Skip to content

Commit

Permalink
Add transform to spec (#307)
Browse files Browse the repository at this point in the history
  • Loading branch information
@eyalkraft
eyalkraft authored Jul 6, 2022
1 parent e63d9c9 commit 1395e87
Show file tree
Hide file tree
Showing 14 changed files with 1,002 additions and 0 deletions.
28 changes: 28 additions & 0 deletions test/packages/good/elasticsearch/transform/good_example_abc_1/transform.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
source:
index: kibana_sample_data_ecommerce
query:
term:
geoip.continent_name:
value: Asia
pivot:
group_by:
customer_id:
terms:
field: customer_id
aggregations:
max_price:
max:
field: taxful_total_price
description: Maximum priced ecommerce data by customer_id in Asia
dest:
index: kibana_sample_data_ecommerce_transform1
pipeline: add_timestamp_pipeline
frequency: 5m
sync:
time:
field: order_date
delay: 60s
retention_policy:
time:
field: order_date
max_age: 30d
1 change: 1 addition & 0 deletions test/packages/good/elasticsearch/transform/good_example_bdc_2/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
start: false
28 changes: 28 additions & 0 deletions test/packages/good/elasticsearch/transform/good_example_bdc_2/transform.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
source:
index: kibana_sample_data_ecommerce
query:
term:
geoip.continent_name:
value: Asia
pivot:
group_by:
customer_id:
terms:
field: customer_id
aggregations:
max_price:
max:
field: taxful_total_price
description: Maximum priced ecommerce data by customer_id in Asia
dest:
index: kibana_sample_data_ecommerce_transform1
pipeline: add_timestamp_pipeline
frequency: 5m
sync:
time:
field: order_date
delay: 60s
retention_policy:
time:
field: order_date
max_age: 30d
198 changes: 198 additions & 0 deletions test/packages/good/elasticsearch/transform/metadata_current/fields/fields.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,198 @@
- name: '@timestamp'
type: date
- name: updated_at
type: alias
path: event.ingested
- name: Endpoint
type: group
fields:
- name: configuration
type: group
fields:
- name: isolation
type: boolean
null_value: false
- name: policy
type: group
fields:
- name: applied
type: group
fields:
- name: id
type: keyword
ignore_above: 1024
- name: name
type: keyword
ignore_above: 1024
- name: status
type: keyword
ignore_above: 1024
- name: state
type: group
fields:
- name: isolation
type: boolean
null_value: false
- name: status
type: keyword
ignore_above: 1024
- name: capabilities
type: keyword
ignore_above: 128
doc_values: false
- name: agent
type: group
fields:
- name: id
type: keyword
ignore_above: 1024
- name: name
type: keyword
ignore_above: 1024
- name: type
type: keyword
ignore_above: 1024
- name: version
type: keyword
ignore_above: 1024
- name: data_stream
type: group
fields:
- name: dataset
type: constant_keyword
value: endpoint.metadata
- name: namespace
type: keyword
- name: type
type: constant_keyword
value: metrics
- name: ecs
type: group
fields:
- name: version
type: keyword
ignore_above: 1024
- name: elastic
type: group
fields:
- name: agent
type: group
fields:
- name: id
type: keyword
ignore_above: 1024
- name: event
type: group
fields:
- name: action
type: keyword
ignore_above: 1024
- name: category
type: keyword
ignore_above: 1024
- name: code
type: keyword
ignore_above: 1024
- name: created
type: date
- name: dataset
type: keyword
ignore_above: 1024
- name: hash
type: keyword
ignore_above: 1024
- name: id
type: keyword
ignore_above: 1024
- name: ingested
type: date
- name: kind
type: keyword
ignore_above: 1024
- name: module
type: keyword
ignore_above: 1024
- name: outcome
type: keyword
ignore_above: 1024
- name: provider
type: keyword
ignore_above: 1024
- name: sequence
type: long
- name: severity
type: long
- name: type
type: keyword
ignore_above: 1024
- name: host
type: group
fields:
- name: architecture
type: keyword
ignore_above: 1024
- name: domain
type: keyword
ignore_above: 1024
- name: hostname
type: keyword
ignore_above: 1024
- name: id
type: keyword
ignore_above: 1024
- name: ip
type: ip
- name: mac
type: keyword
ignore_above: 1024
- name: name
type: keyword
ignore_above: 1024
- name: os
type: group
fields:
- name: Ext
type: group
fields:
- name: variant
type: keyword
ignore_above: 1024
- name: family
type: keyword
ignore_above: 1024
- name: full
type: keyword
ignore_above: 1024
multi_fields:
- name: caseless
type: keyword
ignore_above: 1024
normalizer: lowercase
- name: text
type: text
norms: false
- name: kernel
type: keyword
ignore_above: 1024
- name: name
type: keyword
ignore_above: 1024
multi_fields:
- name: caseless
type: keyword
ignore_above: 1024
normalizer: lowercase
- name: text
type: text
norms: false
- name: platform
type: keyword
ignore_above: 1024
- name: version
type: keyword
ignore_above: 1024
- name: type
type: keyword
ignore_above: 1024
- name: uptime
type: long
13 changes: 13 additions & 0 deletions test/packages/good/elasticsearch/transform/metadata_current/manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
destination_index_template:
settings:
index:
codec: best_compression
refresh_interval: 5s
number_of_shards: 1
number_of_routing_shards: 30
sort.field:
- "@timestamp"
- agent.id
sort.order:
- desc
- asc
20 changes: 20 additions & 0 deletions test/packages/good/elasticsearch/transform/metadata_current/transform.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
source:
index: metrics-endpoint.metadata-*
query:
range:
"@timestamp":
gt: now-90d/d
dest:
index: metrics-endpoint.metadata_current_default
latest:
unique_key:
- elastic.agent.id
sort: "@timestamp"
description: Latest Endpoint metadata document per host
_meta:
managed: true
frequency: 1s
sync:
time:
field: event.ingested
delay: 1s
Loading

0 comments on commit 1395e87

Please sign in to comment.