From 509a387b6c9f67dbd0c5eca3b63554967a643916 Mon Sep 17 00:00:00 2001 From: Tetiana Kravchenko Date: Wed, 31 May 2023 22:14:26 +0200 Subject: [PATCH] [System] Add dimensions to system package metrics data_streams only, except core data_streams (#6118) * add dimensions to system package, metrics data_streams only Signed-off-by: Tetiana Kravchenko * revert k8s package Signed-off-by: Tetiana Kravchenko * revert k8s changes; add extra dimensions for diskio and network Signed-off-by: Tetiana Kravchenko * filesystem: add mount_point and device_name Signed-off-by: Tetiana Kravchenko * move core and process datastream to different PR Signed-off-by: Tetiana Kravchenko * update PR number Signed-off-by: Tetiana Kravchenko * move agent.id field to ecs.yaml Signed-off-by: Tetiana Kravchenko * run elastic-package build Signed-off-by: Tetiana Kravchenko * run elastic-package build Signed-off-by: Tetiana Kravchenko * elastic-package check Signed-off-by: Tetiana Kravchenko * add dimensions to process data_stream Signed-off-by: Tetiana Kravchenko * clean up some duplicated fields Signed-off-by: Tetiana Kravchenko * revert network data_stream changes Signed-off-by: Tetiana Kravchenko * rever process data_stream changes Signed-off-by: Tetiana Kravchenko * adjust the changelog description Signed-off-by: Tetiana Kravchenko * revert process data_stream changes Signed-off-by: Tetiana Kravchenko --------- Signed-off-by: Tetiana Kravchenko --- packages/system/changelog.yml | 5 ++++ .../system/data_stream/cpu/fields/agent.yml | 14 ++++------- .../system/data_stream/cpu/fields/ecs.yml | 3 +++ .../data_stream/diskio/fields/agent.yml | 18 ++++++--------- .../system/data_stream/diskio/fields/ecs.yml | 3 +++ .../data_stream/diskio/fields/fields.yml | 1 + .../data_stream/filesystem/fields/agent.yml | 7 ++++++ .../data_stream/filesystem/fields/ecs.yml | 3 +++ .../data_stream/filesystem/fields/fields.yml | 2 ++ .../data_stream/fsstat/fields/agent.yml | 7 ++++++ .../system/data_stream/fsstat/fields/ecs.yml | 3 +++ .../system/data_stream/load/fields/agent.yml | 23 +++---------------- .../system/data_stream/load/fields/ecs.yml | 3 +++ .../data_stream/memory/fields/agent.yml | 12 +++------- .../system/data_stream/memory/fields/ecs.yml | 3 +++ .../process_summary/fields/agent.yml | 7 ++++++ .../process_summary/fields/ecs.yml | 3 +++ .../socket_summary/fields/agent.yml | 7 ++++++ .../socket_summary/fields/base-fields.yml | 3 --- .../data_stream/socket_summary/fields/ecs.yml | 3 +++ .../data_stream/uptime/fields/agent.yml | 7 ++++++ .../system/data_stream/uptime/fields/ecs.yml | 3 +++ packages/system/docs/README.md | 16 +++++++++---- packages/system/manifest.yml | 2 +- 24 files changed, 99 insertions(+), 59 deletions(-) create mode 100644 packages/system/data_stream/filesystem/fields/ecs.yml create mode 100644 packages/system/data_stream/uptime/fields/ecs.yml diff --git a/packages/system/changelog.yml b/packages/system/changelog.yml index 98ffe9f3ab3..92aa2ab4b8d 100644 --- a/packages/system/changelog.yml +++ b/packages/system/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.30.0" + changes: + - description: Add dimension fields to metrics all data_streams, except core, network and process to support TSDS migration + type: enhancement + link: https://github.com/elastic/integrations/pull/6118 - version: "1.29.0" changes: - description: support ip or domain in sshd messages diff --git a/packages/system/data_stream/cpu/fields/agent.yml b/packages/system/data_stream/cpu/fields/agent.yml index 4f62096bf6e..4b259da8060 100644 --- a/packages/system/data_stream/cpu/fields/agent.yml +++ b/packages/system/data_stream/cpu/fields/agent.yml @@ -13,12 +13,14 @@ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' example: 666777888999 + dimension: true - name: availability_zone level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. example: us-east-1c + dimension: true - name: instance.id level: extended type: keyword @@ -50,10 +52,10 @@ ignore_above: 1024 description: Region in which this host is running. example: us-east-1 + dimension: true - name: project.id type: keyword description: Name of the project in Google Cloud. - dimension: true - name: image.id type: keyword description: Image ID for the cloud instance. @@ -138,10 +140,10 @@ level: core type: keyword ignore_above: 1024 - dimension: true description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' + dimension: true - name: os.family level: extended type: keyword @@ -201,11 +203,3 @@ description: > OS codename, if any. -- name: agent - title: Agent - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - dimension: true diff --git a/packages/system/data_stream/cpu/fields/ecs.yml b/packages/system/data_stream/cpu/fields/ecs.yml index 9e69e978131..baad5c2450f 100644 --- a/packages/system/data_stream/cpu/fields/ecs.yml +++ b/packages/system/data_stream/cpu/fields/ecs.yml @@ -22,3 +22,6 @@ name: host.os.version - external: ecs name: host.type +- external: ecs + name: agent.id + dimension: true diff --git a/packages/system/data_stream/diskio/fields/agent.yml b/packages/system/data_stream/diskio/fields/agent.yml index 54d97ab701d..5e2fd81c445 100644 --- a/packages/system/data_stream/diskio/fields/agent.yml +++ b/packages/system/data_stream/diskio/fields/agent.yml @@ -8,6 +8,7 @@ - name: account.id level: extended type: keyword + dimension: true ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. @@ -16,12 +17,14 @@ - name: availability_zone level: extended type: keyword + dimension: true ignore_above: 1024 description: Availability zone in which this host is running. example: us-east-1c - name: instance.id level: extended type: keyword + dimension: true ignore_above: 1024 description: Instance ID of the host machine. example: i-1234567890abcdef0 @@ -39,12 +42,14 @@ - name: provider level: extended type: keyword + dimension: true ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. example: aws - name: region level: extended type: keyword + dimension: true ignore_above: 1024 description: Region in which this host is running. example: us-east-1 @@ -67,6 +72,7 @@ type: keyword ignore_above: 1024 description: Unique container id. + dimension: true - name: image.name level: extended type: keyword @@ -133,6 +139,7 @@ - name: name level: core type: keyword + dimension: true ignore_above: 1024 description: 'Name of the host. @@ -149,17 +156,6 @@ ignore_above: 1024 description: Operating system kernel version as a raw string. example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - name: os.platform level: extended type: keyword diff --git a/packages/system/data_stream/diskio/fields/ecs.yml b/packages/system/data_stream/diskio/fields/ecs.yml index 125667d5ce5..98cf5ad7383 100644 --- a/packages/system/data_stream/diskio/fields/ecs.yml +++ b/packages/system/data_stream/diskio/fields/ecs.yml @@ -24,3 +24,6 @@ name: host.os.version - external: ecs name: host.type +- external: ecs + name: agent.id + dimension: true diff --git a/packages/system/data_stream/diskio/fields/fields.yml b/packages/system/data_stream/diskio/fields/fields.yml index 01a5762c60a..70913cd16b8 100644 --- a/packages/system/data_stream/diskio/fields/fields.yml +++ b/packages/system/data_stream/diskio/fields/fields.yml @@ -3,6 +3,7 @@ fields: - name: name type: keyword + dimension: true description: | The disk name. - name: serial_number diff --git a/packages/system/data_stream/filesystem/fields/agent.yml b/packages/system/data_stream/filesystem/fields/agent.yml index da4e652c53b..bcbae612b81 100644 --- a/packages/system/data_stream/filesystem/fields/agent.yml +++ b/packages/system/data_stream/filesystem/fields/agent.yml @@ -9,6 +9,7 @@ level: extended type: keyword ignore_above: 1024 + dimension: true description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' @@ -16,12 +17,14 @@ - name: availability_zone level: extended type: keyword + dimension: true ignore_above: 1024 description: Availability zone in which this host is running. example: us-east-1c - name: instance.id level: extended type: keyword + dimension: true ignore_above: 1024 description: Instance ID of the host machine. example: i-1234567890abcdef0 @@ -39,12 +42,14 @@ - name: provider level: extended type: keyword + dimension: true ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. example: aws - name: region level: extended type: keyword + dimension: true ignore_above: 1024 description: Region in which this host is running. example: us-east-1 @@ -66,6 +71,7 @@ level: core type: keyword ignore_above: 1024 + dimension: true description: Unique container id. - name: image.name level: extended @@ -134,6 +140,7 @@ level: core type: keyword ignore_above: 1024 + dimension: true description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' diff --git a/packages/system/data_stream/filesystem/fields/ecs.yml b/packages/system/data_stream/filesystem/fields/ecs.yml new file mode 100644 index 00000000000..3014c8de4b6 --- /dev/null +++ b/packages/system/data_stream/filesystem/fields/ecs.yml @@ -0,0 +1,3 @@ +- external: ecs + name: agent.id + dimension: true diff --git a/packages/system/data_stream/filesystem/fields/fields.yml b/packages/system/data_stream/filesystem/fields/fields.yml index d7b44199a86..d670be5844b 100644 --- a/packages/system/data_stream/filesystem/fields/fields.yml +++ b/packages/system/data_stream/filesystem/fields/fields.yml @@ -10,6 +10,7 @@ The disk space available to an unprivileged user in bytes. - name: device_name type: keyword + dimension: true description: | The disk name. For example: `/dev/disk1` - name: type @@ -18,6 +19,7 @@ The disk type. For example: `ext4` - name: mount_point type: keyword + dimension: true description: | The mounting point. For example: `/` - name: files diff --git a/packages/system/data_stream/fsstat/fields/agent.yml b/packages/system/data_stream/fsstat/fields/agent.yml index da4e652c53b..48add32f2ae 100644 --- a/packages/system/data_stream/fsstat/fields/agent.yml +++ b/packages/system/data_stream/fsstat/fields/agent.yml @@ -8,6 +8,7 @@ - name: account.id level: extended type: keyword + dimension: true ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. @@ -16,12 +17,14 @@ - name: availability_zone level: extended type: keyword + dimension: true ignore_above: 1024 description: Availability zone in which this host is running. example: us-east-1c - name: instance.id level: extended type: keyword + dimension: true ignore_above: 1024 description: Instance ID of the host machine. example: i-1234567890abcdef0 @@ -39,12 +42,14 @@ - name: provider level: extended type: keyword + dimension: true ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. example: aws - name: region level: extended type: keyword + dimension: true ignore_above: 1024 description: Region in which this host is running. example: us-east-1 @@ -65,6 +70,7 @@ - name: id level: core type: keyword + dimension: true ignore_above: 1024 description: Unique container id. - name: image.name @@ -133,6 +139,7 @@ - name: name level: core type: keyword + dimension: true ignore_above: 1024 description: 'Name of the host. diff --git a/packages/system/data_stream/fsstat/fields/ecs.yml b/packages/system/data_stream/fsstat/fields/ecs.yml index 9e69e978131..baad5c2450f 100644 --- a/packages/system/data_stream/fsstat/fields/ecs.yml +++ b/packages/system/data_stream/fsstat/fields/ecs.yml @@ -22,3 +22,6 @@ name: host.os.version - external: ecs name: host.type +- external: ecs + name: agent.id + dimension: true diff --git a/packages/system/data_stream/load/fields/agent.yml b/packages/system/data_stream/load/fields/agent.yml index 4f62096bf6e..f7fba4ae7f1 100644 --- a/packages/system/data_stream/load/fields/agent.yml +++ b/packages/system/data_stream/load/fields/agent.yml @@ -8,6 +8,7 @@ - name: account.id level: extended type: keyword + dimension: true ignore_above: 1024 description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. @@ -16,6 +17,7 @@ - name: availability_zone level: extended type: keyword + dimension: true ignore_above: 1024 description: Availability zone in which this host is running. example: us-east-1c @@ -47,13 +49,13 @@ - name: region level: extended type: keyword + dimension: true ignore_above: 1024 description: Region in which this host is running. example: us-east-1 - name: project.id type: keyword description: Name of the project in Google Cloud. - dimension: true - name: image.id type: keyword description: Image ID for the cloud instance. @@ -154,17 +156,6 @@ ignore_above: 1024 description: Operating system kernel version as a raw string. example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - name: os.platform level: extended type: keyword @@ -201,11 +192,3 @@ description: > OS codename, if any. -- name: agent - title: Agent - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - dimension: true diff --git a/packages/system/data_stream/load/fields/ecs.yml b/packages/system/data_stream/load/fields/ecs.yml index 9e69e978131..baad5c2450f 100644 --- a/packages/system/data_stream/load/fields/ecs.yml +++ b/packages/system/data_stream/load/fields/ecs.yml @@ -22,3 +22,6 @@ name: host.os.version - external: ecs name: host.type +- external: ecs + name: agent.id + dimension: true diff --git a/packages/system/data_stream/memory/fields/agent.yml b/packages/system/data_stream/memory/fields/agent.yml index 4f62096bf6e..37de0dc014b 100644 --- a/packages/system/data_stream/memory/fields/agent.yml +++ b/packages/system/data_stream/memory/fields/agent.yml @@ -13,12 +13,14 @@ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' example: 666777888999 + dimension: true - name: availability_zone level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. example: us-east-1c + dimension: true - name: instance.id level: extended type: keyword @@ -50,10 +52,10 @@ ignore_above: 1024 description: Region in which this host is running. example: us-east-1 + dimension: true - name: project.id type: keyword description: Name of the project in Google Cloud. - dimension: true - name: image.id type: keyword description: Image ID for the cloud instance. @@ -201,11 +203,3 @@ description: > OS codename, if any. -- name: agent - title: Agent - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - dimension: true diff --git a/packages/system/data_stream/memory/fields/ecs.yml b/packages/system/data_stream/memory/fields/ecs.yml index 9e69e978131..baad5c2450f 100644 --- a/packages/system/data_stream/memory/fields/ecs.yml +++ b/packages/system/data_stream/memory/fields/ecs.yml @@ -22,3 +22,6 @@ name: host.os.version - external: ecs name: host.type +- external: ecs + name: agent.id + dimension: true diff --git a/packages/system/data_stream/process_summary/fields/agent.yml b/packages/system/data_stream/process_summary/fields/agent.yml index da4e652c53b..37de0dc014b 100644 --- a/packages/system/data_stream/process_summary/fields/agent.yml +++ b/packages/system/data_stream/process_summary/fields/agent.yml @@ -13,18 +13,21 @@ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' example: 666777888999 + dimension: true - name: availability_zone level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. example: us-east-1c + dimension: true - name: instance.id level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. example: i-1234567890abcdef0 + dimension: true - name: instance.name level: extended type: keyword @@ -42,12 +45,14 @@ ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. example: aws + dimension: true - name: region level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. example: us-east-1 + dimension: true - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -67,6 +72,7 @@ type: keyword ignore_above: 1024 description: Unique container id. + dimension: true - name: image.name level: extended type: keyword @@ -134,6 +140,7 @@ level: core type: keyword ignore_above: 1024 + dimension: true description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' diff --git a/packages/system/data_stream/process_summary/fields/ecs.yml b/packages/system/data_stream/process_summary/fields/ecs.yml index 49038af7df0..8840ed2623e 100644 --- a/packages/system/data_stream/process_summary/fields/ecs.yml +++ b/packages/system/data_stream/process_summary/fields/ecs.yml @@ -44,3 +44,6 @@ name: user.id - external: ecs name: user.name +- external: ecs + name: agent.id + dimension: true diff --git a/packages/system/data_stream/socket_summary/fields/agent.yml b/packages/system/data_stream/socket_summary/fields/agent.yml index da4e652c53b..dc30327e955 100644 --- a/packages/system/data_stream/socket_summary/fields/agent.yml +++ b/packages/system/data_stream/socket_summary/fields/agent.yml @@ -13,18 +13,21 @@ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' example: 666777888999 + dimension: true - name: availability_zone level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. example: us-east-1c + dimension: true - name: instance.id level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. example: i-1234567890abcdef0 + dimension: true - name: instance.name level: extended type: keyword @@ -42,12 +45,14 @@ ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. example: aws + dimension: true - name: region level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. example: us-east-1 + dimension: true - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -66,6 +71,7 @@ level: core type: keyword ignore_above: 1024 + dimension: true description: Unique container id. - name: image.name level: extended @@ -134,6 +140,7 @@ level: core type: keyword ignore_above: 1024 + dimension: true description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' diff --git a/packages/system/data_stream/socket_summary/fields/base-fields.yml b/packages/system/data_stream/socket_summary/fields/base-fields.yml index 1ed72ba281e..0e1c056093a 100644 --- a/packages/system/data_stream/socket_summary/fields/base-fields.yml +++ b/packages/system/data_stream/socket_summary/fields/base-fields.yml @@ -7,9 +7,6 @@ - name: data_stream.namespace type: constant_keyword description: Data stream namespace. -- name: '@timestamp' - type: date - description: Event timestamp. - name: event.module type: constant_keyword description: Event module diff --git a/packages/system/data_stream/socket_summary/fields/ecs.yml b/packages/system/data_stream/socket_summary/fields/ecs.yml index 49038af7df0..8840ed2623e 100644 --- a/packages/system/data_stream/socket_summary/fields/ecs.yml +++ b/packages/system/data_stream/socket_summary/fields/ecs.yml @@ -44,3 +44,6 @@ name: user.id - external: ecs name: user.name +- external: ecs + name: agent.id + dimension: true diff --git a/packages/system/data_stream/uptime/fields/agent.yml b/packages/system/data_stream/uptime/fields/agent.yml index da4e652c53b..37de0dc014b 100644 --- a/packages/system/data_stream/uptime/fields/agent.yml +++ b/packages/system/data_stream/uptime/fields/agent.yml @@ -13,18 +13,21 @@ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' example: 666777888999 + dimension: true - name: availability_zone level: extended type: keyword ignore_above: 1024 description: Availability zone in which this host is running. example: us-east-1c + dimension: true - name: instance.id level: extended type: keyword ignore_above: 1024 description: Instance ID of the host machine. example: i-1234567890abcdef0 + dimension: true - name: instance.name level: extended type: keyword @@ -42,12 +45,14 @@ ignore_above: 1024 description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. example: aws + dimension: true - name: region level: extended type: keyword ignore_above: 1024 description: Region in which this host is running. example: us-east-1 + dimension: true - name: project.id type: keyword description: Name of the project in Google Cloud. @@ -67,6 +72,7 @@ type: keyword ignore_above: 1024 description: Unique container id. + dimension: true - name: image.name level: extended type: keyword @@ -134,6 +140,7 @@ level: core type: keyword ignore_above: 1024 + dimension: true description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' diff --git a/packages/system/data_stream/uptime/fields/ecs.yml b/packages/system/data_stream/uptime/fields/ecs.yml new file mode 100644 index 00000000000..3014c8de4b6 --- /dev/null +++ b/packages/system/data_stream/uptime/fields/ecs.yml @@ -0,0 +1,3 @@ +- external: ecs + name: agent.id + dimension: true diff --git a/packages/system/docs/README.md b/packages/system/docs/README.md index 4d3dc0f37d5..ec8efdce333 100644 --- a/packages/system/docs/README.md +++ b/packages/system/docs/README.md @@ -1233,7 +1233,7 @@ This data should be available without elevated permissions. | Field | Description | Type | Unit | Metric Type | |---|---|---|---|---| | @timestamp | Event timestamp. | date | | | -| agent.id | | keyword | | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | @@ -1323,6 +1323,7 @@ This data should be available without elevated permissions. | Field | Description | Type | Unit | Metric Type | |---|---|---|---|---| | @timestamp | Event timestamp. | date | | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | @@ -1350,7 +1351,7 @@ This data should be available without elevated permissions. | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | | | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | | | host.ip | Host ip addresses. | ip | | | -| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | | +| host.mac | Host mac addresses. | keyword | | | | host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | | | host.os.build | OS build information. | keyword | | | | host.os.codename | OS codename, if any. | keyword | | | @@ -1409,6 +1410,7 @@ This data should be available without elevated permissions. | Field | Description | Type | Unit | Metric Type | |---|---|---|---|---| | @timestamp | Event timestamp. | date | | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | @@ -1477,6 +1479,7 @@ This data should be available without elevated permissions. | Field | Description | Type | Unit | Metric Type | |---|---|---|---|---| | @timestamp | Event timestamp. | date | | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | @@ -1542,7 +1545,7 @@ This data should be available without elevated permissions. | Field | Description | Type | Metric Type | |---|---|---|---| | @timestamp | Event timestamp. | date | | -| agent.id | | keyword | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | cloud.image.id | Image ID for the cloud instance. | keyword | | @@ -1577,7 +1580,7 @@ This data should be available without elevated permissions. | host.os.full.text | Multi-field of `host.os.full`. | match_only_text | | | host.os.kernel | Operating system kernel version as a raw string. | keyword | | | host.os.name | Operating system name, without the version. | keyword | | -| host.os.name.text | Multi-field of `host.os.name`. | text | | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | | host.os.version | Operating system version as a raw string. | keyword | | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | @@ -1611,7 +1614,7 @@ This data should be available without elevated permissions. | Field | Description | Type | Unit | Metric Type | |---|---|---|---|---| | @timestamp | Event timestamp. | date | | | -| agent.id | | keyword | | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | @@ -2014,6 +2017,7 @@ If the process data belongs to the other users, it will be counted as unknown va | Field | Description | Type | Metric Type | |---|---|---|---| | @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | cloud.image.id | Image ID for the cloud instance. | keyword | | @@ -2105,6 +2109,7 @@ This data should be available without elevated permissions. | Field | Description | Type | Unit | Metric Type | |---|---|---|---|---| | @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | @@ -2202,6 +2207,7 @@ This data should be available without elevated permissions. | Field | Description | Type | Unit | Metric Type | |---|---|---|---|---| | @timestamp | Event timestamp. | date | | | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | | | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | | | cloud.availability_zone | Availability zone in which this host is running. | keyword | | | | cloud.image.id | Image ID for the cloud instance. | keyword | | | diff --git a/packages/system/manifest.yml b/packages/system/manifest.yml index e841d60b90c..86b732f83f2 100644 --- a/packages/system/manifest.yml +++ b/packages/system/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: system title: System -version: 1.29.0 +version: 1.30.0 license: basic description: Collect system logs and metrics from your servers with Elastic Agent. type: integration