GA winlog integration

- release to ga
- version to 1.0.0
- kibana.version to 7.16.0
- ecs external definitions
- add missing field definitions
- sync winlog.yml with system/security integration
- add system test for httpjson input
- change default datastream.dataset to winlog.winlog

Relates elastic#1562

packages/winlog/_dev/build/build.yml

@@ -0,0 +1,3 @@
+dependencies:
+  ecs:
+    reference: [email protected]

packages/winlog/_dev/deploy/docker/docker-compose.yml

@@ -0,0 +1,14 @@
+version: '2.3'
+services:
+  splunk-mock:
+    image: docker.elastic.co/observability/stream:v0.5.0
+    ports:
+      - 8080
+    volumes:
+      - ./http-mock-config.yml:/config.yml
+    environment:
+      PORT: 8080
+    command:
+      - http-server
+      - --addr=:8080
+      - --config=/config.yml

packages/winlog/_dev/deploy/docker/http-mock-config.yml

@@ -0,0 +1,21 @@
+rules:
+  - path: /services/search/jobs/export
+    user: test
+    password: test
+    methods:
+      - POST
+    query_params:
+      index_earliest: "{index_earliest:[0-9]+}"
+      index_latest: "{index_latest:[0-9]+}"
+      output_mode: json
+      search: 'search sourcetype="XmlWinEventLog:ChannelName" | streamstats max(_indextime) AS max_indextime'
+    request_headers:
+      Content-Type:
+        - "application/x-www-form-urlencoded"
+    responses:
+      - status_code: 200
+        headers:
+          Content-Type:
+            - "application/json"
+        body: |-
+          {"preview":false,"offset":0,"result":{"_bkt":"main~1~EA9FB697-F3E3-47FD-BC1C-F3BD8B764D6E","_cd":"1:40398","_indextime":"1631280904","_raw":"<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7036<\/EventID><Version>0<\/Version><Level>4<\/Level><Task>0<\/Task><Opcode>0<\/Opcode><Keywords>0x8080000000000000<\/Keywords><TimeCreated SystemTime='2021-09-10T13:35:03.573766300Z'/><EventRecordID>5700<\/EventRecordID><Correlation/><Execution ProcessID='688' ThreadID='5452'/><Channel>System<\/Channel><Computer>vagrant<\/Computer><Security/><\/System><EventData><Data Name='param1'>Software Protection<\/Data><Data Name='param2'>stopped<\/Data><Binary>7300700070007300760063002F0031000000<\/Binary><\/EventData><\/Event>","_serial":"0","_si":["2485e2d68f96","main"],"_sourcetype":"XmlWinEventLog:System","_time":"2021-09-10 13:35:03.000 UTC","host":"VAGRANT","index":"main","last_indextime":"1631282356","linecount":"1","max_indextime":"1631280904","source":"WinEventLog:System","sourcetype":"XmlWinEventLog:System","splunk_server":"2485e2d68f96"}}

packages/winlog/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.0.0"
+  changes:
+    - description: make GA
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/1716
 - version: "0.4.0"
   changes:
     - description: Update integration description

packages/winlog/data_stream/winlog/_dev/test/system/test-splunk-config.yml

@@ -0,0 +1,8 @@
+input: httpjson
+service: splunk-mock
+vars:
+  url: http://{{Hostname}}:{{Port}}
+  username: test
+  password: test
+numeric_keyword_fields:
+  - winlog.record_id

packages/winlog/data_stream/winlog/fields/beats.yml

@@ -0,0 +1,6 @@
+- name: input.type
+  description: Type of Filebeat input.
+  type: keyword
+- name: tags
+  type: keyword
+  description: User defined tags

packages/winlog/data_stream/winlog/fields/ecs.yml

@@ -0,0 +1,4 @@
+- name: ecs.version
+  external: ecs
+- name: log.level
+  external: ecs