diff --git a/packages/aws/changelog.yml b/packages/aws/changelog.yml index 4b4ad27f214..5f7e69b0568 100644 --- a/packages/aws/changelog.yml +++ b/packages/aws/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.38.2" + changes: + - description: Add metric type to vpn, firewall and transit gateway data streams. + type: enhancement + link: https://github.com/elastic/integrations/pull/6365 - version: "1.38.1" changes: - description: Add metric type to RDS data stream. diff --git a/packages/aws/data_stream/firewall_metrics/fields/fields.yml b/packages/aws/data_stream/firewall_metrics/fields/fields.yml index 97ba1ce7c79..c50f857719d 100644 --- a/packages/aws/data_stream/firewall_metrics/fields/fields.yml +++ b/packages/aws/data_stream/firewall_metrics/fields/fields.yml @@ -6,15 +6,19 @@ fields: - name: DroppedPackets.sum type: long + metric_type: gauge description: The number of packets dropped by the Network Firewall. - name: PassedPackets.sum type: long + metric_type: gauge description: The number of packets passed by the Network Firewall. - name: ReceivedPackets.sum type: long + metric_type: gauge description: The number of packets received by the Network Firewall. - name: Packets.sum type: long + metric_type: gauge description: Number of packets inspected for a firewall policy or stateless rulegroup for which a custom action is defined. This metric is only used for the dimension CustomAction. - name: dimensions type: group diff --git a/packages/aws/data_stream/transitgateway/fields/fields.yml b/packages/aws/data_stream/transitgateway/fields/fields.yml index 03841fc65a0..297dbdc1406 100644 --- a/packages/aws/data_stream/transitgateway/fields/fields.yml +++ b/packages/aws/data_stream/transitgateway/fields/fields.yml @@ -18,27 +18,35 @@ fields: - name: BytesIn.sum type: long + metric_type: gauge description: The number of bytes received by the transit gateway. - name: BytesOut.sum type: long + metric_type: gauge description: The number of bytes sent from the transit gateway. - name: PacketsIn.sum type: long + metric_type: gauge description: The number of packets received by the transit gateway. - name: PacketsOut.sum type: long + metric_type: gauge description: The number of packets sent by the transit gateway. - name: PacketDropCountBlackhole.sum type: long + metric_type: gauge description: The number of packets dropped because they matched a blackhole route. - name: PacketDropCountNoRoute.sum type: long + metric_type: gauge description: The number of packets dropped because they did not match a route. - name: BytesDropCountNoRoute.sum type: long + metric_type: gauge description: The number of bytes dropped because they did not match a route. - name: BytesDropCountBlackhole.sum type: long + metric_type: gauge description: The number of bytes dropped because they matched a blackhole route. - name: cloudwatch type: group diff --git a/packages/aws/data_stream/vpn/fields/fields.yml b/packages/aws/data_stream/vpn/fields/fields.yml index 5a5ff461f09..0b181faac0e 100644 --- a/packages/aws/data_stream/vpn/fields/fields.yml +++ b/packages/aws/data_stream/vpn/fields/fields.yml @@ -8,13 +8,16 @@ type: group fields: - name: TunnelState.avg + metric_type: gauge type: double description: The state of the tunnel. For static VPNs, 0 indicates DOWN and 1 indicates UP. For BGP VPNs, 1 indicates ESTABLISHED and 0 is used for all other states. - name: TunnelDataIn.sum type: double + metric_type: gauge description: The bytes received through the VPN tunnel. - name: TunnelDataOut.sum type: double + metric_type: gauge description: The bytes sent through the VPN tunnel. - name: dimensions type: group diff --git a/packages/aws/docs/firewall.md b/packages/aws/docs/firewall.md index b76d0c62acc..3a363f31e73 100644 --- a/packages/aws/docs/firewall.md +++ b/packages/aws/docs/firewall.md @@ -410,60 +410,60 @@ An example event for `firewall` looks as following: **Exported fields** -| Field | Description | Type | -|---|---|---| -| @timestamp | Event timestamp. | date | -| aws.\*.metrics.\*.\* | Metrics that returned from Cloudwatch API query. | object | -| aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword | -| aws.dimensions.\* | Metric dimensions. | object | -| aws.dimensions.AvailabilityZone | Availability Zone in the Region where the Network Firewall firewall is active. | keyword | -| aws.dimensions.CustomAction | Dimension for a publish metrics custom action that you defined. You can define this for a rule action in a stateless rule group or for a stateless default action in a firewall policy. | keyword | -| aws.dimensions.Engine | Rules engine that processed the packet. The value for this is either Stateful or Stateless. | keyword | -| aws.dimensions.FirewallName | Name that you specified for the Network Firewall firewall. | keyword | -| aws.networkfirewall.metrics.DroppedPackets.sum | The number of packets dropped by the Network Firewall. | long | -| aws.networkfirewall.metrics.Packets.sum | Number of packets inspected for a firewall policy or stateless rulegroup for which a custom action is defined. This metric is only used for the dimension CustomAction. | long | -| aws.networkfirewall.metrics.PassedPackets.sum | The number of packets passed by the Network Firewall. | long | -| aws.networkfirewall.metrics.ReceivedPackets.sum | The number of packets received by the Network Firewall. | long | -| aws.s3.bucket.name | Name of a S3 bucket. | keyword | -| aws.tags.\* | Tag key value pairs from aws resources. | object | -| cloud | Fields related to the cloud or infrastructure the events are coming from. | group | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | -| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | -| cloud.image.id | Image ID for the cloud instance. | keyword | -| cloud.instance.id | Instance ID of the host machine. | keyword | -| cloud.instance.name | Instance name of the host machine. | keyword | -| cloud.machine.type | Machine type of the host machine. | keyword | -| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | -| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host, resource, or service is located. | keyword | -| container.id | Unique container id. | keyword | -| container.image.name | Name of the image the container was built on. | keyword | -| container.labels | Image labels. | object | -| container.name | Container name. | keyword | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| error | These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error. | group | -| error.message | Error message. | match_only_text | -| event.dataset | Event dataset | constant_keyword | -| event.module | Event module | constant_keyword | -| host.architecture | Operating system architecture. | keyword | -| host.containerized | If the host is a container. | boolean | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | -| host.ip | Host ip addresses. | ip | -| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | -| host.os.build | OS build information. | keyword | -| host.os.codename | OS codename, if any. | keyword | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | -| host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.version | Operating system version as a raw string. | keyword | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | +| Field | Description | Type | Metric Type | +|---|---|---|---| +| @timestamp | Event timestamp. | date | | +| aws.\*.metrics.\*.\* | Metrics that returned from Cloudwatch API query. | object | | +| aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword | | +| aws.dimensions.\* | Metric dimensions. | object | | +| aws.dimensions.AvailabilityZone | Availability Zone in the Region where the Network Firewall firewall is active. | keyword | | +| aws.dimensions.CustomAction | Dimension for a publish metrics custom action that you defined. You can define this for a rule action in a stateless rule group or for a stateless default action in a firewall policy. | keyword | | +| aws.dimensions.Engine | Rules engine that processed the packet. The value for this is either Stateful or Stateless. | keyword | | +| aws.dimensions.FirewallName | Name that you specified for the Network Firewall firewall. | keyword | | +| aws.networkfirewall.metrics.DroppedPackets.sum | The number of packets dropped by the Network Firewall. | long | gauge | +| aws.networkfirewall.metrics.Packets.sum | Number of packets inspected for a firewall policy or stateless rulegroup for which a custom action is defined. This metric is only used for the dimension CustomAction. | long | gauge | +| aws.networkfirewall.metrics.PassedPackets.sum | The number of packets passed by the Network Firewall. | long | gauge | +| aws.networkfirewall.metrics.ReceivedPackets.sum | The number of packets received by the Network Firewall. | long | gauge | +| aws.s3.bucket.name | Name of a S3 bucket. | keyword | | +| aws.tags.\* | Tag key value pairs from aws resources. | object | | +| cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | +| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | +| cloud.image.id | Image ID for the cloud instance. | keyword | | +| cloud.instance.id | Instance ID of the host machine. | keyword | | +| cloud.instance.name | Instance name of the host machine. | keyword | | +| cloud.machine.type | Machine type of the host machine. | keyword | | +| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | | +| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | +| container.id | Unique container id. | keyword | | +| container.image.name | Name of the image the container was built on. | keyword | | +| container.labels | Image labels. | object | | +| container.name | Container name. | keyword | | +| data_stream.dataset | Data stream dataset. | constant_keyword | | +| data_stream.namespace | Data stream namespace. | constant_keyword | | +| data_stream.type | Data stream type. | constant_keyword | | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | +| error | These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error. | group | | +| error.message | Error message. | match_only_text | | +| event.dataset | Event dataset | constant_keyword | | +| event.module | Event module | constant_keyword | | +| host.architecture | Operating system architecture. | keyword | | +| host.containerized | If the host is a container. | boolean | | +| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | +| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | +| host.ip | Host ip addresses. | ip | | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.os.build | OS build information. | keyword | | +| host.os.codename | OS codename, if any. | keyword | | +| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | +| host.os.kernel | Operating system kernel version as a raw string. | keyword | | +| host.os.name | Operating system name, without the version. | keyword | | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | +| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | +| host.os.version | Operating system version as a raw string. | keyword | | +| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | +| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | diff --git a/packages/aws/docs/transitgateway.md b/packages/aws/docs/transitgateway.md index 1215b46327a..019bb42c5f8 100644 --- a/packages/aws/docs/transitgateway.md +++ b/packages/aws/docs/transitgateway.md @@ -148,61 +148,61 @@ An example event for `transitgateway` looks as following: **Exported fields** -| Field | Description | Type | -|---|---|---| -| @timestamp | Event timestamp. | date | -| aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword | -| aws.dimensions.\* | Metric dimensions. | object | -| aws.dimensions.TransitGateway | Filters the metric data by transit gateway. | keyword | -| aws.dimensions.TransitGatewayAttachment | Filters the metric data by transit gateway attachment. | keyword | -| aws.s3.bucket.name | Name of a S3 bucket. | keyword | -| aws.tags.\* | Tag key value pairs from aws resources. | object | -| aws.transitgateway.metrics.BytesDropCountBlackhole.sum | The number of bytes dropped because they matched a blackhole route. | long | -| aws.transitgateway.metrics.BytesDropCountNoRoute.sum | The number of bytes dropped because they did not match a route. | long | -| aws.transitgateway.metrics.BytesIn.sum | The number of bytes received by the transit gateway. | long | -| aws.transitgateway.metrics.BytesOut.sum | The number of bytes sent from the transit gateway. | long | -| aws.transitgateway.metrics.PacketDropCountBlackhole.sum | The number of packets dropped because they matched a blackhole route. | long | -| aws.transitgateway.metrics.PacketDropCountNoRoute.sum | The number of packets dropped because they did not match a route. | long | -| aws.transitgateway.metrics.PacketsIn.sum | The number of packets received by the transit gateway. | long | -| aws.transitgateway.metrics.PacketsOut.sum | The number of packets sent by the transit gateway. | long | -| cloud | Fields related to the cloud or infrastructure the events are coming from. | group | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | -| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | -| cloud.image.id | Image ID for the cloud instance. | keyword | -| cloud.instance.id | Instance ID of the host machine. | keyword | -| cloud.instance.name | Instance name of the host machine. | keyword | -| cloud.machine.type | Machine type of the host machine. | keyword | -| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | -| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host, resource, or service is located. | keyword | -| container.id | Unique container id. | keyword | -| container.image.name | Name of the image the container was built on. | keyword | -| container.labels | Image labels. | object | -| container.name | Container name. | keyword | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| error | These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error. | group | -| error.message | Error message. | match_only_text | -| event.dataset | Event dataset | constant_keyword | -| event.module | Event module | constant_keyword | -| host.architecture | Operating system architecture. | keyword | -| host.containerized | If the host is a container. | boolean | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | -| host.ip | Host ip addresses. | ip | -| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | -| host.os.build | OS build information. | keyword | -| host.os.codename | OS codename, if any. | keyword | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | -| host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.version | Operating system version as a raw string. | keyword | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | +| Field | Description | Type | Metric Type | +|---|---|---|---| +| @timestamp | Event timestamp. | date | | +| aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword | | +| aws.dimensions.\* | Metric dimensions. | object | | +| aws.dimensions.TransitGateway | Filters the metric data by transit gateway. | keyword | | +| aws.dimensions.TransitGatewayAttachment | Filters the metric data by transit gateway attachment. | keyword | | +| aws.s3.bucket.name | Name of a S3 bucket. | keyword | | +| aws.tags.\* | Tag key value pairs from aws resources. | object | | +| aws.transitgateway.metrics.BytesDropCountBlackhole.sum | The number of bytes dropped because they matched a blackhole route. | long | gauge | +| aws.transitgateway.metrics.BytesDropCountNoRoute.sum | The number of bytes dropped because they did not match a route. | long | gauge | +| aws.transitgateway.metrics.BytesIn.sum | The number of bytes received by the transit gateway. | long | gauge | +| aws.transitgateway.metrics.BytesOut.sum | The number of bytes sent from the transit gateway. | long | gauge | +| aws.transitgateway.metrics.PacketDropCountBlackhole.sum | The number of packets dropped because they matched a blackhole route. | long | gauge | +| aws.transitgateway.metrics.PacketDropCountNoRoute.sum | The number of packets dropped because they did not match a route. | long | gauge | +| aws.transitgateway.metrics.PacketsIn.sum | The number of packets received by the transit gateway. | long | gauge | +| aws.transitgateway.metrics.PacketsOut.sum | The number of packets sent by the transit gateway. | long | gauge | +| cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | +| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | +| cloud.image.id | Image ID for the cloud instance. | keyword | | +| cloud.instance.id | Instance ID of the host machine. | keyword | | +| cloud.instance.name | Instance name of the host machine. | keyword | | +| cloud.machine.type | Machine type of the host machine. | keyword | | +| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | | +| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | +| container.id | Unique container id. | keyword | | +| container.image.name | Name of the image the container was built on. | keyword | | +| container.labels | Image labels. | object | | +| container.name | Container name. | keyword | | +| data_stream.dataset | Data stream dataset. | constant_keyword | | +| data_stream.namespace | Data stream namespace. | constant_keyword | | +| data_stream.type | Data stream type. | constant_keyword | | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | +| error | These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error. | group | | +| error.message | Error message. | match_only_text | | +| event.dataset | Event dataset | constant_keyword | | +| event.module | Event module | constant_keyword | | +| host.architecture | Operating system architecture. | keyword | | +| host.containerized | If the host is a container. | boolean | | +| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | +| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | +| host.ip | Host ip addresses. | ip | | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.os.build | OS build information. | keyword | | +| host.os.codename | OS codename, if any. | keyword | | +| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | +| host.os.kernel | Operating system kernel version as a raw string. | keyword | | +| host.os.name | Operating system name, without the version. | keyword | | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | +| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | +| host.os.version | Operating system version as a raw string. | keyword | | +| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | +| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | diff --git a/packages/aws/docs/vpn.md b/packages/aws/docs/vpn.md index 3836546b921..5a6c1107d5d 100644 --- a/packages/aws/docs/vpn.md +++ b/packages/aws/docs/vpn.md @@ -97,57 +97,57 @@ An example event for `vpn` looks as following: **Exported fields** -| Field | Description | Type | -|---|---|---| -| @timestamp | Event timestamp. | date | -| aws.\*.metrics.\*.\* | Metrics that returned from Cloudwatch API query. | object | -| aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword | -| aws.dimensions.\* | Metric dimensions. | object | -| aws.dimensions.TunnelIpAddress | Filters the metric data by the IP address of the tunnel for the virtual private gateway. | keyword | -| aws.dimensions.VpnId | Filters the metric data by the Site-to-Site VPN connection ID. | keyword | -| aws.s3.bucket.name | Name of a S3 bucket. | keyword | -| aws.tags.\* | Tag key value pairs from aws resources. | object | -| aws.vpn.metrics.TunnelDataIn.sum | The bytes received through the VPN tunnel. | double | -| aws.vpn.metrics.TunnelDataOut.sum | The bytes sent through the VPN tunnel. | double | -| aws.vpn.metrics.TunnelState.avg | The state of the tunnel. For static VPNs, 0 indicates DOWN and 1 indicates UP. For BGP VPNs, 1 indicates ESTABLISHED and 0 is used for all other states. | double | -| cloud | Fields related to the cloud or infrastructure the events are coming from. | group | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | -| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | -| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | -| cloud.image.id | Image ID for the cloud instance. | keyword | -| cloud.instance.id | Instance ID of the host machine. | keyword | -| cloud.instance.name | Instance name of the host machine. | keyword | -| cloud.machine.type | Machine type of the host machine. | keyword | -| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | -| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host, resource, or service is located. | keyword | -| container.id | Unique container id. | keyword | -| container.image.name | Name of the image the container was built on. | keyword | -| container.labels | Image labels. | object | -| container.name | Container name. | keyword | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| error | These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error. | group | -| error.message | Error message. | match_only_text | -| event.dataset | Event dataset | constant_keyword | -| event.module | Event module | constant_keyword | -| host.architecture | Operating system architecture. | keyword | -| host.containerized | If the host is a container. | boolean | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | -| host.ip | Host ip addresses. | ip | -| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | -| host.os.build | OS build information. | keyword | -| host.os.codename | OS codename, if any. | keyword | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | -| host.os.name | Operating system name, without the version. | keyword | -| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.version | Operating system version as a raw string. | keyword | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | -| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | +| Field | Description | Type | Metric Type | +|---|---|---|---| +| @timestamp | Event timestamp. | date | | +| aws.\*.metrics.\*.\* | Metrics that returned from Cloudwatch API query. | object | | +| aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword | | +| aws.dimensions.\* | Metric dimensions. | object | | +| aws.dimensions.TunnelIpAddress | Filters the metric data by the IP address of the tunnel for the virtual private gateway. | keyword | | +| aws.dimensions.VpnId | Filters the metric data by the Site-to-Site VPN connection ID. | keyword | | +| aws.s3.bucket.name | Name of a S3 bucket. | keyword | | +| aws.tags.\* | Tag key value pairs from aws resources. | object | | +| aws.vpn.metrics.TunnelDataIn.sum | The bytes received through the VPN tunnel. | double | gauge | +| aws.vpn.metrics.TunnelDataOut.sum | The bytes sent through the VPN tunnel. | double | gauge | +| aws.vpn.metrics.TunnelState.avg | The state of the tunnel. For static VPNs, 0 indicates DOWN and 1 indicates UP. For BGP VPNs, 1 indicates ESTABLISHED and 0 is used for all other states. | double | gauge | +| cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | +| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | +| cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | | +| cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | | +| cloud.image.id | Image ID for the cloud instance. | keyword | | +| cloud.instance.id | Instance ID of the host machine. | keyword | | +| cloud.instance.name | Instance name of the host machine. | keyword | | +| cloud.machine.type | Machine type of the host machine. | keyword | | +| cloud.project.id | The cloud project identifier. Examples: Google Cloud Project id, Azure Project id. | keyword | | +| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | | +| cloud.region | Region in which this host, resource, or service is located. | keyword | | +| container.id | Unique container id. | keyword | | +| container.image.name | Name of the image the container was built on. | keyword | | +| container.labels | Image labels. | object | | +| container.name | Container name. | keyword | | +| data_stream.dataset | Data stream dataset. | constant_keyword | | +| data_stream.namespace | Data stream namespace. | constant_keyword | | +| data_stream.type | Data stream type. | constant_keyword | | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | +| error | These fields can represent errors of any kind. Use them for errors that happen while fetching events or in cases where the event itself contains an error. | group | | +| error.message | Error message. | match_only_text | | +| event.dataset | Event dataset | constant_keyword | | +| event.module | Event module | constant_keyword | | +| host.architecture | Operating system architecture. | keyword | | +| host.containerized | If the host is a container. | boolean | | +| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | | +| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | +| host.ip | Host ip addresses. | ip | | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | +| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | +| host.os.build | OS build information. | keyword | | +| host.os.codename | OS codename, if any. | keyword | | +| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | | +| host.os.kernel | Operating system kernel version as a raw string. | keyword | | +| host.os.name | Operating system name, without the version. | keyword | | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | +| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | +| host.os.version | Operating system version as a raw string. | keyword | | +| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | +| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index d43f74c2abc..e104f21c863 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: aws title: AWS -version: 1.38.1 +version: 1.38.2 license: basic description: Collect logs and metrics from Amazon Web Services with Elastic Agent. type: integration