diff --git a/x-pack/elastic-agent/CHANGELOG.asciidoc b/x-pack/elastic-agent/CHANGELOG.asciidoc index 8ded3a9c9288..a2352615451b 100644 --- a/x-pack/elastic-agent/CHANGELOG.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.asciidoc @@ -24,6 +24,7 @@ - Remove the kbn-version on each request to the Kibana API. {pull}17764[17764] - Fixed injected log path to monitoring beat {pull}17833[17833] - Make sure that the Elastic Agent connect over TLS in cloud. {pull}17843[17843] +- Moved stream.* fields to top of event {pull}17858[17858] ==== New features diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/constraints_config-filebeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/constraints_config-filebeat.yml index c19f9c366299..20e08dbdd7ed 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/constraints_config-filebeat.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/constraints_config-filebeat.yml @@ -7,10 +7,11 @@ filebeat: index: logs-generic-default processors: - add_fields: + target: "stream" fields: - stream.type: logs - stream.dataset: generic - stream.namespace: default + type: logs + dataset: generic + namespace: default output: elasticsearch: hosts: diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_output_true-filebeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_output_true-filebeat.yml index 413a6866e91d..26d5dfdca2f7 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_output_true-filebeat.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_output_true-filebeat.yml @@ -7,10 +7,11 @@ filebeat: index: logs-generic-default processors: - add_fields: + target: "stream" fields: - stream.type: logs - stream.dataset: generic - stream.namespace: default + type: logs + dataset: generic + namespace: default output: elasticsearch: enabled: true diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_true-filebeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_true-filebeat.yml index a31fe4e37ddc..feac81692f76 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_true-filebeat.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/enabled_true-filebeat.yml @@ -8,10 +8,11 @@ filebeat: index: logs-generic-default processors: - add_fields: + target: "stream" fields: - stream.type: logs - stream.dataset: generic - stream.namespace: default + type: logs + dataset: generic + namespace: default output: elasticsearch: hosts: diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-filebeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-filebeat.yml index 39c54159d102..54604b76801c 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-filebeat.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-filebeat.yml @@ -9,10 +9,11 @@ filebeat: var: value processors: - add_fields: + target: "stream" fields: - stream.type: logs - stream.dataset: generic - stream.namespace: default + type: logs + dataset: generic + namespace: default output: elasticsearch: hosts: diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-metricbeat.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-metricbeat.yml index 056233819f35..6342d2b54260 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-metricbeat.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/single_config-metricbeat.yml @@ -6,10 +6,11 @@ metricbeat: hosts: ["http://127.0.0.1:8080"] processors: - add_fields: + target: "stream" fields: - stream.type: metrics - stream.dataset: docker.status - stream.namespace: default + type: metrics + dataset: docker.status + namespace: default - module: apache metricsets: [info] index: metrics-generic-testing @@ -19,10 +20,11 @@ metricbeat: fields: should_be: first - add_fields: + target: "stream" fields: - stream.type: metrics - stream.dataset: generic - stream.namespace: testing + type: metrics + dataset: generic + namespace: testing output: elasticsearch: hosts: [127.0.0.1:9200, 127.0.0.1:9300] diff --git a/x-pack/elastic-agent/pkg/agent/transpiler/rules.go b/x-pack/elastic-agent/pkg/agent/transpiler/rules.go index 286c162bc0d9..1b6a2c56cab3 100644 --- a/x-pack/elastic-agent/pkg/agent/transpiler/rules.go +++ b/x-pack/elastic-agent/pkg/agent/transpiler/rules.go @@ -523,10 +523,11 @@ func (r *InjectStreamProcessorRule) Apply(ast *AST) error { } processorMap := &Dict{value: make([]Node, 0)} + processorMap.value = append(processorMap.value, &Key{name: "target", value: &StrVal{value: "stream"}}) processorMap.value = append(processorMap.value, &Key{name: "fields", value: &Dict{value: []Node{ - &Key{name: "stream.type", value: &StrVal{value: r.Type}}, - &Key{name: "stream.namespace", value: &StrVal{value: namespace}}, - &Key{name: "stream.dataset", value: &StrVal{value: dataset}}, + &Key{name: "type", value: &StrVal{value: r.Type}}, + &Key{name: "namespace", value: &StrVal{value: namespace}}, + &Key{name: "dataset", value: &StrVal{value: dataset}}, }}}) addFieldsMap := &Dict{value: []Node{&Key{"add_fields", processorMap}}}