akamai,auditd,barracuda,bluecoat,box_events,carbon_black_cloud,cef: remove duplicated fields

packages/akamai/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.1.2"
+  changes:
+    - description: Remove duplicate fields.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/4399
 - version: "2.1.1"
   changes:
     - description: Use ECS geo.location definition.

packages/akamai/data_stream/siem/fields/ecs.yml

@@ -12,8 +12,6 @@
   external: ecs
 - name: client.geo.continent_name
   external: ecs
-- name: client.geo.country_iso_code
-  external: ecs
 - name: client.geo.region_iso_code
   external: ecs
 - name: client.geo.location

packages/akamai/manifest.yml

@@ -1,6 +1,6 @@
 name: akamai
 title: Akamai
-version: "2.1.1"
+version: "2.1.2"
 release: ga
 description: Collect logs from Akamai with Elastic Agent.
 type: integration

packages/auditd/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "3.3.4"
+  changes:
+    - description: Remove duplicate fields.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/4399
 - version: "3.3.3"
   changes:
     - description: Use ECS geo.location definition.

packages/auditd/data_stream/log/fields/agent.yml

@@ -77,11 +77,6 @@
       type: object
       object_type: keyword
       description: Image labels.
-    - name: name
-      level: extended
-      type: keyword
-      ignore_above: 1024
-      description: Container name.
 - name: host
   title: Host
   group: 2
@@ -90,12 +85,6 @@
     ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.'
   type: group
   fields:
-    - name: architecture
-      level: core
-      type: keyword
-      ignore_above: 1024
-      description: Operating system architecture.
-      example: x86_64
     - name: domain
       level: extended
       type: keyword

packages/auditd/data_stream/log/fields/fields.yml

@@ -36,9 +36,6 @@
       type: keyword
       description: |
         The first argument to the system call.
-    - name: a0
-      description: The first argument to the system call.
-      type: keyword
     - name: addr
       type: ip
     - name: rport

packages/auditd/data_stream/log/fields/package-fields.yml

@@ -24,25 +24,6 @@
           type: keyword
           description: |
             Name of the group.
-    - name: effective
-      type: group
-      fields:
-        - name: id
-          type: keyword
-          description: |
-            One or multiple unique identifiers of the user.
-        - name: name
-          type: keyword
-          description: |
-            Short name or login of the user.
-        - name: group.id
-          type: keyword
-          description: |
-            Unique identifier for the group on the system/platform.
-        - name: group.name
-          type: keyword
-          description: |
-            Name of the group.
     - name: filesystem
       type: group
       fields:

packages/auditd/docs/README.md

@@ -250,7 +250,7 @@ An example event for `log` looks as following:
 | user.audit.name | Short name or login of the user. | keyword |
 | user.effective.group.id | Unique identifier for the group on the system/platform. | keyword |
 | user.effective.group.name | Name of the group. | keyword |
-| user.effective.id | One or multiple unique identifiers of the user. | keyword |
+| user.effective.id | Unique identifier of the user. | keyword |
 | user.effective.name | Short name or login of the user. | keyword |
 | user.effective.name.text | Multi-field of `user.effective.name`. | match_only_text |
 | user.filesystem.group.id | Unique identifier for the group on the system/platform. | keyword |

packages/auditd/manifest.yml

@@ -1,6 +1,6 @@
 name: auditd
 title: Auditd Logs
-version: "3.3.3"
+version: "3.3.4"
 release: ga
 description: Collect logs from Linux audit daemon with Elastic Agent.
 type: integration

packages/barracuda/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.11.2"
+  changes:
+    - description: Remove duplicate fields.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/4399
 - version: "0.11.1"
   changes:
     - description: Use ECS geo.location definition.

packages/barracuda/data_stream/spamfirewall/fields/base-fields.yml

@@ -15,9 +15,6 @@
   type: constant_keyword
   description: Event dataset
   value: barracuda.spamfirewall
-- name: '@timestamp'
-  type: date
-  description: Event timestamp.
 - name: container.id
   description: Unique container id.
   ignore_above: 1024
@@ -39,8 +36,3 @@
 - name: log.offset
   description: Offset of the entry in the log file.
   type: long
-- name: tags
-  description: List of keywords used to tag each event.
-  example: '["production", "env2"]'
-  ignore_above: 1024
-  type: keyword

packages/barracuda/data_stream/waf/fields/base-fields.yml

@@ -15,9 +15,6 @@
   type: constant_keyword
   description: Event dataset
   value: barracuda.waf
-- name: '@timestamp'
-  type: date
-  description: Event timestamp.
 - name: container.id
   description: Unique container id.
   ignore_above: 1024
@@ -39,8 +36,3 @@
 - name: log.offset
   description: Offset of the entry in the log file.
   type: long
-- name: tags
-  description: List of keywords used to tag each event.
-  example: '["production", "env2"]'
-  ignore_above: 1024
-  type: keyword

packages/barracuda/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: barracuda
 title: Barracuda Logs
-version: "0.11.1"
+version: "0.11.2"
 description: Collect spam and web application firewall logs from Barracuda devices with Elastic Agent.
 categories: ["network", "security"]
 release: experimental

packages/bluecoat/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.10.2"
+  changes:
+    - description: Remove duplicate fields.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/4399
 - version: "0.10.1"
   changes:
     - description: Use ECS geo.location definition.

packages/bluecoat/data_stream/director/fields/base-fields.yml

@@ -15,9 +15,6 @@
   type: constant_keyword
   description: Event dataset
   value: bluecoat.director
-- name: '@timestamp'
-  type: date
-  description: Event timestamp.
 - name: container.id
   description: Unique container id.
   ignore_above: 1024
@@ -39,8 +36,3 @@
 - name: log.offset
   description: Offset of the entry in the log file.
   type: long
-- name: tags
-  description: List of keywords used to tag each event.
-  example: '["production", "env2"]'
-  ignore_above: 1024
-  type: keyword

packages/bluecoat/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: bluecoat
 title: Blue Coat Director Logs
-version: "0.10.1"
+version: "0.10.2"
 description: Collect director logs from Blue Coat devices with Elastic Agent.
 categories: ["network", "security"]
 release: experimental

packages/box_events/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.1.1"
+  changes:
+    - description: Remove duplicate fields.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/4399
 - version: "0.1.0"
   changes:
     - description: Initial beta version of the package

packages/box_events/data_stream/events/fields/fields.yml

@@ -149,6 +149,3 @@
         - name: trashed_at
           description: The time at which this file was put in the trash
           type: boolean
-        - name: id
-          description: The unique identifier that represent a folder
-          type: keyword

packages/box_events/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: box_events
 title: Box Events
-version: 0.1.0
+version: 0.1.1
 release: beta
 license: basic
 description: "Collect logs from Box with Elastic Agent."

packages/carbon_black_cloud/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.3.1"
+  changes:
+    - description: Remove duplicate fields.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/4399
 - version: "1.3.0"
   changes:
     - description: Add Support of SQS input type.

packages/carbon_black_cloud/data_stream/alert/fields/agent.yml

@@ -105,38 +105,11 @@
         For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.'
       example: CONTOSO
       default_field: false
-    - name: hostname
-      level: core
-      type: keyword
-      ignore_above: 1024
-      description: 'Hostname of the host.
-
-        It normally contains what the `hostname` command returns on the host machine.'
-    - name: id
-      level: core
-      type: keyword
-      ignore_above: 1024
-      description: 'Unique host id.
-
-        As hostname is not always unique, use values that are meaningful in your environment.
-
-        Example: The current usage of `beat.name`.'
-    - name: ip
-      level: core
-      type: ip
-      description: Host ip addresses.
     - name: mac
       level: core
       type: keyword
       ignore_above: 1024
       description: Host mac addresses.
-    - name: name
-      level: core
-      type: keyword
-      ignore_above: 1024
-      description: 'Name of the host.
-
-        It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.'
     - name: os.family
       level: extended
       type: keyword
@@ -166,12 +139,6 @@
       ignore_above: 1024
       description: Operating system platform (such centos, ubuntu, windows).
       example: darwin
-    - name: os.version
-      level: extended
-      type: keyword
-      ignore_above: 1024
-      description: Operating system version as a raw string.
-      example: 10.14.1
     - name: type
       level: core
       type: keyword

packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/fields/agent.yml

@@ -105,22 +105,6 @@
         For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.'
       example: CONTOSO
       default_field: false
-    - name: hostname
-      level: core
-      type: keyword
-      ignore_above: 1024
-      description: 'Hostname of the host.
-
-        It normally contains what the `hostname` command returns on the host machine.'
-    - name: id
-      level: core
-      type: keyword
-      ignore_above: 1024
-      description: 'Unique host id.
-
-        As hostname is not always unique, use values that are meaningful in your environment.
-
-        Example: The current usage of `beat.name`.'
     - name: ip
       level: core
       type: ip
@@ -130,13 +114,6 @@
       type: keyword
       ignore_above: 1024
       description: Host mac addresses.
-    - name: name
-      level: core
-      type: keyword
-      ignore_above: 1024
-      description: 'Name of the host.
-
-        It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.'
     - name: os.family
       level: extended
       type: keyword
@@ -149,29 +126,12 @@
       ignore_above: 1024
       description: Operating system kernel version as a raw string.
       example: 4.4.0-112-generic
-    - name: os.name
-      level: extended
-      type: keyword
-      ignore_above: 1024
-      multi_fields:
-        - name: text
-          type: text
-          norms: false
-          default_field: false
-      description: Operating system name, without the version.
-      example: Mac OS X
     - name: os.platform
       level: extended
       type: keyword
       ignore_above: 1024
       description: Operating system platform (such centos, ubuntu, windows).
       example: darwin
-    - name: os.version
-      level: extended
-      type: keyword
-      ignore_above: 1024
-      description: Operating system version as a raw string.
-      example: 10.14.1
     - name: type
       level: core
       type: keyword