Skip to content

Commit

Permalink
Standardize additional cloud metadata (#816)
Browse files Browse the repository at this point in the history
  • Loading branch information
graphaelli authored Apr 23, 2020
1 parent a59e76c commit 7074dea
Show file tree
Hide file tree
Showing 10 changed files with 233 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ Thanks, you're awesome :-) -->

* Add architecture and imphash for PE field set. (#763)
* Added `agent.build.*` for extended agent version information. (#764)
* Added more account and project cloud metadata. (#816)

#### Improvements

Expand Down
13 changes: 13 additions & 0 deletions code/go/ecs/cloud.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

45 changes: 45 additions & 0 deletions docs/field-details.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -489,6 +489,21 @@ example: `666777888999`

// ===============================================================

| cloud.account.name
| The cloud account name or alias used to identify different entities in a multi-tenant environment.

Examples: AWS account name, Google Cloud ORG display name.

type: keyword



example: `elastic-dev`

| extended

// ===============================================================

| cloud.availability_zone
| Availability zone in which this host is running.

Expand Down Expand Up @@ -541,6 +556,36 @@ example: `t2.medium`

// ===============================================================

| cloud.project.id
| The cloud project identifier.

Examples: Google Cloud Project id, Azure Project id.

type: keyword



example: `my-project`

| extended

// ===============================================================

| cloud.project.name
| The cloud project name.

Examples: Google Cloud Project name, Azure Project name.

type: keyword



example: `my project`

| extended

// ===============================================================

| cloud.provider
| Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.

Expand Down
28 changes: 28 additions & 0 deletions generated/beats/fields.ecs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -400,6 +400,16 @@
Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.'
example: 666777888999
- name: account.name
level: extended
type: keyword
ignore_above: 1024
description: 'The cloud account name or alias used to identify different entities
in a multi-tenant environment.
Examples: AWS account name, Google Cloud ORG display name.'
example: elastic-dev
default_field: false
- name: availability_zone
level: extended
type: keyword
Expand All @@ -423,6 +433,24 @@
ignore_above: 1024
description: Machine type of the host machine.
example: t2.medium
- name: project.id
level: extended
type: keyword
ignore_above: 1024
description: 'The cloud project identifier.
Examples: Google Cloud Project id, Azure Project id.'
example: my-project
default_field: false
- name: project.name
level: extended
type: keyword
ignore_above: 1024
description: 'The cloud project name.
Examples: Google Cloud Project name, Azure Project name.'
example: my project
default_field: false
- name: provider
level: extended
type: keyword
Expand Down
3 changes: 3 additions & 0 deletions generated/csv/fields.csv
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,13 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
1.6.0-dev,true,client,client.user.name,keyword,core,,albert,Short name or login of the user.
1.6.0-dev,true,client,client.user.name.text,text,core,,albert,Short name or login of the user.
1.6.0-dev,true,cloud,cloud.account.id,keyword,extended,,666777888999,The cloud account or organization id.
1.6.0-dev,true,cloud,cloud.account.name,keyword,extended,,elastic-dev,The cloud account name.
1.6.0-dev,true,cloud,cloud.availability_zone,keyword,extended,,us-east-1c,Availability zone in which this host is running.
1.6.0-dev,true,cloud,cloud.instance.id,keyword,extended,,i-1234567890abcdef0,Instance ID of the host machine.
1.6.0-dev,true,cloud,cloud.instance.name,keyword,extended,,,Instance name of the host machine.
1.6.0-dev,true,cloud,cloud.machine.type,keyword,extended,,t2.medium,Machine type of the host machine.
1.6.0-dev,true,cloud,cloud.project.id,keyword,extended,,my-project,The cloud project id.
1.6.0-dev,true,cloud,cloud.project.name,keyword,extended,,my project,The cloud project name.
1.6.0-dev,true,cloud,cloud.provider,keyword,extended,,aws,Name of the cloud provider.
1.6.0-dev,true,cloud,cloud.region,keyword,extended,,us-east-1,Region in which this host is running.
1.6.0-dev,true,container,container.id,keyword,core,,,Unique container id.
Expand Down
40 changes: 40 additions & 0 deletions generated/ecs/ecs_flat.yml
Original file line number Diff line number Diff line change
Expand Up @@ -499,6 +499,20 @@ cloud.account.id:
normalize: []
short: The cloud account or organization id.
type: keyword
cloud.account.name:
dashed_name: cloud-account-name
description: 'The cloud account name or alias used to identify different entities
in a multi-tenant environment.
Examples: AWS account name, Google Cloud ORG display name.'
example: elastic-dev
flat_name: cloud.account.name
ignore_above: 1024
level: extended
name: account.name
normalize: []
short: The cloud account name.
type: keyword
cloud.availability_zone:
dashed_name: cloud-availability-zone
description: Availability zone in which this host is running.
Expand Down Expand Up @@ -542,6 +556,32 @@ cloud.machine.type:
normalize: []
short: Machine type of the host machine.
type: keyword
cloud.project.id:
dashed_name: cloud-project-id
description: 'The cloud project identifier.
Examples: Google Cloud Project id, Azure Project id.'
example: my-project
flat_name: cloud.project.id
ignore_above: 1024
level: extended
name: project.id
normalize: []
short: The cloud project id.
type: keyword
cloud.project.name:
dashed_name: cloud-project-name
description: 'The cloud project name.
Examples: Google Cloud Project name, Azure Project name.'
example: my project
flat_name: cloud.project.name
ignore_above: 1024
level: extended
name: project.name
normalize: []
short: The cloud project name.
type: keyword
cloud.provider:
dashed_name: cloud-provider
description: Name of the cloud provider. Example values are aws, azure, gcp, or
Expand Down
40 changes: 40 additions & 0 deletions generated/ecs/ecs_nested.yml
Original file line number Diff line number Diff line change
Expand Up @@ -653,6 +653,20 @@ cloud:
normalize: []
short: The cloud account or organization id.
type: keyword
account.name:
dashed_name: cloud-account-name
description: 'The cloud account name or alias used to identify different entities
in a multi-tenant environment.
Examples: AWS account name, Google Cloud ORG display name.'
example: elastic-dev
flat_name: cloud.account.name
ignore_above: 1024
level: extended
name: account.name
normalize: []
short: The cloud account name.
type: keyword
availability_zone:
dashed_name: cloud-availability-zone
description: Availability zone in which this host is running.
Expand Down Expand Up @@ -696,6 +710,32 @@ cloud:
normalize: []
short: Machine type of the host machine.
type: keyword
project.id:
dashed_name: cloud-project-id
description: 'The cloud project identifier.
Examples: Google Cloud Project id, Azure Project id.'
example: my-project
flat_name: cloud.project.id
ignore_above: 1024
level: extended
name: project.id
normalize: []
short: The cloud project id.
type: keyword
project.name:
dashed_name: cloud-project-name
description: 'The cloud project name.
Examples: Google Cloud Project name, Azure Project name.'
example: my project
flat_name: cloud.project.name
ignore_above: 1024
level: extended
name: project.name
normalize: []
short: The cloud project name.
type: keyword
provider:
dashed_name: cloud-provider
description: Name of the cloud provider. Example values are aws, azure, gcp,
Expand Down
16 changes: 16 additions & 0 deletions generated/elasticsearch/6/template.json
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,10 @@
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
Expand Down Expand Up @@ -247,6 +251,18 @@
}
}
},
"project": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"provider": {
"ignore_above": 1024,
"type": "keyword"
Expand Down
16 changes: 16 additions & 0 deletions generated/elasticsearch/7/template.json
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,10 @@
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
Expand Down Expand Up @@ -246,6 +250,18 @@
}
}
},
"project": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"provider": {
"ignore_above": 1024,
"type": "keyword"
Expand Down
31 changes: 31 additions & 0 deletions schemas/cloud.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,34 @@
Examples: AWS account id, Google Cloud ORG Id, or other unique
identifier.
- name: account.name
level: extended
type: keyword
example: elastic-dev
short: The cloud account name.
description: >
The cloud account name or alias used to identify different entities in
a multi-tenant environment.
Examples: AWS account name, Google Cloud ORG display name.
- name: project.id
level: extended
type: keyword
example: my-project
short: The cloud project id.
description: >
The cloud project identifier.
Examples: Google Cloud Project id, Azure Project id.
- name: project.name
level: extended
type: keyword
example: my project
short: The cloud project name.
description: >
The cloud project name.
Examples: Google Cloud Project name, Azure Project name.

0 comments on commit 7074dea

Please sign in to comment.