Skip to content

[linux] Update ECS to 1.12 #1697

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
marc-gr merged 1 commit into from
Sep 21, 2021
Merged

[linux] Update ECS to 1.12 #1697

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/linux/_dev/build/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
dependencies:
ecs:
reference: git@1.10
reference: git@1.12
5 changes: 5 additions & 0 deletions packages/linux/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "0.6.0"
changes:
- description: Update to ECS 1.12.0
type: enhancement
link: https://github.com/elastic/integrations/pull/1697
- version: "0.5.1"
changes:
- description: Escape special characters in docs
Expand Down
17 changes: 8 additions & 9 deletions packages/linux/data_stream/conntrack/fields/ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
- name: ecs.version
external: ecs
- name: event.duration
external: ecs
- name: service.address
type: keyword
description: Service address
- name: service.type
external: ecs
- external: ecs
name: ecs.version
- external: ecs
name: event.duration
- external: ecs
name: service.address
- external: ecs
name: service.type
17 changes: 8 additions & 9 deletions packages/linux/data_stream/entropy/fields/ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
- name: ecs.version
external: ecs
- name: event.duration
external: ecs
- name: service.address
type: keyword
description: Service address
- name: service.type
external: ecs
- external: ecs
name: ecs.version
- external: ecs
name: event.duration
- external: ecs
name: service.address
- external: ecs
name: service.type
17 changes: 8 additions & 9 deletions packages/linux/data_stream/iostat/fields/ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
- name: ecs.version
external: ecs
- name: event.duration
external: ecs
- name: service.address
type: keyword
description: Service address
- name: service.type
external: ecs
- external: ecs
name: ecs.version
- external: ecs
name: event.duration
- external: ecs
name: service.address
- external: ecs
name: service.type
17 changes: 8 additions & 9 deletions packages/linux/data_stream/ksm/fields/ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
- name: ecs.version
external: ecs
- name: event.duration
external: ecs
- name: service.address
type: keyword
description: Service address
- name: service.type
external: ecs
- external: ecs
name: ecs.version
- external: ecs
name: event.duration
- external: ecs
name: service.address
- external: ecs
name: service.type
17 changes: 8 additions & 9 deletions packages/linux/data_stream/memory/fields/ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
- name: ecs.version
external: ecs
- name: event.duration
external: ecs
- name: service.address
type: keyword
description: Service address
- name: service.type
external: ecs
- external: ecs
name: ecs.version
- external: ecs
name: event.duration
- external: ecs
name: service.address
- external: ecs
name: service.type
17 changes: 8 additions & 9 deletions packages/linux/data_stream/network_summary/fields/ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
- name: ecs.version
external: ecs
- name: event.duration
external: ecs
- name: service.address
type: keyword
description: Service address
- name: service.type
external: ecs
- external: ecs
name: ecs.version
- external: ecs
name: event.duration
- external: ecs
name: service.address
- external: ecs
name: service.type
17 changes: 8 additions & 9 deletions packages/linux/data_stream/pageinfo/fields/ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
- name: ecs.version
external: ecs
- name: event.duration
external: ecs
- name: service.address
type: keyword
description: Service address
- name: service.type
external: ecs
- external: ecs
name: ecs.version
- external: ecs
name: event.duration
- external: ecs
name: service.address
- external: ecs
name: service.type
17 changes: 8 additions & 9 deletions packages/linux/data_stream/raid/fields/ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
- name: ecs.version
external: ecs
- name: event.duration
external: ecs
- name: service.address
type: keyword
description: Service address
- name: service.type
external: ecs
- external: ecs
name: ecs.version
- external: ecs
name: event.duration
- external: ecs
name: service.address
- external: ecs
name: service.type
192 changes: 50 additions & 142 deletions packages/linux/data_stream/service/fields/ecs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,142 +1,50 @@
- name: ecs.version
external: ecs
- name: event.duration
external: ecs
- name: service.address
type: keyword
description: Service address
- name: service.type
external: ecs
- name: process
title: Process
group: 2
type: group
fields:
- name: name
level: extended
type: keyword
description: |-
Process name.
Sometimes called program name or similar.
ignore_above: 1024
multi_fields:
- name: text
type: text
norms: false
default_field: false
- name: pgid
level: extended
type: long
format: string
description: Identifier of the group of processes the process belongs to.
- name: exit_code
level: extended
type: long
format: string
description: Identifier of the group of processes the process belongs to.
- name: pid
level: core
type: long
format: string
description: Process id.
- name: ppid
level: extended
type: long
format: string
description: Parent process' pid.
- name: working_directory
level: extended
type: keyword
description: The working directory of the process.
ignore_above: 1024
multi_fields:
- name: text
type: text
norms: false
default_field: false
- name: user
title: User
group: 2
type: group
fields:
- name: name
level: core
type: keyword
description: Short name or login of the user.
ignore_above: 1024
multi_fields:
- name: text
type: text
norms: false
default_field: false
- name: host
title: Host
group: 2
description: 'A host is defined as a general computing instance.

ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.'
type: group
fields:
- name: architecture
level: core
type: keyword
ignore_above: 1024
description: Operating system architecture.
example: x86_64
- name: ip
level: core
type: ip
description: Host ip address.
- name: mac
level: core
type: keyword
ignore_above: 1024
description: Host mac address.
- name: name
level: core
type: keyword
ignore_above: 1024
description: 'Name of the host.

It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.'
- name: os.family
level: extended
type: keyword
ignore_above: 1024
description: OS family (such as redhat, debian, freebsd, windows).
example: debian
- name: os.full
level: extended
type: keyword
ignore_above: 1024
description: Operating system name, including the version or code name.
example: Mac OS Mojave
- name: os.kernel
level: extended
type: keyword
ignore_above: 1024
description: Operating system kernel version as a raw string.
example: 4.4.0-112-generic
- name: os.name
level: extended
type: keyword
ignore_above: 1024
description: Operating system name, without the version.
example: Mac OS X
- name: os.platform
level: extended
type: keyword
ignore_above: 1024
description: Operating system platform (such centos, ubuntu, windows).
example: darwin
- name: os.version
level: extended
type: keyword
ignore_above: 1024
description: Operating system version as a raw string.
example: 10.14.1
- name: type
level: core
type: keyword
ignore_above: 1024
description: Type of host.
- external: ecs
name: ecs.version
- external: ecs
name: event.duration
- external: ecs
name: service.address
- external: ecs
name: service.type
- external: ecs
name: process
- external: ecs
name: process.name
- external: ecs
name: process.pgid
- external: ecs
name: process.exit_code
- external: ecs
name: process.pid
- external: ecs
name: process.ppid
- external: ecs
name: process.working_directory
- external: ecs
name: user
- external: ecs
name: user.name
- external: ecs
name: host
- external: ecs
name: host.architecture
- external: ecs
name: host.ip
- external: ecs
name: host.mac
- external: ecs
name: host.name
- external: ecs
name: host.os.family
- external: ecs
name: host.os.full
- external: ecs
name: host.os.kernel
- external: ecs
name: host.os.name
- external: ecs
name: host.os.platform
- external: ecs
name: host.os.version
- external: ecs
name: host.type
Loading