e5a824aed..a050c94c85b 100644 --- a/packages/squid/data_stream/log/fields/ecs.yml +++ b/packages/squid/data_stream/log/fields/ecs.yml @@ -244,8 +244,6 @@ name: user_agent.name - external: ecs name: user_agent.original -- external: ecs - name: user_agent.original - external: ecs name: user_agent.os.family - external: ecs diff --git a/packages/squid/manifest.yml b/packages/squid/manifest.yml index 563e5955418..c8d1c5117bb 100644 --- a/packages/squid/manifest.yml +++ b/packages/squid/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: squid title: Squid Logs -version: 0.8.0 +version: 0.8.1 description: Collect and parse logs from Squid devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/suricata/changelog.yml b/packages/suricata/changelog.yml index 93b6d14ac51..5b213f8e985 100644 --- a/packages/suricata/changelog.yml +++ b/packages/suricata/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.0.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "2.0.0" changes: - description: Migrate map visualisation from tile_map to map object diff --git a/packages/suricata/data_stream/eve/fields/agent.yml b/packages/suricata/data_stream/eve/fields/agent.yml index 79a7a39864b..befedc3a20a 100644 --- a/packages/suricata/data_stream/eve/fields/agent.yml +++ b/packages/suricata/data_stream/eve/fields/agent.yml @@ -107,10 +107,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/suricata/data_stream/eve/fields/base-fields.yml b/packages/suricata/data_stream/eve/fields/base-fields.yml index eee838550ff..ae4fc87ca44 100644 --- a/packages/suricata/data_stream/eve/fields/base-fields.yml +++ b/packages/suricata/data_stream/eve/fields/base-fields.yml @@ -15,6 +15,3 @@ type: constant_keyword description: Event dataset value: suricata.eve -- name: '@timestamp' - type: date - description: Event timestamp. diff --git a/packages/suricata/data_stream/eve/fields/fields.yml b/packages/suricata/data_stream/eve/fields/fields.yml index 35d0142cbde..659f4c2a00d 100644 --- a/packages/suricata/data_stream/eve/fields/fields.yml +++ b/packages/suricata/data_stream/eve/fields/fields.yml @@ -524,5 +524,3 @@ type: keyword - name: app_proto_expected type: keyword - - name: flags - type: group diff --git a/packages/suricata/manifest.yml b/packages/suricata/manifest.yml index d752c823fb2..5a4a630795b 100644 --- a/packages/suricata/manifest.yml +++ b/packages/suricata/manifest.yml @@ -1,6 +1,6 @@ name: suricata title: Suricata Events -version: 2.0.0 +version: 2.0.1 release: ga description: Collect and parse event logs from Suricata instances with Elastic Agent. type: integration diff --git a/packages/symantec_endpoint/changelog.yml b/packages/symantec_endpoint/changelog.yml index c29df2b3f56..d34a9c70a9f 100644 --- a/packages/symantec_endpoint/changelog.yml +++ b/packages/symantec_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/symantec_endpoint/data_stream/log/fields/agent.yml b/packages/symantec_endpoint/data_stream/log/fields/agent.yml index c2cceee2d3f..f1bcf431f25 100644 --- a/packages/symantec_endpoint/data_stream/log/fields/agent.yml +++ b/packages/symantec_endpoint/data_stream/log/fields/agent.yml @@ -62,11 +62,6 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword diff --git a/packages/symantec_endpoint/data_stream/log/fields/ecs.yml b/packages/symantec_endpoint/data_stream/log/fields/ecs.yml index 399878e940d..be2445d1e99 100644 --- a/packages/symantec_endpoint/data_stream/log/fields/ecs.yml +++ b/packages/symantec_endpoint/data_stream/log/fields/ecs.yml @@ -38,14 +38,10 @@ external: ecs - name: event.category external: ecs -- name: event.dataset - external: ecs - name: event.ingested external: ecs - name: event.kind external: ecs -- name: event.module - external: ecs - name: event.start external: ecs - name: event.type diff --git a/packages/symantec_endpoint/docs/README.md b/packages/symantec_endpoint/docs/README.md index b36bc33b350..a3d3a816377 100644 --- a/packages/symantec_endpoint/docs/README.md +++ b/packages/symantec_endpoint/docs/README.md @@ -156,10 +156,10 @@ Vendor documentation: https://knowledge.broadcom.com/external/article?legacyId=T | ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | error.message | Error message. | match_only_text | | event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | -| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | +| event.dataset | Event dataset | constant_keyword | | event.ingested | Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` \< `event.created` \< `event.ingested`. | date | | event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | -| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | +| event.module | Event module | constant_keyword | | event.start | event.start contains the date when the event started or when the activity was first observed. | date | | event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | | file.hash.sha1 | SHA1 hash. | keyword | diff --git a/packages/symantec_endpoint/manifest.yml b/packages/symantec_endpoint/manifest.yml index 823d4bcd405..bed3b883074 100644 --- a/packages/symantec_endpoint/manifest.yml +++ b/packages/symantec_endpoint/manifest.yml @@ -1,6 +1,6 @@ name: symantec_endpoint title: Symantec Endpoint Protection -version: 1.0.0 +version: 1.0.1 release: ga description: Collect logs from Symantec Endpoint Protection with Elastic Agent. type: integration diff --git a/packages/system/changelog.yml b/packages/system/changelog.yml index 653476923e6..564066173a8 100644 --- a/packages/system/changelog.yml +++ b/packages/system/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.15.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.15.1" changes: - description: Fix ECS schema diff --git a/packages/system/data_stream/auth/fields/agent.yml b/packages/system/data_stream/auth/fields/agent.yml index da4e652c53b..de521f94cbd 100644 --- a/packages/system/data_stream/auth/fields/agent.yml +++ b/packages/system/data_stream/auth/fields/agent.yml @@ -90,82 +90,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version level: extended type: keyword diff --git a/packages/system/data_stream/auth/fields/base-fields.yml b/packages/system/data_stream/auth/fields/base-fields.yml index 516c401c769..c68e1ebf8b0 100644 --- a/packages/system/data_stream/auth/fields/base-fields.yml +++ b/packages/system/data_stream/auth/fields/base-fields.yml @@ -8,9 +8,6 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. -- name: '@timestamp' - type: date - description: Event timestamp. - name: event.dataset type: constant_keyword description: Event dataset. diff --git a/packages/system/data_stream/auth/fields/ecs.yml b/packages/system/data_stream/auth/fields/ecs.yml index 7e353efa7d6..c19e70a7f7c 100644 --- a/packages/system/data_stream/auth/fields/ecs.yml +++ b/packages/system/data_stream/auth/fields/ecs.yml @@ -16,8 +16,6 @@ name: event.ingested - external: ecs name: event.kind -- external: ecs - name: event.module - external: ecs name: event.outcome - external: ecs @@ -36,8 +34,6 @@ name: host.domain - external: ecs name: host.hostname -- external: ecs - name: host.hostname - external: ecs name: host.id - external: ecs diff --git a/packages/system/data_stream/auth/fields/fields.yml b/packages/system/data_stream/auth/fields/fields.yml index 827255de6c1..7ab8a2f0351 100644 --- a/packages/system/data_stream/auth/fields/fields.yml +++ b/packages/system/data_stream/auth/fields/fields.yml @@ -20,8 +20,6 @@ type: keyword description: | The SSH event as found in the logs (Accepted, Invalid, Failed, etc.) - - name: geoip - type: group - name: sudo type: group fields: @@ -54,8 +52,6 @@ - name: shell type: keyword description: The default shell for the new user. - - name: groupadd - type: group - description: "Operating system version as a raw string." ignore_above: 1024 name: version diff --git a/packages/system/data_stream/core/fields/agent.yml b/packages/system/data_stream/core/fields/agent.yml index da4e652c53b..dabba6195b1 100644 --- a/packages/system/data_stream/core/fields/agent.yml +++ b/packages/system/data_stream/core/fields/agent.yml @@ -90,12 +90,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - name: domain level: extended type: keyword @@ -121,64 +115,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' - name: containerized type: boolean description: > diff --git a/packages/system/data_stream/cpu/fields/agent.yml b/packages/system/data_stream/cpu/fields/agent.yml index 36435349824..e14ec693f51 100644 --- a/packages/system/data_stream/cpu/fields/agent.yml +++ b/packages/system/data_stream/cpu/fields/agent.yml @@ -90,12 +90,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - name: domain level: extended type: keyword @@ -121,64 +115,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' - name: containerized type: boolean description: > diff --git a/packages/system/data_stream/cpu/fields/fields.yml b/packages/system/data_stream/cpu/fields/fields.yml index 9efed64c2dc..6b1e9818bdd 100644 --- a/packages/system/data_stream/cpu/fields/fields.yml +++ b/packages/system/data_stream/cpu/fields/fields.yml @@ -171,12 +171,3 @@ metric_type: counter description: | The amount of CPU time spent in involuntary wait by the virtual CPU while the hypervisor was servicing another processor. Available only on Unix. -- name: host - type: group - fields: - - name: cpu.pct - type: scaled_float - unit: percent - metric_type: gauge - description: | - Percent CPU used. This value is normalized by the number of CPU cores and it ranges from 0 to 1. diff --git a/packages/system/data_stream/diskio/fields/agent.yml b/packages/system/data_stream/diskio/fields/agent.yml index 54d97ab701d..dbcc08f328b 100644 --- a/packages/system/data_stream/diskio/fields/agent.yml +++ b/packages/system/data_stream/diskio/fields/agent.yml @@ -90,12 +90,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - name: domain level: extended type: keyword @@ -105,13 +99,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,64 +108,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' - name: containerized type: boolean description: > @@ -196,14 +125,3 @@ description: > OS codename, if any. - - name: disk.read.bytes - type: long - format: bytes - description: > - The total number of bytes read successfully in a given period of time. - - - name: disk.write.bytes - type: long - format: bytes - description: >- - The total number of bytes write successfully in a given period of time. diff --git a/packages/system/data_stream/fsstat/fields/agent.yml b/packages/system/data_stream/fsstat/fields/agent.yml index da4e652c53b..dabba6195b1 100644 --- a/packages/system/data_stream/fsstat/fields/agent.yml +++ b/packages/system/data_stream/fsstat/fields/agent.yml @@ -90,12 +90,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - name: domain level: extended type: keyword @@ -121,64 +115,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' - name: containerized type: boolean description: > diff --git a/packages/system/data_stream/load/fields/agent.yml b/packages/system/data_stream/load/fields/agent.yml index da4e652c53b..dabba6195b1 100644 --- a/packages/system/data_stream/load/fields/agent.yml +++ b/packages/system/data_stream/load/fields/agent.yml @@ -90,12 +90,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - name: domain level: extended type: keyword @@ -121,64 +115,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' - name: containerized type: boolean description: > diff --git a/packages/system/data_stream/memory/fields/agent.yml b/packages/system/data_stream/memory/fields/agent.yml index da4e652c53b..dabba6195b1 100644 --- a/packages/system/data_stream/memory/fields/agent.yml +++ b/packages/system/data_stream/memory/fields/agent.yml @@ -90,12 +90,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - name: domain level: extended type: keyword @@ -121,64 +115,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' - name: containerized type: boolean description: > diff --git a/packages/system/data_stream/network/fields/agent.yml b/packages/system/data_stream/network/fields/agent.yml index e5afe011398..7571192d573 100644 --- a/packages/system/data_stream/network/fields/agent.yml +++ b/packages/system/data_stream/network/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -196,25 +189,22 @@ description: > OS codename, if any. - - name: network.in.bytes + - name: network.out.bytes type: long format: bytes + metric_type: counter description: > - The number of bytes received on all network interfaces by the host in a given period of time. + The number of bytes sent out on all network interfaces by the host in a given period of time. - name: network.in.packets type: long + metric_type: counter description: > The number of packets received on all network interfaces by the host in a given period of time. - - name: network.out.bytes - type: long - format: bytes - description: > - The number of bytes sent out on all network interfaces by the host in a given period of time. - - name: network.out.packets type: long + metric_type: counter description: > The number of packets sent out on all network interfaces by the host in a given period of time. diff --git a/packages/system/data_stream/network/fields/base-fields.yml b/packages/system/data_stream/network/fields/base-fields.yml index 30ac48f379b..4650bf6b3b7 100644 --- a/packages/system/data_stream/network/fields/base-fields.yml +++ b/packages/system/data_stream/network/fields/base-fields.yml @@ -7,9 +7,6 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. -- name: '@timestamp' - type: date - description: Event timestamp. - name: event.module type: constant_keyword description: Event module diff --git a/packages/system/data_stream/network/fields/fields.yml b/packages/system/data_stream/network/fields/fields.yml index a309d88ba0f..02c3397ffcd 100644 --- a/packages/system/data_stream/network/fields/fields.yml +++ b/packages/system/data_stream/network/fields/fields.yml @@ -59,19 +59,3 @@ metric_type: counter description: | The number of bytes received on all network interfaces by the host in a given period of time. - - name: network.out.bytes - type: scaled_float - unit: byte - metric_type: counter - description: | - The number of bytes sent out on all network interfaces by the host in a given period of time. - - name: network.in.packets - type: scaled_float - metric_type: counter - description: | - The number of packets received on all network interfaces by the host in a given period of time. - - name: network.out.packets - type: scaled_float - metric_type: counter - description: | - The number of packets sent out on all network interfaces by the host in a given period of time. diff --git a/packages/system/data_stream/process/fields/agent.yml b/packages/system/data_stream/process/fields/agent.yml index d5df59895a1..d1c917cd709 100644 --- a/packages/system/data_stream/process/fields/agent.yml +++ b/packages/system/data_stream/process/fields/agent.yml @@ -90,12 +90,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - name: domain level: extended type: keyword @@ -121,64 +115,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' - name: containerized type: boolean description: > diff --git a/packages/system/data_stream/process_summary/fields/agent.yml b/packages/system/data_stream/process_summary/fields/agent.yml index da4e652c53b..3cb905c19c2 100644 --- a/packages/system/data_stream/process_summary/fields/agent.yml +++ b/packages/system/data_stream/process_summary/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword diff --git a/packages/system/data_stream/process_summary/fields/base-fields.yml b/packages/system/data_stream/process_summary/fields/base-fields.yml index 8ba4e88dac3..a1bfaa238aa 100644 --- a/packages/system/data_stream/process_summary/fields/base-fields.yml +++ b/packages/system/data_stream/process_summary/fields/base-fields.yml @@ -7,9 +7,6 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. -- name: '@timestamp' - type: date - description: Event timestamp. - name: event.module type: constant_keyword description: Event module diff --git a/packages/system/data_stream/security/fields/agent.yml b/packages/system/data_stream/security/fields/agent.yml index da4e652c53b..5d8b5c2999b 100644 --- a/packages/system/data_stream/security/fields/agent.yml +++ b/packages/system/data_stream/security/fields/agent.yml @@ -130,13 +130,6 @@ type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/system/data_stream/security/fields/ecs.yml b/packages/system/data_stream/security/fields/ecs.yml index 3e823cc3da5..a476812f547 100644 --- a/packages/system/data_stream/security/fields/ecs.yml +++ b/packages/system/data_stream/security/fields/ecs.yml @@ -12,8 +12,6 @@ name: event.ingested - external: ecs name: event.kind -- external: ecs - name: event.module - external: ecs name: event.outcome - external: ecs diff --git a/packages/system/data_stream/socket_summary/fields/agent.yml b/packages/system/data_stream/socket_summary/fields/agent.yml index da4e652c53b..3cb905c19c2 100644 --- a/packages/system/data_stream/socket_summary/fields/agent.yml +++ b/packages/system/data_stream/socket_summary/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword diff --git a/packages/system/data_stream/socket_summary/fields/base-fields.yml b/packages/system/data_stream/socket_summary/fields/base-fields.yml index 1ed72ba281e..0e1c056093a 100644 --- a/packages/system/data_stream/socket_summary/fields/base-fields.yml +++ b/packages/system/data_stream/socket_summary/fields/base-fields.yml @@ -7,9 +7,6 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. -- name: '@timestamp' - type: date - description: Event timestamp. - name: event.module type: constant_keyword description: Event module diff --git a/packages/system/data_stream/syslog/fields/agent.yml b/packages/system/data_stream/syslog/fields/agent.yml index da4e652c53b..de521f94cbd 100644 --- a/packages/system/data_stream/syslog/fields/agent.yml +++ b/packages/system/data_stream/syslog/fields/agent.yml @@ -90,82 +90,6 @@ ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' type: group fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - name: os.version level: extended type: keyword diff --git a/packages/system/data_stream/syslog/fields/base-fields.yml b/packages/system/data_stream/syslog/fields/base-fields.yml index c43f2568370..804db873d75 100644 --- a/packages/system/data_stream/syslog/fields/base-fields.yml +++ b/packages/system/data_stream/syslog/fields/base-fields.yml @@ -8,9 +8,6 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. -- name: '@timestamp' - type: date - description: Event timestamp. - name: event.dataset type: constant_keyword description: Event dataset. diff --git a/packages/system/data_stream/syslog/fields/ecs.yml b/packages/system/data_stream/syslog/fields/ecs.yml index 1a5ab6d1998..4b55da20329 100644 --- a/packages/system/data_stream/syslog/fields/ecs.yml +++ b/packages/system/data_stream/syslog/fields/ecs.yml @@ -14,8 +14,6 @@ name: event.ingested - external: ecs name: event.kind -- external: ecs - name: event.module - external: ecs name: event.outcome - external: ecs diff --git a/packages/system/data_stream/syslog/fields/fields.yml b/packages/system/data_stream/syslog/fields/fields.yml deleted file mode 100644 index f9336869308..00000000000 --- a/packages/system/data_stream/syslog/fields/fields.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: system.syslog - type: group diff --git a/packages/system/data_stream/system/fields/ecs.yml b/packages/system/data_stream/system/fields/ecs.yml index 7abb6419d34..9201ffe6584 100644 --- a/packages/system/data_stream/system/fields/ecs.yml +++ b/packages/system/data_stream/system/fields/ecs.yml @@ -12,8 +12,6 @@ name: event.ingested - external: ecs name: event.kind -- external: ecs - name: event.module - external: ecs name: event.original - external: ecs diff --git a/packages/system/docs/README.md b/packages/system/docs/README.md index 5633db0750a..8daa86a4553 100644 --- a/packages/system/docs/README.md +++ b/packages/system/docs/README.md @@ -241,7 +241,7 @@ event log. | event.dataset | Event dataset. | constant_keyword | | event.ingested | Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` \< `event.created` \< `event.ingested`. | date | | event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | -| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | +| event.module | Event module | constant_keyword | | event.original | Raw text message of entire event. Used to demonstrate log integrity or where the full log message (before splitting it up in multiple parts) may be required, e.g. for reindex. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, please see `Field data types` in the `Elasticsearch Reference`. | keyword | | event.outcome | This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. `event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. | keyword | | event.provider | Source of the event. Event transports such as Syslog or the Windows Event Log typically mention the source of an event. It can be the name of the software that generated the event (e.g. Sysmon, httpd), or of a subsystem of the operating system (kernel, Microsoft-Windows-Security-Auditing). | keyword | @@ -873,7 +873,7 @@ The `auth` dataset provides auth logs on linux and MacOS prior to 10.8. | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | @@ -912,7 +912,7 @@ The `auth` dataset provides auth logs on linux and MacOS prior to 10.8. | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | -| host.mac | Host mac addresses. | keyword | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | @@ -921,7 +921,7 @@ The `auth` dataset provides auth logs on linux and MacOS prior to 10.8. | host.os.full.text | Multi-field of `host.os.full`. | match_only_text | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | text | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | @@ -971,7 +971,7 @@ The `syslog` dataset provides system logs on linux and MacOS. | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | @@ -1016,7 +1016,7 @@ The `syslog` dataset provides system logs on linux and MacOS. | host.os.full.text | Multi-field of `host.os.full`. | match_only_text | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | text | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | @@ -1145,7 +1145,7 @@ This dataset is available on: | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | | | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | | | host.ip | Host ip addresses. | ip | | | -| host.mac | Host mac addresses. | keyword | | | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | | | host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | | host.os.build | OS build information. | keyword | | | | host.os.codename | OS codename, if any. | keyword | | | @@ -1231,7 +1231,7 @@ This dataset is available on: | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | | | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | | | host.ip | Host ip addresses. | ip | | | -| host.mac | Host mac addresses. | keyword | | | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | | | host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | | host.os.build | OS build information. | keyword | | | | host.os.codename | OS codename, if any. | keyword | | | @@ -1375,7 +1375,7 @@ This dataset is available on: | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | | | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | | | host.ip | Host ip addresses. | ip | | | -| host.mac | Host mac addresses. | keyword | | | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | | | host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | | host.os.build | OS build information. | keyword | | | | host.os.codename | OS codename, if any. | keyword | | | @@ -1384,7 +1384,7 @@ This dataset is available on: | host.os.full.text | Multi-field of `host.os.full`. | match_only_text | | | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | | | host.os.name | Operating system name, without the version. | keyword | | | -| host.os.name.text | Multi-field of `host.os.name`. | text | | | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | | | host.os.version | Operating system version as a raw string. | keyword | | | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | | @@ -1436,7 +1436,7 @@ This dataset is available on: | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | | host.ip | Host ip addresses. | ip | | -| host.mac | Host mac addresses. | keyword | | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | | host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | host.os.build | OS build information. | keyword | | | host.os.codename | OS codename, if any. | keyword | | @@ -1500,7 +1500,7 @@ This dataset is available on: | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | | | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | | | host.ip | Host ip addresses. | ip | | | -| host.mac | Host mac addresses. | keyword | | | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | | | host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | | host.os.build | OS build information. | keyword | | | | host.os.codename | OS codename, if any. | keyword | | | @@ -1594,9 +1594,9 @@ This dataset is available on: | host.mac | Host mac addresses. | keyword | | | | host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | | host.network.in.bytes | The number of bytes received on all network interfaces by the host in a given period of time. | scaled_float | byte | counter | -| host.network.in.packets | The number of packets received on all network interfaces by the host in a given period of time. | scaled_float | | counter | -| host.network.out.bytes | The number of bytes sent out on all network interfaces by the host in a given period of time. | long | | | -| host.network.out.packets | The number of packets sent out on all network interfaces by the host in a given period of time. | long | | | +| host.network.in.packets | The number of packets received on all network interfaces by the host in a given period of time. | long | | counter | +| host.network.out.bytes | The number of bytes sent out on all network interfaces by the host in a given period of time. | long | | counter | +| host.network.out.packets | The number of packets sent out on all network interfaces by the host in a given period of time. | long | | counter | | host.os.build | OS build information. | keyword | | | | host.os.codename | OS codename, if any. | keyword | | | | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | | @@ -1687,7 +1687,7 @@ This dataset is available on: | host.os.full.text | Multi-field of `host.os.full`. | match_only_text | | | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | | | host.os.name | Operating system name, without the version. | keyword | | | -| host.os.name.text | Multi-field of `host.os.name`. | text | | | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | | | host.os.version | Operating system version as a raw string. | keyword | | | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | | @@ -1862,7 +1862,7 @@ This dataset is available on: | Field | Description | Type | Metric Type | |---|---|---|---| -| @timestamp | Event timestamp. | date | | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | cloud.image.id | Image ID for the cloud instance. | keyword | | @@ -1949,7 +1949,7 @@ This dataset is available on: | Field | Description | Type | Unit | Metric Type | |---|---|---|---|---| -| @timestamp | Event timestamp. | date | | | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | diff --git a/packages/system/manifest.yml b/packages/system/manifest.yml index 44b9367981e..3fa67ea8adf 100644 --- a/packages/system/manifest.yml +++ b/packages/system/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: system title: System -version: 1.15.1 +version: 1.15.2 license: basic description: Collect system logs and metrics from your servers with Elastic Agent. type: integration diff --git a/packages/ti_cybersixgill/changelog.yml b/packages/ti_cybersixgill/changelog.yml index 9b54a27f92a..103abafb013 100644 --- a/packages/ti_cybersixgill/changelog.yml +++ b/packages/ti_cybersixgill/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.4.1" changes: - description: Update package descriptions diff --git a/packages/ti_cybersixgill/data_stream/threat/fields/ecs.yml b/packages/ti_cybersixgill/data_stream/threat/fields/ecs.yml index b610ef66549..7e4da707181 100644 --- a/packages/ti_cybersixgill/data_stream/threat/fields/ecs.yml +++ b/packages/ti_cybersixgill/data_stream/threat/fields/ecs.yml @@ -16,8 +16,6 @@ name: event.severity - external: ecs name: event.created -- external: ecs - name: message - external: ecs name: tags - external: ecs diff --git a/packages/ti_cybersixgill/manifest.yml b/packages/ti_cybersixgill/manifest.yml index fc4fe16140c..a47d3882c24 100644 --- a/packages/ti_cybersixgill/manifest.yml +++ b/packages/ti_cybersixgill/manifest.yml @@ -1,6 +1,6 @@ name: ti_cybersixgill title: Cybersixgill -version: 1.4.1 +version: 1.4.2 release: ga description: Ingest threat intelligence indicators from Cybersixgill with Elastic Agent. type: integration diff --git a/packages/ti_misp/changelog.yml b/packages/ti_misp/changelog.yml index a87319514dc..d43e6e7700e 100644 --- a/packages/ti_misp/changelog.yml +++ b/packages/ti_misp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.4.0" changes: - description: Fix pagination looping forever diff --git a/packages/ti_misp/data_stream/threat/fields/ecs.yml b/packages/ti_misp/data_stream/threat/fields/ecs.yml index 213fc84cede..31cdaf0274f 100644 --- a/packages/ti_misp/data_stream/threat/fields/ecs.yml +++ b/packages/ti_misp/data_stream/threat/fields/ecs.yml @@ -22,8 +22,6 @@ name: user.email - external: ecs name: user.roles -- name: threat.feed.name - type: keyword - external: ecs name: threat.indicator.first_seen - external: ecs diff --git a/packages/ti_misp/docs/README.md b/packages/ti_misp/docs/README.md index 79790f5d0e3..f78bac155e7 100644 --- a/packages/ti_misp/docs/README.md +++ b/packages/ti_misp/docs/README.md @@ -123,7 +123,7 @@ The filters themselves are based on the [MISP API documentation](https://www.cir | misp.uuid | The UUID of the event object. | keyword | | tags | List of keywords used to tag each event. | keyword | | threat.feed.dashboard_id | Dashboard ID used for Kibana CTI UI | constant_keyword | -| threat.feed.name | | keyword | +| threat.feed.name | Display friendly feed name | constant_keyword | | threat.indicator.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | | threat.indicator.email.address | Identifies a threat indicator as an email address (irrespective of direction). | keyword | | threat.indicator.file.hash.md5 | MD5 hash. | keyword | diff --git a/packages/ti_misp/manifest.yml b/packages/ti_misp/manifest.yml index 152925bb9c7..e1d4f3c01c4 100644 --- a/packages/ti_misp/manifest.yml +++ b/packages/ti_misp/manifest.yml @@ -1,6 +1,6 @@ name: ti_misp title: MISP -version: 1.4.0 +version: 1.4.1 release: ga description: Ingest threat intelligence indicators from MISP platform with Elastic Agent. type: integration diff --git a/packages/ti_threatq/changelog.yml b/packages/ti_threatq/changelog.yml index df4574385c4..923c22c4e42 100644 --- a/packages/ti_threatq/changelog.yml +++ b/packages/ti_threatq/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.3.1" changes: - description: Update package descriptions diff --git a/packages/ti_threatq/data_stream/threat/fields/ecs.yml b/packages/ti_threatq/data_stream/threat/fields/ecs.yml index f6481bf8b83..bfec5fe8dbc 100644 --- a/packages/ti_threatq/data_stream/threat/fields/ecs.yml +++ b/packages/ti_threatq/data_stream/threat/fields/ecs.yml @@ -18,8 +18,6 @@ name: event.created - external: ecs name: event.original -- name: threat.feed.name - type: keyword - external: ecs name: threat.indicator.first_seen - external: ecs diff --git a/packages/ti_threatq/docs/README.md b/packages/ti_threatq/docs/README.md index cff24c8d1b7..7d98fe122bb 100644 --- a/packages/ti_threatq/docs/README.md +++ b/packages/ti_threatq/docs/README.md @@ -65,7 +65,7 @@ By default the indicators will be collected every 1 minute, and deduplication is | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | tags | List of keywords used to tag each event. | keyword | | threat.feed.dashboard_id | Dashboard ID used for Kibana CTI UI | constant_keyword | -| threat.feed.name | | keyword | +| threat.feed.name | Display friendly feed name | constant_keyword | | threat.indicator.confidence | Identifies the vendor-neutral confidence rating using the None/Low/Medium/High scale defined in Appendix A of the STIX 2.1 framework. Vendor-specific confidence scales may be added as custom fields. Expected values are: \* Not Specified \* None \* Low \* Medium \* High | keyword | | threat.indicator.description | Describes the type of action conducted by the threat. | keyword | | threat.indicator.email.address | Identifies a threat indicator as an email address (irrespective of direction). | keyword | diff --git a/packages/ti_threatq/manifest.yml b/packages/ti_threatq/manifest.yml index d1302b076c8..f54be7abeb9 100644 --- a/packages/ti_threatq/manifest.yml +++ b/packages/ti_threatq/manifest.yml @@ -1,6 +1,6 @@ name: ti_threatq title: ThreatQuotient -version: 1.3.1 +version: 1.3.2 release: ga description: Ingest threat intelligence indicators from ThreatQuotient with Elastic Agent. type: integration diff --git a/packages/tomcat/changelog.yml b/packages/tomcat/changelog.yml index 974bff72e03..04155e42f8f 100644 --- a/packages/tomcat/changelog.yml +++ b/packages/tomcat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.4.0" changes: - description: Update to ECS 8.2.0 diff --git a/packages/tomcat/data_stream/log/fields/base-fields.yml b/packages/tomcat/data_stream/log/fields/base-fields.yml index 423a2e20de9..9ea6d274acc 100644 --- a/packages/tomcat/data_stream/log/fields/base-fields.yml +++ b/packages/tomcat/data_stream/log/fields/base-fields.yml @@ -7,9 +7,6 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. -- name: '@timestamp' - type: date - description: Event timestamp. - name: event.module type: constant_keyword description: Event module diff --git a/packages/tomcat/data_stream/log/fields/ecs.yml b/packages/tomcat/data_stream/log/fields/ecs.yml index 384fbb680e5..69e1e7fcf86 100644 --- a/packages/tomcat/data_stream/log/fields/ecs.yml +++ b/packages/tomcat/data_stream/log/fields/ecs.yml @@ -212,8 +212,6 @@ name: source.top_level_domain - external: ecs name: tags -- external: ecs - name: tags - external: ecs name: url.domain - external: ecs diff --git a/packages/tomcat/docs/README.md b/packages/tomcat/docs/README.md index 6fb84c060ef..306ccc23390 100644 --- a/packages/tomcat/docs/README.md +++ b/packages/tomcat/docs/README.md @@ -12,7 +12,7 @@ The `log` dataset collects Apache Tomcat logs. | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | client.domain | The domain name of the client system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | client.registered_domain | The highest registered client domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". | keyword | | client.subdomain | The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. | keyword | diff --git a/packages/tomcat/manifest.yml b/packages/tomcat/manifest.yml index a87e45debf7..ad5f1bae1c5 100644 --- a/packages/tomcat/manifest.yml +++ b/packages/tomcat/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: tomcat title: Apache Tomcat -version: 1.4.0 +version: 1.4.1 description: Collect and parse logs from Apache Tomcat servers with Elastic Agent. categories: ["web", "security"] release: ga diff --git a/packages/traefik/changelog.yml b/packages/traefik/changelog.yml index 07f32662e0d..db7a4b99c98 100644 --- a/packages/traefik/changelog.yml +++ b/packages/traefik/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.4.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.4.0" changes: - description: Migrate tile map to map in logs dashboard diff --git a/packages/traefik/data_stream/access/fields/fields.yml b/packages/traefik/data_stream/access/fields/fields.yml index fe9007a9fe9..c6f3210725d 100644 --- a/packages/traefik/data_stream/access/fields/fields.yml +++ b/packages/traefik/data_stream/access/fields/fields.yml @@ -22,8 +22,6 @@ - name: os type: alias path: user_agent.os.full_name - - name: geoip - type: group - name: input.type type: keyword description: Input type diff --git a/packages/traefik/manifest.yml b/packages/traefik/manifest.yml index 4a333266b6c..fba9fa82a41 100644 --- a/packages/traefik/manifest.yml +++ b/packages/traefik/manifest.yml @@ -1,6 +1,6 @@ name: traefik title: Traefik -version: 1.4.0 +version: 1.4.1 release: ga description: Collect logs and metrics from Traefik servers with Elastic Agent. type: integration diff --git a/packages/windows/changelog.yml b/packages/windows/changelog.yml index 929b94b614e..d6424ad3bfe 100644 --- a/packages/windows/changelog.yml +++ b/packages/windows/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.12.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.12.1" changes: - description: Drop unset fields in sysmon_operational data stream. diff --git a/packages/windows/data_stream/forwarded/fields/agent.yml b/packages/windows/data_stream/forwarded/fields/agent.yml index da4e652c53b..5d8b5c2999b 100644 --- a/packages/windows/data_stream/forwarded/fields/agent.yml +++ b/packages/windows/data_stream/forwarded/fields/agent.yml @@ -130,13 +130,6 @@ type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/windows/data_stream/powershell/fields/agent.yml b/packages/windows/data_stream/powershell/fields/agent.yml index da4e652c53b..5d8b5c2999b 100644 --- a/packages/windows/data_stream/powershell/fields/agent.yml +++ b/packages/windows/data_stream/powershell/fields/agent.yml @@ -130,13 +130,6 @@ type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/windows/data_stream/powershell_operational/fields/agent.yml b/packages/windows/data_stream/powershell_operational/fields/agent.yml index da4e652c53b..5d8b5c2999b 100644 --- a/packages/windows/data_stream/powershell_operational/fields/agent.yml +++ b/packages/windows/data_stream/powershell_operational/fields/agent.yml @@ -130,13 +130,6 @@ type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/windows/data_stream/sysmon_operational/fields/agent.yml b/packages/windows/data_stream/sysmon_operational/fields/agent.yml index da4e652c53b..5d8b5c2999b 100644 --- a/packages/windows/data_stream/sysmon_operational/fields/agent.yml +++ b/packages/windows/data_stream/sysmon_operational/fields/agent.yml @@ -130,13 +130,6 @@ type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/windows/manifest.yml b/packages/windows/manifest.yml index 1748b738015..3278aa1fb70 100644 --- a/packages/windows/manifest.yml +++ b/packages/windows/manifest.yml @@ -1,6 +1,6 @@ name: windows title: Windows -version: 1.12.1 +version: 1.12.2 description: Collect logs and metrics from Windows OS and services with Elastic Agent. type: integration categories: diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index d73f263696e..ebf23b1e6b6 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.0.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "2.0.0" changes: - description: Migrate map visualisation from tile_map to map object diff --git a/packages/zeek/data_stream/capture_loss/fields/agent.yml b/packages/zeek/data_stream/capture_loss/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/capture_loss/fields/agent.yml +++ b/packages/zeek/data_stream/capture_loss/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/connection/fields/agent.yml b/packages/zeek/data_stream/connection/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/connection/fields/agent.yml +++ b/packages/zeek/data_stream/connection/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/dce_rpc/fields/agent.yml b/packages/zeek/data_stream/dce_rpc/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/dce_rpc/fields/agent.yml +++ b/packages/zeek/data_stream/dce_rpc/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/dhcp/fields/agent.yml b/packages/zeek/data_stream/dhcp/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/dhcp/fields/agent.yml +++ b/packages/zeek/data_stream/dhcp/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/dnp3/fields/agent.yml b/packages/zeek/data_stream/dnp3/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/dnp3/fields/agent.yml +++ b/packages/zeek/data_stream/dnp3/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/dns/fields/agent.yml b/packages/zeek/data_stream/dns/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/dns/fields/agent.yml +++ b/packages/zeek/data_stream/dns/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/dpd/fields/agent.yml b/packages/zeek/data_stream/dpd/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/dpd/fields/agent.yml +++ b/packages/zeek/data_stream/dpd/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/files/fields/agent.yml b/packages/zeek/data_stream/files/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/files/fields/agent.yml +++ b/packages/zeek/data_stream/files/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/ftp/fields/agent.yml b/packages/zeek/data_stream/ftp/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/ftp/fields/agent.yml +++ b/packages/zeek/data_stream/ftp/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/http/fields/agent.yml b/packages/zeek/data_stream/http/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/http/fields/agent.yml +++ b/packages/zeek/data_stream/http/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/intel/fields/agent.yml b/packages/zeek/data_stream/intel/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/intel/fields/agent.yml +++ b/packages/zeek/data_stream/intel/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/irc/fields/agent.yml b/packages/zeek/data_stream/irc/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/irc/fields/agent.yml +++ b/packages/zeek/data_stream/irc/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/kerberos/fields/agent.yml b/packages/zeek/data_stream/kerberos/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/kerberos/fields/agent.yml +++ b/packages/zeek/data_stream/kerberos/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/modbus/fields/agent.yml b/packages/zeek/data_stream/modbus/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/modbus/fields/agent.yml +++ b/packages/zeek/data_stream/modbus/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/mysql/fields/agent.yml b/packages/zeek/data_stream/mysql/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/mysql/fields/agent.yml +++ b/packages/zeek/data_stream/mysql/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/notice/fields/agent.yml b/packages/zeek/data_stream/notice/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/notice/fields/agent.yml +++ b/packages/zeek/data_stream/notice/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/ntlm/fields/agent.yml b/packages/zeek/data_stream/ntlm/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/ntlm/fields/agent.yml +++ b/packages/zeek/data_stream/ntlm/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/ntp/fields/agent.yml b/packages/zeek/data_stream/ntp/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/ntp/fields/agent.yml +++ b/packages/zeek/data_stream/ntp/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/ocsp/fields/agent.yml b/packages/zeek/data_stream/ocsp/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/ocsp/fields/agent.yml +++ b/packages/zeek/data_stream/ocsp/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/pe/fields/agent.yml b/packages/zeek/data_stream/pe/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/pe/fields/agent.yml +++ b/packages/zeek/data_stream/pe/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/radius/fields/agent.yml b/packages/zeek/data_stream/radius/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/radius/fields/agent.yml +++ b/packages/zeek/data_stream/radius/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/rdp/fields/agent.yml b/packages/zeek/data_stream/rdp/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/rdp/fields/agent.yml +++ b/packages/zeek/data_stream/rdp/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/rfb/fields/agent.yml b/packages/zeek/data_stream/rfb/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/rfb/fields/agent.yml +++ b/packages/zeek/data_stream/rfb/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/signature/fields/agent.yml b/packages/zeek/data_stream/signature/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/signature/fields/agent.yml +++ b/packages/zeek/data_stream/signature/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/sip/fields/agent.yml b/packages/zeek/data_stream/sip/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/sip/fields/agent.yml +++ b/packages/zeek/data_stream/sip/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/smb_cmd/fields/agent.yml b/packages/zeek/data_stream/smb_cmd/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/smb_cmd/fields/agent.yml +++ b/packages/zeek/data_stream/smb_cmd/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/smb_files/fields/agent.yml b/packages/zeek/data_stream/smb_files/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/smb_files/fields/agent.yml +++ b/packages/zeek/data_stream/smb_files/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/smb_mapping/fields/agent.yml b/packages/zeek/data_stream/smb_mapping/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/smb_mapping/fields/agent.yml +++ b/packages/zeek/data_stream/smb_mapping/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/smtp/fields/agent.yml b/packages/zeek/data_stream/smtp/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/smtp/fields/agent.yml +++ b/packages/zeek/data_stream/smtp/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/snmp/fields/agent.yml b/packages/zeek/data_stream/snmp/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/snmp/fields/agent.yml +++ b/packages/zeek/data_stream/snmp/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/socks/fields/agent.yml b/packages/zeek/data_stream/socks/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/socks/fields/agent.yml +++ b/packages/zeek/data_stream/socks/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/ssh/fields/agent.yml b/packages/zeek/data_stream/ssh/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/ssh/fields/agent.yml +++ b/packages/zeek/data_stream/ssh/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/ssl/fields/agent.yml b/packages/zeek/data_stream/ssl/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/ssl/fields/agent.yml +++ b/packages/zeek/data_stream/ssl/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/ssl/fields/ecs.yml b/packages/zeek/data_stream/ssl/fields/ecs.yml index 27c39bf622b..044dac8274d 100644 --- a/packages/zeek/data_stream/ssl/fields/ecs.yml +++ b/packages/zeek/data_stream/ssl/fields/ecs.yml @@ -138,5 +138,3 @@ name: tls.version - external: ecs name: tls.version_protocol -- external: ecs - name: tls.version_protocol diff --git a/packages/zeek/data_stream/stats/fields/agent.yml b/packages/zeek/data_stream/stats/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/stats/fields/agent.yml +++ b/packages/zeek/data_stream/stats/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/syslog/fields/agent.yml b/packages/zeek/data_stream/syslog/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/syslog/fields/agent.yml +++ b/packages/zeek/data_stream/syslog/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/traceroute/fields/agent.yml b/packages/zeek/data_stream/traceroute/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/traceroute/fields/agent.yml +++ b/packages/zeek/data_stream/traceroute/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/tunnel/fields/agent.yml b/packages/zeek/data_stream/tunnel/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/tunnel/fields/agent.yml +++ b/packages/zeek/data_stream/tunnel/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/weird/fields/agent.yml b/packages/zeek/data_stream/weird/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/weird/fields/agent.yml +++ b/packages/zeek/data_stream/weird/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/x509/fields/agent.yml b/packages/zeek/data_stream/x509/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/x509/fields/agent.yml +++ b/packages/zeek/data_stream/x509/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index c345f422281..16dec6849fe 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -1,6 +1,6 @@ name: zeek title: Zeek Logs -version: 2.0.0 +version: 2.0.1 release: ga description: Collect and parse logs from Zeek network security with Elastic Agent. type: integration diff --git a/packages/zscaler/changelog.yml b/packages/zscaler/changelog.yml index 53847685a34..5b8f0cb0764 100644 --- a/packages/zscaler/changelog.yml +++ b/packages/zscaler/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.2" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "0.5.1" changes: - description: Mark package as deprecated. Use the zscaler_zia package instead. diff --git a/packages/zscaler/data_stream/zia/fields/base-fields.yml b/packages/zscaler/data_stream/zia/fields/base-fields.yml index 9a64f92d5b5..f86ea60596b 100644 --- a/packages/zscaler/data_stream/zia/fields/base-fields.yml +++ b/packages/zscaler/data_stream/zia/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: zscaler.zia -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 @@ -39,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/zscaler/manifest.yml b/packages/zscaler/manifest.yml index 14247824f9a..cf70e838b4e 100644 --- a/packages/zscaler/manifest.yml +++ b/packages/zscaler/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler title: Zscaler NSS Logs -version: 0.5.1 +version: 0.5.2 description: Deprecated. Use the Zscaler ZIA integration instead. categories: ["network", "security"] release: experimental diff --git a/packages/zscaler_zia/changelog.yml b/packages/zscaler_zia/changelog.yml index 0b7ad86fdcf..bc63b25f049 100644 --- a/packages/zscaler_zia/changelog.yml +++ b/packages/zscaler_zia/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "2.1.0" changes: - description: Make GA diff --git a/packages/zscaler_zia/data_stream/firewall/fields/agent.yml b/packages/zscaler_zia/data_stream/firewall/fields/agent.yml index e313ec82874..0eaf820125a 100644 --- a/packages/zscaler_zia/data_stream/firewall/fields/agent.yml +++ b/packages/zscaler_zia/data_stream/firewall/fields/agent.yml @@ -105,13 +105,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword diff --git a/packages/zscaler_zia/manifest.yml b/packages/zscaler_zia/manifest.yml index a75aff23776..c731bc5e448 100644 --- a/packages/zscaler_zia/manifest.yml +++ b/packages/zscaler_zia/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler_zia title: Zscaler Internet Access -version: 2.1.0 +version: 2.1.1 license: basic description: Collect logs from Zscaler Internet Access (ZIA) with Elastic Agent. type: integration diff --git a/packages/zscaler_zpa/changelog.yml b/packages/zscaler_zpa/changelog.yml index b9d3f3f006b..ae8fadcbd82 100644 --- a/packages/zscaler_zpa/changelog.yml +++ b/packages/zscaler_zpa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.1" + changes: + - description: Remove duplicated fields definitions + type: bugfix + link: https://github.com/elastic/integrations/pull/3392 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/zscaler_zpa/data_stream/browser_access/fields/ecs.yml b/packages/zscaler_zpa/data_stream/browser_access/fields/ecs.yml index f59d7cbe5e6..eefe60436b2 100644 --- a/packages/zscaler_zpa/data_stream/browser_access/fields/ecs.yml +++ b/packages/zscaler_zpa/data_stream/browser_access/fields/ecs.yml @@ -6,8 +6,6 @@ name: client.geo.country_iso_code - external: ecs name: client.geo.continent_name -- external: ecs - name: client.geo.country_iso_code - external: ecs name: client.geo.region_iso_code - description: Longitude and latitude diff --git a/packages/zscaler_zpa/manifest.yml b/packages/zscaler_zpa/manifest.yml index 6413662ac98..99bf2070f50 100644 --- a/packages/zscaler_zpa/manifest.yml +++ b/packages/zscaler_zpa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: zscaler_zpa title: "Zscaler Private Access" -version: 1.0.0 +version: 1.0.1 license: basic description: Collect logs from Zscaler Private Access (ZPA) with Elastic Agent. type: integration