[AWS] Add dimensions to firewall, transit gateway and vpn data streams (

#6339) * Add dimensions VPN. Signed-off-by: constanca-m <[email protected]> * Add dimensions transit gateway. Signed-off-by: constanca-m <[email protected]> * Add dimensions firewall. Signed-off-by: constanca-m <[email protected]> * Update version. Signed-off-by: constanca-m <[email protected]> * Update changelog. Signed-off-by: constanca-m <[email protected]> * Add 2 ecs dimension fields. Signed-off-by: constanca-m <[email protected]> * Remove cloud.availability_zone as dimension (not present) Signed-off-by: constanca-m <[email protected]> * Update md. Signed-off-by: constanca-m <[email protected]> * Resolve conflict. Signed-off-by: constanca-m <[email protected]> --------- Signed-off-by: constanca-m <[email protected]>
elastic · Jun 15, 2023 · 0b5969c · 0b5969c
1 parent ec27f12
commit 0b5969c
Show file tree

Hide file tree

Showing 11 changed files with 32 additions and 1 deletion.
diff --git a/packages/aws/changelog.yml b/packages/aws/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.38.3"
+  changes:
+    - description: Add dimension fields to firewall, transit gateway and vpn data streams.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/6339
 - version: "1.38.2"
   changes:
     - description: Add metric type to vpn, firewall and transit gateway data streams.

diff --git a/packages/aws/data_stream/firewall_metrics/fields/ecs.yml b/packages/aws/data_stream/firewall_metrics/fields/ecs.yml
@@ -2,6 +2,7 @@
   name: cloud
 - external: ecs
   name: cloud.account.id
+  dimension: true
 - external: ecs
   name: cloud.account.name
 - external: ecs
@@ -14,6 +15,7 @@
   name: cloud.provider
 - external: ecs
   name: cloud.region
+  dimension: true
 - external: ecs
   name: ecs.version
 - external: ecs
@@ -60,3 +62,6 @@
   name: container.labels
 - external: ecs
   name: container.name
+- name: agent.id
+  external: ecs
+  dimension: true
diff --git a/packages/aws/data_stream/firewall_metrics/fields/fields.yml b/packages/aws/data_stream/firewall_metrics/fields/fields.yml
@@ -25,15 +25,19 @@
       fields:
         - name: AvailabilityZone
           type: keyword
+          dimension: true
           description: Availability Zone in the Region where the Network Firewall firewall is active.
         - name: CustomAction
           type: keyword
+          dimension: true
           description: Dimension for a publish metrics custom action that you defined. You can define this for a rule action in a stateless rule group or for a stateless default action in a firewall policy.
         - name: Engine
           type: keyword
+          dimension: true
           description: Rules engine that processed the packet. The value for this is either Stateful or Stateless.
         - name: FirewallName
           type: keyword
+          dimension: true
           description: Name that you specified for the Network Firewall firewall.
     - name: cloudwatch
       type: group

diff --git a/packages/aws/data_stream/transitgateway/fields/ecs.yml b/packages/aws/data_stream/transitgateway/fields/ecs.yml
@@ -2,6 +2,7 @@
   name: cloud
 - external: ecs
   name: cloud.account.id
+  dimension: true
 - external: ecs
   name: cloud.account.name
 - external: ecs
@@ -18,6 +19,7 @@
   name: cloud.provider
 - external: ecs
   name: cloud.region
+  dimension: true
 - external: ecs
   name: ecs.version
 - external: ecs
@@ -60,3 +62,6 @@
   name: container.labels
 - external: ecs
   name: container.name
+- name: agent.id
+  external: ecs
+  dimension: true
diff --git a/packages/aws/data_stream/transitgateway/fields/fields.yml b/packages/aws/data_stream/transitgateway/fields/fields.yml
@@ -5,9 +5,11 @@
       type: group
       fields:
         - name: TransitGateway
+          dimension: true
           type: keyword
           description: Filters the metric data by transit gateway.
         - name: TransitGatewayAttachment
+          dimension: true
           type: keyword
           description: Filters the metric data by transit gateway attachment.
     - name: transitgateway

diff --git a/packages/aws/data_stream/vpn/fields/ecs.yml b/packages/aws/data_stream/vpn/fields/ecs.yml
@@ -2,6 +2,7 @@
   name: cloud
 - external: ecs
   name: cloud.account.id
+  dimension: true
 - external: ecs
   name: cloud.account.name
 - external: ecs
@@ -18,6 +19,7 @@
   name: cloud.provider
 - external: ecs
   name: cloud.region
+  dimension: true
 - external: ecs
   name: ecs.version
 - external: ecs
@@ -60,3 +62,6 @@
   name: container.labels
 - external: ecs
   name: container.name
+- name: agent.id
+  external: ecs
+  dimension: true
diff --git a/packages/aws/data_stream/vpn/fields/fields.yml b/packages/aws/data_stream/vpn/fields/fields.yml
@@ -24,9 +24,11 @@
       fields:
         - name: VpnId
           type: keyword
+          dimension: true
           description: Filters the metric data by the Site-to-Site VPN connection ID.
         - name: TunnelIpAddress
           type: keyword
+          dimension: true
           description: Filters the metric data by the IP address of the tunnel for the virtual private gateway.
     - name: cloudwatch
       type: group

diff --git a/packages/aws/docs/firewall.md b/packages/aws/docs/firewall.md
@@ -413,6 +413,7 @@ An example event for `firewall` looks as following:
 | Field | Description | Type | Metric Type |
 |---|---|---|---|
 | @timestamp | Event timestamp. | date |  |
+| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword |  |
 | aws.\*.metrics.\*.\* | Metrics that returned from Cloudwatch API query. | object |  |
 | aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword |  |
 | aws.dimensions.\* | Metric dimensions. | object |  |

diff --git a/packages/aws/docs/transitgateway.md b/packages/aws/docs/transitgateway.md
@@ -151,6 +151,7 @@ An example event for `transitgateway` looks as following:
 | Field | Description | Type | Metric Type |
 |---|---|---|---|
 | @timestamp | Event timestamp. | date |  |
+| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword |  |
 | aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword |  |
 | aws.dimensions.\* | Metric dimensions. | object |  |
 | aws.dimensions.TransitGateway | Filters the metric data by transit gateway. | keyword |  |

diff --git a/packages/aws/docs/vpn.md b/packages/aws/docs/vpn.md
@@ -100,6 +100,7 @@ An example event for `vpn` looks as following:
 | Field | Description | Type | Metric Type |
 |---|---|---|---|
 | @timestamp | Event timestamp. | date |  |
+| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword |  |
 | aws.\*.metrics.\*.\* | Metrics that returned from Cloudwatch API query. | object |  |
 | aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword |  |
 | aws.dimensions.\* | Metric dimensions. | object |  |

diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: aws
 title: AWS
-version: 1.38.2
+version: 1.38.3
 license: basic
 description: Collect logs and metrics from Amazon Web Services with Elastic Agent.
 type: integration