From 7074dea25e1d1860a5739dda60ecc5d697298539 Mon Sep 17 00:00:00 2001 From: Gil Raphaelli Date: Thu, 23 Apr 2020 11:28:20 -0400 Subject: [PATCH] Standardize additional cloud metadata (#816) --- CHANGELOG.next.md | 1 + code/go/ecs/cloud.go | 13 +++++++ docs/field-details.asciidoc | 45 +++++++++++++++++++++++++ generated/beats/fields.ecs.yml | 28 +++++++++++++++ generated/csv/fields.csv | 3 ++ generated/ecs/ecs_flat.yml | 40 ++++++++++++++++++++++ generated/ecs/ecs_nested.yml | 40 ++++++++++++++++++++++ generated/elasticsearch/6/template.json | 16 +++++++++ generated/elasticsearch/7/template.json | 16 +++++++++ schemas/cloud.yml | 31 +++++++++++++++++ 10 files changed, 233 insertions(+) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index fa1ddfc8ef..e1c2fe03cb 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -22,6 +22,7 @@ Thanks, you're awesome :-) --> * Add architecture and imphash for PE field set. (#763) * Added `agent.build.*` for extended agent version information. (#764) +* Added more account and project cloud metadata. (#816) #### Improvements diff --git a/code/go/ecs/cloud.go b/code/go/ecs/cloud.go index 3a6757b3db..630e0c6fce 100644 --- a/code/go/ecs/cloud.go +++ b/code/go/ecs/cloud.go @@ -45,4 +45,17 @@ type Cloud struct { // Examples: AWS account id, Google Cloud ORG Id, or other unique // identifier. AccountID string `ecs:"account.id"` + + // The cloud account name or alias used to identify different entities in a + // multi-tenant environment. + // Examples: AWS account name, Google Cloud ORG display name. + AccountName string `ecs:"account.name"` + + // The cloud project identifier. + // Examples: Google Cloud Project id, Azure Project id. + ProjectID string `ecs:"project.id"` + + // The cloud project name. + // Examples: Google Cloud Project name, Azure Project name. + ProjectName string `ecs:"project.name"` } diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index 731a56ae31..b24103c830 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -489,6 +489,21 @@ example: `666777888999` // =============================================================== +| cloud.account.name +| The cloud account name or alias used to identify different entities in a multi-tenant environment. + +Examples: AWS account name, Google Cloud ORG display name. + +type: keyword + + + +example: `elastic-dev` + +| extended + +// =============================================================== + | cloud.availability_zone | Availability zone in which this host is running. @@ -541,6 +556,36 @@ example: `t2.medium` // =============================================================== +| cloud.project.id +| The cloud project identifier. + +Examples: Google Cloud Project id, Azure Project id. + +type: keyword + + + +example: `my-project` + +| extended + +// =============================================================== + +| cloud.project.name +| The cloud project name. + +Examples: Google Cloud Project name, Azure Project name. + +type: keyword + + + +example: `my project` + +| extended + +// =============================================================== + | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 0497bc3396..feaa6d9af0 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -400,6 +400,16 @@ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' example: 666777888999 + - name: account.name + level: extended + type: keyword + ignore_above: 1024 + description: 'The cloud account name or alias used to identify different entities + in a multi-tenant environment. + + Examples: AWS account name, Google Cloud ORG display name.' + example: elastic-dev + default_field: false - name: availability_zone level: extended type: keyword @@ -423,6 +433,24 @@ ignore_above: 1024 description: Machine type of the host machine. example: t2.medium + - name: project.id + level: extended + type: keyword + ignore_above: 1024 + description: 'The cloud project identifier. + + Examples: Google Cloud Project id, Azure Project id.' + example: my-project + default_field: false + - name: project.name + level: extended + type: keyword + ignore_above: 1024 + description: 'The cloud project name. + + Examples: Google Cloud Project name, Azure Project name.' + example: my project + default_field: false - name: provider level: extended type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index eb4e205e39..a11895d15a 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -43,10 +43,13 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 1.6.0-dev,true,client,client.user.name,keyword,core,,albert,Short name or login of the user. 1.6.0-dev,true,client,client.user.name.text,text,core,,albert,Short name or login of the user. 1.6.0-dev,true,cloud,cloud.account.id,keyword,extended,,666777888999,The cloud account or organization id. +1.6.0-dev,true,cloud,cloud.account.name,keyword,extended,,elastic-dev,The cloud account name. 1.6.0-dev,true,cloud,cloud.availability_zone,keyword,extended,,us-east-1c,Availability zone in which this host is running. 1.6.0-dev,true,cloud,cloud.instance.id,keyword,extended,,i-1234567890abcdef0,Instance ID of the host machine. 1.6.0-dev,true,cloud,cloud.instance.name,keyword,extended,,,Instance name of the host machine. 1.6.0-dev,true,cloud,cloud.machine.type,keyword,extended,,t2.medium,Machine type of the host machine. +1.6.0-dev,true,cloud,cloud.project.id,keyword,extended,,my-project,The cloud project id. +1.6.0-dev,true,cloud,cloud.project.name,keyword,extended,,my project,The cloud project name. 1.6.0-dev,true,cloud,cloud.provider,keyword,extended,,aws,Name of the cloud provider. 1.6.0-dev,true,cloud,cloud.region,keyword,extended,,us-east-1,Region in which this host is running. 1.6.0-dev,true,container,container.id,keyword,core,,,Unique container id. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 82e881126e..56dfcd4c90 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -499,6 +499,20 @@ cloud.account.id: normalize: [] short: The cloud account or organization id. type: keyword +cloud.account.name: + dashed_name: cloud-account-name + description: 'The cloud account name or alias used to identify different entities + in a multi-tenant environment. + + Examples: AWS account name, Google Cloud ORG display name.' + example: elastic-dev + flat_name: cloud.account.name + ignore_above: 1024 + level: extended + name: account.name + normalize: [] + short: The cloud account name. + type: keyword cloud.availability_zone: dashed_name: cloud-availability-zone description: Availability zone in which this host is running. @@ -542,6 +556,32 @@ cloud.machine.type: normalize: [] short: Machine type of the host machine. type: keyword +cloud.project.id: + dashed_name: cloud-project-id + description: 'The cloud project identifier. + + Examples: Google Cloud Project id, Azure Project id.' + example: my-project + flat_name: cloud.project.id + ignore_above: 1024 + level: extended + name: project.id + normalize: [] + short: The cloud project id. + type: keyword +cloud.project.name: + dashed_name: cloud-project-name + description: 'The cloud project name. + + Examples: Google Cloud Project name, Azure Project name.' + example: my project + flat_name: cloud.project.name + ignore_above: 1024 + level: extended + name: project.name + normalize: [] + short: The cloud project name. + type: keyword cloud.provider: dashed_name: cloud-provider description: Name of the cloud provider. Example values are aws, azure, gcp, or diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index c0afc2336e..fcedcb4545 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -653,6 +653,20 @@ cloud: normalize: [] short: The cloud account or organization id. type: keyword + account.name: + dashed_name: cloud-account-name + description: 'The cloud account name or alias used to identify different entities + in a multi-tenant environment. + + Examples: AWS account name, Google Cloud ORG display name.' + example: elastic-dev + flat_name: cloud.account.name + ignore_above: 1024 + level: extended + name: account.name + normalize: [] + short: The cloud account name. + type: keyword availability_zone: dashed_name: cloud-availability-zone description: Availability zone in which this host is running. @@ -696,6 +710,32 @@ cloud: normalize: [] short: Machine type of the host machine. type: keyword + project.id: + dashed_name: cloud-project-id + description: 'The cloud project identifier. + + Examples: Google Cloud Project id, Azure Project id.' + example: my-project + flat_name: cloud.project.id + ignore_above: 1024 + level: extended + name: project.id + normalize: [] + short: The cloud project id. + type: keyword + project.name: + dashed_name: cloud-project-name + description: 'The cloud project name. + + Examples: Google Cloud Project name, Azure Project name.' + example: my project + flat_name: cloud.project.name + ignore_above: 1024 + level: extended + name: project.name + normalize: [] + short: The cloud project name. + type: keyword provider: dashed_name: cloud-provider description: Name of the cloud provider. Example values are aws, azure, gcp, diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json index 01fd060de5..fa4972d346 100644 --- a/generated/elasticsearch/6/template.json +++ b/generated/elasticsearch/6/template.json @@ -220,6 +220,10 @@ "id": { "ignore_above": 1024, "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" } } }, @@ -247,6 +251,18 @@ } } }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, "provider": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json index 5b94b60a32..a536f27e71 100644 --- a/generated/elasticsearch/7/template.json +++ b/generated/elasticsearch/7/template.json @@ -219,6 +219,10 @@ "id": { "ignore_above": 1024, "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" } } }, @@ -246,6 +250,18 @@ } } }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, "provider": { "ignore_above": 1024, "type": "keyword" diff --git a/schemas/cloud.yml b/schemas/cloud.yml index 8d46138a3d..0789feb79a 100644 --- a/schemas/cloud.yml +++ b/schemas/cloud.yml @@ -68,3 +68,34 @@ Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. + + - name: account.name + level: extended + type: keyword + example: elastic-dev + short: The cloud account name. + description: > + The cloud account name or alias used to identify different entities in + a multi-tenant environment. + + Examples: AWS account name, Google Cloud ORG display name. + + - name: project.id + level: extended + type: keyword + example: my-project + short: The cloud project id. + description: > + The cloud project identifier. + + Examples: Google Cloud Project id, Azure Project id. + + - name: project.name + level: extended + type: keyword + example: my project + short: The cloud project name. + description: > + The cloud project name. + + Examples: Google Cloud Project name, Azure Project name.