diff --git a/packages/carbonblack_edr/changelog.yml b/packages/carbonblack_edr/changelog.yml index 3578edfb852..9c21eaa171a 100644 --- a/packages/carbonblack_edr/changelog.yml +++ b/packages/carbonblack_edr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.1" + changes: + - description: Remove duplicate field. + type: enhancement + link: https://github.com/elastic/integrations/pull/4339 - version: "1.5.0" changes: - description: Update package to ECS 8.4.0 diff --git a/packages/carbonblack_edr/data_stream/log/fields/agent.yml b/packages/carbonblack_edr/data_stream/log/fields/agent.yml index 4d9a6f7b362..8d787b7c8dc 100644 --- a/packages/carbonblack_edr/data_stream/log/fields/agent.yml +++ b/packages/carbonblack_edr/data_stream/log/fields/agent.yml @@ -46,13 +46,6 @@ type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword @@ -65,17 +58,6 @@ ignore_above: 1024 description: Operating system kernel version as a raw string. example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - name: os.platform level: extended type: keyword diff --git a/packages/carbonblack_edr/manifest.yml b/packages/carbonblack_edr/manifest.yml index dd14ba9e92d..def7123ef1b 100644 --- a/packages/carbonblack_edr/manifest.yml +++ b/packages/carbonblack_edr/manifest.yml @@ -1,6 +1,6 @@ name: carbonblack_edr title: VMware Carbon Black EDR -version: "1.5.0" +version: "1.5.1" release: ga description: Collect logs from VMware Carbon Black EDR with Elastic Agent. type: integration diff --git a/packages/checkpoint/changelog.yml b/packages/checkpoint/changelog.yml index 90a2b539e36..0e80d6ede54 100644 --- a/packages/checkpoint/changelog.yml +++ b/packages/checkpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.2" + changes: + - description: Remove duplicate field. + type: enhancement + link: https://github.com/elastic/integrations/issues/4339 - version: "1.8.1" changes: - description: Use ECS geo.location definition. @@ -33,7 +38,7 @@ changes: - description: Update Checkpoint logo. type: enhancement - link: https://github.com/elastic/integrations/pull/1 + link: https://github.com/elastic/integrations/pull/3557 - version: "1.5.0" changes: - description: Add TLS and custom options support to TCP input. diff --git a/packages/checkpoint/data_stream/firewall/fields/agent.yml b/packages/checkpoint/data_stream/firewall/fields/agent.yml index 79a7a39864b..915a21e22ae 100644 --- a/packages/checkpoint/data_stream/firewall/fields/agent.yml +++ b/packages/checkpoint/data_stream/firewall/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -116,11 +111,6 @@ type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - name: os.family level: extended type: keyword @@ -133,29 +123,12 @@ ignore_above: 1024 description: Operating system kernel version as a raw string. example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - name: os.platform level: extended type: keyword ignore_above: 1024 description: Operating system platform (such centos, ubuntu, windows). example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - name: type level: core type: keyword diff --git a/packages/checkpoint/docs/README.md b/packages/checkpoint/docs/README.md index c9c43dfc879..39d5cccce36 100644 --- a/packages/checkpoint/docs/README.md +++ b/packages/checkpoint/docs/README.md @@ -597,7 +597,7 @@ An example event for `firewall` looks as following: | host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | text | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | diff --git a/packages/checkpoint/manifest.yml b/packages/checkpoint/manifest.yml index ce0981da5e0..291769e9eea 100644 --- a/packages/checkpoint/manifest.yml +++ b/packages/checkpoint/manifest.yml @@ -1,6 +1,6 @@ name: checkpoint title: Check Point -version: "1.8.1" +version: "1.8.2" release: ga description: Collect logs from Check Point with Elastic Agent. type: integration diff --git a/packages/cisco_umbrella/changelog.yml b/packages/cisco_umbrella/changelog.yml index f21d13fc678..9e32bb8f4ef 100644 --- a/packages/cisco_umbrella/changelog.yml +++ b/packages/cisco_umbrella/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.2" + changes: + - description: Remove duplicate field. + type: enhancement + link: https://github.com/elastic/integrations/pull/4339 - version: "1.4.1" changes: - description: Remove hint for cisco managed s3 Bucket List Prefix diff --git a/packages/cisco_umbrella/data_stream/log/fields/agent.yml b/packages/cisco_umbrella/data_stream/log/fields/agent.yml index da4e652c53b..e0f9e38998f 100644 --- a/packages/cisco_umbrella/data_stream/log/fields/agent.yml +++ b/packages/cisco_umbrella/data_stream/log/fields/agent.yml @@ -62,11 +62,6 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -105,13 +100,6 @@ For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword @@ -121,22 +109,6 @@ As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/cisco_umbrella/manifest.yml b/packages/cisco_umbrella/manifest.yml index be89ad5e787..d9806762254 100644 --- a/packages/cisco_umbrella/manifest.yml +++ b/packages/cisco_umbrella/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_umbrella title: Cisco Umbrella -version: "1.4.1" +version: "1.4.2" license: basic description: Collect logs from Cisco Umbrella with Elastic Agent. type: integration diff --git a/packages/gcp/changelog.yml b/packages/gcp/changelog.yml index 1c377df53da..ff4e8ba61d9 100644 --- a/packages/gcp/changelog.yml +++ b/packages/gcp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.11.8" + changes: + - description: Remove duplicate fields. + type: enhancement + link: https://github.com/elastic/integrations/pull/4339 - version: "2.11.7" changes: - description: Move Dataproc lightweight module config into integration diff --git a/packages/gcp/data_stream/billing/fields/agent.yml b/packages/gcp/data_stream/billing/fields/agent.yml index da4e652c53b..55b1dd97413 100644 --- a/packages/gcp/data_stream/billing/fields/agent.yml +++ b/packages/gcp/data_stream/billing/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/gcp/data_stream/compute/fields/agent.yml b/packages/gcp/data_stream/compute/fields/agent.yml index 2a31d79f494..8e686410afb 100644 --- a/packages/gcp/data_stream/compute/fields/agent.yml +++ b/packages/gcp/data_stream/compute/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an GCP Compute VM and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/gcp/data_stream/dataproc/fields/agent.yml b/packages/gcp/data_stream/dataproc/fields/agent.yml index 2a31d79f494..8e686410afb 100644 --- a/packages/gcp/data_stream/dataproc/fields/agent.yml +++ b/packages/gcp/data_stream/dataproc/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an GCP Compute VM and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/gcp/data_stream/firestore/fields/agent.yml b/packages/gcp/data_stream/firestore/fields/agent.yml index 2a31d79f494..8e686410afb 100644 --- a/packages/gcp/data_stream/firestore/fields/agent.yml +++ b/packages/gcp/data_stream/firestore/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an GCP Compute VM and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/gcp/data_stream/gke/fields/agent.yml b/packages/gcp/data_stream/gke/fields/agent.yml index 2a31d79f494..8e686410afb 100644 --- a/packages/gcp/data_stream/gke/fields/agent.yml +++ b/packages/gcp/data_stream/gke/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an GCP Compute VM and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/gcp/data_stream/loadbalancing_logs/fields/ecs.yml b/packages/gcp/data_stream/loadbalancing_logs/fields/ecs.yml index bfb550fbde5..e4306d8cc86 100644 --- a/packages/gcp/data_stream/loadbalancing_logs/fields/ecs.yml +++ b/packages/gcp/data_stream/loadbalancing_logs/fields/ecs.yml @@ -60,22 +60,14 @@ name: url.port - external: ecs name: user_agent.device.name -- external: ecs - name: user_agent.device.name -- external: ecs - name: user_agent.name - external: ecs name: user_agent.name - external: ecs name: user_agent.original -- external: ecs - name: user_agent.original - external: ecs name: user_agent.os.full - external: ecs name: user_agent.os.name -- external: ecs - name: user_agent.os.name - external: ecs name: user_agent.os.version - external: ecs diff --git a/packages/gcp/data_stream/loadbalancing_metrics/fields/agent.yml b/packages/gcp/data_stream/loadbalancing_metrics/fields/agent.yml index 2a31d79f494..8e686410afb 100644 --- a/packages/gcp/data_stream/loadbalancing_metrics/fields/agent.yml +++ b/packages/gcp/data_stream/loadbalancing_metrics/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an GCP Compute VM and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/gcp/data_stream/pubsub/fields/agent.yml b/packages/gcp/data_stream/pubsub/fields/agent.yml index 2a31d79f494..8e686410afb 100644 --- a/packages/gcp/data_stream/pubsub/fields/agent.yml +++ b/packages/gcp/data_stream/pubsub/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an GCP Compute VM and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/gcp/data_stream/storage/fields/agent.yml b/packages/gcp/data_stream/storage/fields/agent.yml index 2a31d79f494..8e686410afb 100644 --- a/packages/gcp/data_stream/storage/fields/agent.yml +++ b/packages/gcp/data_stream/storage/fields/agent.yml @@ -5,49 +5,11 @@ footnote: 'Examples: If Metricbeat is running on an GCP Compute VM and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' type: group fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - name: instance.name level: extended type: keyword ignore_above: 1024 description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. diff --git a/packages/gcp/docs/README.md b/packages/gcp/docs/README.md index d2788c2ffde..5194cf59efd 100644 --- a/packages/gcp/docs/README.md +++ b/packages/gcp/docs/README.md @@ -1162,14 +1162,14 @@ The `billing` dataset collects GCP Billing information from Google Cloud BigQuer | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | @@ -1260,14 +1260,14 @@ The `compute` dataset is designed to fetch metrics for [Compute Engine](https:// | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | @@ -1426,7 +1426,7 @@ The `firestore` dataset fetches metrics from [Firestore](https://cloud.google.co | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | diff --git a/packages/gcp/docs/billing.md b/packages/gcp/docs/billing.md index 30701286feb..06128132194 100644 --- a/packages/gcp/docs/billing.md +++ b/packages/gcp/docs/billing.md @@ -60,14 +60,14 @@ An example event for `billing` looks as following: | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | diff --git a/packages/gcp/docs/compute.md b/packages/gcp/docs/compute.md index f44bacd9281..34b3d0eee8c 100644 --- a/packages/gcp/docs/compute.md +++ b/packages/gcp/docs/compute.md @@ -107,14 +107,14 @@ An example event for `compute` looks as following: | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | diff --git a/packages/gcp/docs/dataproc.md b/packages/gcp/docs/dataproc.md index acfb02d2d1a..0b90005cea8 100644 --- a/packages/gcp/docs/dataproc.md +++ b/packages/gcp/docs/dataproc.md @@ -81,7 +81,7 @@ An example event for `dataproc` looks as following: | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | diff --git a/packages/gcp/docs/firestore.md b/packages/gcp/docs/firestore.md index 71627a47186..2b8c97370e5 100644 --- a/packages/gcp/docs/firestore.md +++ b/packages/gcp/docs/firestore.md @@ -78,7 +78,7 @@ An example event for `firestore` looks as following: | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | diff --git a/packages/gcp/docs/gke.md b/packages/gcp/docs/gke.md index 367fcec297d..58c31a0c39a 100644 --- a/packages/gcp/docs/gke.md +++ b/packages/gcp/docs/gke.md @@ -74,14 +74,14 @@ An example event for `gke` looks as following: | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | diff --git a/packages/gcp/docs/loadbalancing.md b/packages/gcp/docs/loadbalancing.md index ed197598a25..b7f53f6ca7f 100644 --- a/packages/gcp/docs/loadbalancing.md +++ b/packages/gcp/docs/loadbalancing.md @@ -322,7 +322,7 @@ An example event for `loadbalancing` looks as following: | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | diff --git a/packages/gcp/docs/pubsub.md b/packages/gcp/docs/pubsub.md index eaa2b29e3d1..ffce8028d99 100644 --- a/packages/gcp/docs/pubsub.md +++ b/packages/gcp/docs/pubsub.md @@ -72,14 +72,14 @@ An example event for `pubsub` looks as following: | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | diff --git a/packages/gcp/docs/storage.md b/packages/gcp/docs/storage.md index 690d821c5b5..fca7e1a230e 100644 --- a/packages/gcp/docs/storage.md +++ b/packages/gcp/docs/storage.md @@ -77,14 +77,14 @@ An example event for `storage` looks as following: | cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | cloud.image.id | Image ID for the cloud instance. | keyword | | cloud.instance.id | Instance ID of the host machine. | keyword | | cloud.instance.name | Instance name of the host machine. | keyword | | cloud.machine.type | Machine type of the host machine. | keyword | | cloud.project.id | Name of the project in Google Cloud. | keyword | | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | container.id | Unique container id. | keyword | | container.image.name | Name of the image the container was built on. | keyword | | container.labels | Image labels. | object | diff --git a/packages/gcp/manifest.yml b/packages/gcp/manifest.yml index 8b56ba6408e..0cbc0ec7c02 100644 --- a/packages/gcp/manifest.yml +++ b/packages/gcp/manifest.yml @@ -1,6 +1,6 @@ name: gcp title: Google Cloud Platform -version: "2.11.7" +version: "2.11.8" release: ga description: Collect logs from Google Cloud Platform with Elastic Agent. type: integration diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index d402688aafc..5c5e937e84b 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.2" + changes: + - description: Remove duplicate field. + type: enhancement + link: https://github.com/elastic/integrations/pull/4339 - version: "2.5.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/zeek/data_stream/capture_loss/fields/agent.yml b/packages/zeek/data_stream/capture_loss/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/capture_loss/fields/agent.yml +++ b/packages/zeek/data_stream/capture_loss/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/connection/fields/agent.yml b/packages/zeek/data_stream/connection/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/connection/fields/agent.yml +++ b/packages/zeek/data_stream/connection/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/dce_rpc/fields/agent.yml b/packages/zeek/data_stream/dce_rpc/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/dce_rpc/fields/agent.yml +++ b/packages/zeek/data_stream/dce_rpc/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/dhcp/fields/agent.yml b/packages/zeek/data_stream/dhcp/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/dhcp/fields/agent.yml +++ b/packages/zeek/data_stream/dhcp/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/dnp3/fields/agent.yml b/packages/zeek/data_stream/dnp3/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/dnp3/fields/agent.yml +++ b/packages/zeek/data_stream/dnp3/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/dns/fields/agent.yml b/packages/zeek/data_stream/dns/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/dns/fields/agent.yml +++ b/packages/zeek/data_stream/dns/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/dpd/fields/agent.yml b/packages/zeek/data_stream/dpd/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/dpd/fields/agent.yml +++ b/packages/zeek/data_stream/dpd/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/files/fields/agent.yml b/packages/zeek/data_stream/files/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/files/fields/agent.yml +++ b/packages/zeek/data_stream/files/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/ftp/fields/agent.yml b/packages/zeek/data_stream/ftp/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/ftp/fields/agent.yml +++ b/packages/zeek/data_stream/ftp/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/http/fields/agent.yml b/packages/zeek/data_stream/http/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/http/fields/agent.yml +++ b/packages/zeek/data_stream/http/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/intel/fields/agent.yml b/packages/zeek/data_stream/intel/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/intel/fields/agent.yml +++ b/packages/zeek/data_stream/intel/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/irc/fields/agent.yml b/packages/zeek/data_stream/irc/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/irc/fields/agent.yml +++ b/packages/zeek/data_stream/irc/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/kerberos/fields/agent.yml b/packages/zeek/data_stream/kerberos/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/kerberos/fields/agent.yml +++ b/packages/zeek/data_stream/kerberos/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/known_certs/fields/agent.yml b/packages/zeek/data_stream/known_certs/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/known_certs/fields/agent.yml +++ b/packages/zeek/data_stream/known_certs/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/known_hosts/fields/agent.yml b/packages/zeek/data_stream/known_hosts/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/known_hosts/fields/agent.yml +++ b/packages/zeek/data_stream/known_hosts/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/known_services/fields/agent.yml b/packages/zeek/data_stream/known_services/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/known_services/fields/agent.yml +++ b/packages/zeek/data_stream/known_services/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/modbus/fields/agent.yml b/packages/zeek/data_stream/modbus/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/modbus/fields/agent.yml +++ b/packages/zeek/data_stream/modbus/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/mysql/fields/agent.yml b/packages/zeek/data_stream/mysql/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/mysql/fields/agent.yml +++ b/packages/zeek/data_stream/mysql/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/notice/fields/agent.yml b/packages/zeek/data_stream/notice/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/notice/fields/agent.yml +++ b/packages/zeek/data_stream/notice/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/ntlm/fields/agent.yml b/packages/zeek/data_stream/ntlm/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/ntlm/fields/agent.yml +++ b/packages/zeek/data_stream/ntlm/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/ntp/fields/agent.yml b/packages/zeek/data_stream/ntp/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/ntp/fields/agent.yml +++ b/packages/zeek/data_stream/ntp/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/ocsp/fields/agent.yml b/packages/zeek/data_stream/ocsp/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/ocsp/fields/agent.yml +++ b/packages/zeek/data_stream/ocsp/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/pe/fields/agent.yml b/packages/zeek/data_stream/pe/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/pe/fields/agent.yml +++ b/packages/zeek/data_stream/pe/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/radius/fields/agent.yml b/packages/zeek/data_stream/radius/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/radius/fields/agent.yml +++ b/packages/zeek/data_stream/radius/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/rdp/fields/agent.yml b/packages/zeek/data_stream/rdp/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/rdp/fields/agent.yml +++ b/packages/zeek/data_stream/rdp/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/rfb/fields/agent.yml b/packages/zeek/data_stream/rfb/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/rfb/fields/agent.yml +++ b/packages/zeek/data_stream/rfb/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/signature/fields/agent.yml b/packages/zeek/data_stream/signature/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/signature/fields/agent.yml +++ b/packages/zeek/data_stream/signature/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/sip/fields/agent.yml b/packages/zeek/data_stream/sip/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/sip/fields/agent.yml +++ b/packages/zeek/data_stream/sip/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/smb_cmd/fields/agent.yml b/packages/zeek/data_stream/smb_cmd/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/smb_cmd/fields/agent.yml +++ b/packages/zeek/data_stream/smb_cmd/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/smb_files/fields/agent.yml b/packages/zeek/data_stream/smb_files/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/smb_files/fields/agent.yml +++ b/packages/zeek/data_stream/smb_files/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/smb_mapping/fields/agent.yml b/packages/zeek/data_stream/smb_mapping/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/smb_mapping/fields/agent.yml +++ b/packages/zeek/data_stream/smb_mapping/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/smtp/fields/agent.yml b/packages/zeek/data_stream/smtp/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/smtp/fields/agent.yml +++ b/packages/zeek/data_stream/smtp/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/snmp/fields/agent.yml b/packages/zeek/data_stream/snmp/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/snmp/fields/agent.yml +++ b/packages/zeek/data_stream/snmp/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/socks/fields/agent.yml b/packages/zeek/data_stream/socks/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/socks/fields/agent.yml +++ b/packages/zeek/data_stream/socks/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/software/fields/agent.yml b/packages/zeek/data_stream/software/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/software/fields/agent.yml +++ b/packages/zeek/data_stream/software/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/ssh/fields/agent.yml b/packages/zeek/data_stream/ssh/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/ssh/fields/agent.yml +++ b/packages/zeek/data_stream/ssh/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/ssl/fields/agent.yml b/packages/zeek/data_stream/ssl/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/ssl/fields/agent.yml +++ b/packages/zeek/data_stream/ssl/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/ssl/fields/ecs.yml b/packages/zeek/data_stream/ssl/fields/ecs.yml index 446c23ddf95..24aa59fa052 100644 --- a/packages/zeek/data_stream/ssl/fields/ecs.yml +++ b/packages/zeek/data_stream/ssl/fields/ecs.yml @@ -146,5 +146,3 @@ name: tls.version - external: ecs name: tls.version_protocol -- external: ecs - name: tls.version_protocol diff --git a/packages/zeek/data_stream/stats/fields/agent.yml b/packages/zeek/data_stream/stats/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/stats/fields/agent.yml +++ b/packages/zeek/data_stream/stats/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/syslog/fields/agent.yml b/packages/zeek/data_stream/syslog/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/syslog/fields/agent.yml +++ b/packages/zeek/data_stream/syslog/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/traceroute/fields/agent.yml b/packages/zeek/data_stream/traceroute/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/traceroute/fields/agent.yml +++ b/packages/zeek/data_stream/traceroute/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/tunnel/fields/agent.yml b/packages/zeek/data_stream/tunnel/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/tunnel/fields/agent.yml +++ b/packages/zeek/data_stream/tunnel/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/weird/fields/agent.yml b/packages/zeek/data_stream/weird/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/weird/fields/agent.yml +++ b/packages/zeek/data_stream/weird/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/data_stream/x509/fields/agent.yml b/packages/zeek/data_stream/x509/fields/agent.yml index 79a7a39864b..ed1313d1b0b 100644 --- a/packages/zeek/data_stream/x509/fields/agent.yml +++ b/packages/zeek/data_stream/x509/fields/agent.yml @@ -58,11 +58,6 @@ description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword @@ -107,10 +102,6 @@ type: keyword ignore_above: 1024 description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index de4c3797044..9971dd3b95d 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -1,6 +1,6 @@ name: zeek title: Zeek -version: 2.5.1 +version: 2.5.2 release: ga description: Collect logs from Zeek with Elastic Agent. type: integration