[AWS] Add dimensions to firewall, transit gateway and vpn data streams

packages/aws/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.36.9"
+  changes:
+    - description: Add dimension fields to firewall, transit gateway and vpn data streams.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/6339
 - version: "1.36.8"
   changes:
     - description: Add dimension fields to usage, dynamoDB and ELB data streams.

packages/aws/data_stream/firewall_metrics/fields/ecs.yml

@@ -2,6 +2,7 @@
   name: cloud
 - external: ecs
   name: cloud.account.id
+  dimension: true
 - external: ecs
   name: cloud.account.name
 - external: ecs
@@ -14,6 +15,7 @@
   name: cloud.provider
 - external: ecs
   name: cloud.region
+  dimension: true
 - external: ecs
   name: ecs.version
 - external: ecs
@@ -60,3 +62,6 @@
   name: container.labels
 - external: ecs
   name: container.name
+- name: agent.id
+  external: ecs
+  dimension: true

packages/aws/data_stream/firewall_metrics/fields/fields.yml

@@ -21,15 +21,19 @@
       fields:
         - name: AvailabilityZone
           type: keyword
+          dimension: true
           description: Availability Zone in the Region where the Network Firewall firewall is active.
         - name: CustomAction
           type: keyword
+          dimension: true
           description: Dimension for a publish metrics custom action that you defined. You can define this for a rule action in a stateless rule group or for a stateless default action in a firewall policy.
         - name: Engine
           type: keyword
+          dimension: true
           description: Rules engine that processed the packet. The value for this is either Stateful or Stateless.
         - name: FirewallName
           type: keyword
+          dimension: true
           description: Name that you specified for the Network Firewall firewall.
     - name: cloudwatch
       type: group

packages/aws/data_stream/transitgateway/fields/ecs.yml

@@ -2,6 +2,7 @@
   name: cloud
 - external: ecs
   name: cloud.account.id
+  dimension: true
 - external: ecs
   name: cloud.account.name
 - external: ecs
@@ -18,6 +19,7 @@
   name: cloud.provider
 - external: ecs
   name: cloud.region
+  dimension: true
 - external: ecs
   name: ecs.version
 - external: ecs
@@ -60,3 +62,6 @@
   name: container.labels
 - external: ecs
   name: container.name
+- name: agent.id
+  external: ecs
+  dimension: true

packages/aws/data_stream/transitgateway/fields/fields.yml

@@ -5,9 +5,11 @@
       type: group
       fields:
         - name: TransitGateway
+          dimension: true
           type: keyword
           description: Filters the metric data by transit gateway.
         - name: TransitGatewayAttachment
+          dimension: true
           type: keyword
           description: Filters the metric data by transit gateway attachment.
     - name: transitgateway

packages/aws/data_stream/vpn/fields/ecs.yml

@@ -2,6 +2,7 @@
   name: cloud
 - external: ecs
   name: cloud.account.id
+  dimension: true
 - external: ecs
   name: cloud.account.name
 - external: ecs
@@ -18,6 +19,7 @@
   name: cloud.provider
 - external: ecs
   name: cloud.region
+  dimension: true
 - external: ecs
   name: ecs.version
 - external: ecs
@@ -60,3 +62,6 @@
   name: container.labels
 - external: ecs
   name: container.name
+- name: agent.id
+  external: ecs
+  dimension: true

packages/aws/data_stream/vpn/fields/fields.yml

@@ -21,9 +21,11 @@
       fields:
         - name: VpnId
           type: keyword
+          dimension: true
           description: Filters the metric data by the Site-to-Site VPN connection ID.
         - name: TunnelIpAddress
           type: keyword
+          dimension: true
           description: Filters the metric data by the IP address of the tunnel for the virtual private gateway.
     - name: cloudwatch
       type: group

packages/aws/docs/firewall.md

@@ -413,6 +413,7 @@ An example event for `firewall` looks as following:
 | Field | Description | Type |
 |---|---|---|
 | @timestamp | Event timestamp. | date |
+| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword |
 | aws.\*.metrics.\*.\* | Metrics that returned from Cloudwatch API query. | object |
 | aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword |
 | aws.dimensions.\* | Metric dimensions. | object |

packages/aws/docs/transitgateway.md

@@ -151,6 +151,7 @@ An example event for `transitgateway` looks as following:
 | Field | Description | Type |
 |---|---|---|
 | @timestamp | Event timestamp. | date |
+| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword |
 | aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword |
 | aws.dimensions.\* | Metric dimensions. | object |
 | aws.dimensions.TransitGateway | Filters the metric data by transit gateway. | keyword |

packages/aws/docs/vpn.md

@@ -100,6 +100,7 @@ An example event for `vpn` looks as following:
 | Field | Description | Type |
 |---|---|---|
 | @timestamp | Event timestamp. | date |
+| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword |
 | aws.\*.metrics.\*.\* | Metrics that returned from Cloudwatch API query. | object |
 | aws.cloudwatch.namespace | The namespace specified when query cloudwatch api. | keyword |
 | aws.dimensions.\* | Metric dimensions. | object |

packages/aws/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: aws
 title: AWS
-version: 1.36.8
+version: 1.36.9
 license: basic
 description: Collect logs and metrics from Amazon Web Services with Elastic Agent.
 type: integration