forked from elastic/ecs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloud.yml
151 lines (135 loc) · 5.16 KB
/
cloud.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# Licensed to Elasticsearch B.V. under one or more contributor
# license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright
# ownership. Elasticsearch B.V. licenses this file to you under
# the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
---
- name: cloud
title: Cloud
group: 2
short: Fields about the cloud resource.
description: >
Fields related to the cloud or infrastructure the events
are coming from.
footnote: >
Examples: If Metricbeat is running on an EC2 host and fetches data from its
host, the cloud info contains the data about this machine. If Metricbeat
runs on a remote machine outside the cloud and fetches data from a service
running in the cloud, the field contains cloud data from the machine the
service is running on.
The cloud fields may be self-nested under cloud.origin.* and cloud.target.*
to describe origin or target service's cloud information in the context of
incoming or outgoing requests, respectively. However, the fieldsets
cloud.origin.* and cloud.target.* must not be confused with the root cloud
fieldset that is used to describe the cloud context of the actual service
under observation. The fieldset cloud.origin.* may only be used in the
context of incoming requests or events to provide the originating service's
cloud information. The fieldset cloud.target.* may only be used in the
context of outgoing requests or events to describe the target service's
cloud information.
reusable:
top_level: true
expected:
- at: cloud
as: origin
beta: Reusing the `cloud` fields in this location is currently considered beta.
short_override: Provides the cloud information of the origin entity in case of an incoming request or event.
- at: cloud
as: target
beta: Reusing the `cloud` fields in this location is currently considered beta.
short_override: Provides the cloud information of the target entity in case of an outgoing request or event.
type: group
fields:
- name: provider
level: extended
example: aws
type: keyword
short: Name of the cloud provider.
description: >
Name of the cloud provider. Example values are aws, azure, gcp, or
digitalocean.
- name: availability_zone
level: extended
example: us-east-1c
type: keyword
description: >
Availability zone in which this host, resource, or service is located.
- name: region
level: extended
type: keyword
example: us-east-1
description: >
Region in which this host, resource, or service is located.
- name: instance.id
level: extended
type: keyword
example: i-1234567890abcdef0
description: >
Instance ID of the host machine.
- name: instance.name
level: extended
type: keyword
description: >
Instance name of the host machine.
- name: machine.type
level: extended
type: keyword
example: t2.medium
description: >
Machine type of the host machine.
- name: account.id
level: extended
type: keyword
example: 666777888999
short: The cloud account or organization id.
description: >
The cloud account or organization id used to identify different
entities in a multi-tenant environment.
Examples: AWS account id, Google Cloud ORG Id, or other unique
identifier.
- name: account.name
level: extended
type: keyword
example: elastic-dev
short: The cloud account name.
description: >
The cloud account name or alias used to identify different entities in
a multi-tenant environment.
Examples: AWS account name, Google Cloud ORG display name.
- name: service.name
level: extended
type: keyword
example: lambda
short: The cloud service name.
description: >
The cloud service name is intended to distinguish services running on
different platforms within a provider, eg AWS EC2 vs Lambda,
GCP GCE vs App Engine, Azure VM vs App Server.
Examples: app engine, app service, cloud run, fargate, lambda.
- name: project.id
level: extended
type: keyword
example: my-project
short: The cloud project id.
description: >
The cloud project identifier.
Examples: Google Cloud Project id, Azure Project id.
- name: project.name
level: extended
type: keyword
example: my project
short: The cloud project name.
description: >
The cloud project name.
Examples: Google Cloud Project name, Azure Project name.