Skip to content

Commit

Permalink
Cherry-pick #26121 to 7.x: update libbeat fields.ecs.yml file and ecs…
Browse files Browse the repository at this point in the history
…Version to 1.10.0 (#26500)
  • Loading branch information
kaiyan-sheng authored Jun 29, 2021
1 parent 43c68d4 commit 5d2baaa
Show file tree
Hide file tree
Showing 18 changed files with 68 additions and 64 deletions.
1 change: 1 addition & 0 deletions CHANGELOG-developer.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -201,3 +201,4 @@ The list below covers the major changes between 6.3.0 and 7.0.0-alpha2 only.
- Allow/Merge fields.yml overrides {pull}9188[9188]
- Filesets can now define multiple ingest pipelines, with the first one considered as the entry point pipeline. {pull}8914[8914]
- Add `group_measurements_by_instance` option to windows perfmon metricset. {pull}8688[8688]
- Bump ECS version to 1.10.0. {issue}25734[25734]
4 changes: 2 additions & 2 deletions NOTICE.txt
Original file line number Diff line number Diff line change
Expand Up @@ -6103,11 +6103,11 @@ This Agreement is governed by the laws of the State of New York and the intellec

--------------------------------------------------------------------------------
Dependency : github.com/elastic/ecs
Version: v1.8.0
Version: v1.10.0
Licence type (autodetected): Apache-2.0
--------------------------------------------------------------------------------

Contents of probable licence file $GOMODCACHE/github.com/elastic/ecs@v1.8.0/LICENSE.txt:
Contents of probable licence file $GOMODCACHE/github.com/elastic/ecs@v1.10.0/LICENSE.txt:


Apache License
Expand Down
2 changes: 1 addition & 1 deletion auditbeat/include/fields.go

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion filebeat/include/fields.go

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ require (
github.com/dustin/go-humanize v1.0.0
github.com/eapache/go-resiliency v1.2.0
github.com/eclipse/paho.mqtt.golang v1.2.1-0.20200121105743-0d940dd29fd2
github.com/elastic/ecs v1.8.0
github.com/elastic/ecs v1.10.0
github.com/elastic/elastic-agent-client/v7 v7.0.0-20210308165121-7dd05ee2b5a5
github.com/elastic/go-concert v0.1.0
github.com/elastic/go-libaudit/v2 v2.2.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -247,8 +247,8 @@ github.com/eclipse/paho.mqtt.golang v1.2.1-0.20200121105743-0d940dd29fd2 h1:DW6W
github.com/eclipse/paho.mqtt.golang v1.2.1-0.20200121105743-0d940dd29fd2/go.mod h1:H9keYFcgq3Qr5OUJm/JZI/i6U7joQ8SYLhZwfeOo6Ts=
github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3 h1:lnDkqiRFKm0rxdljqrj3lotWinO9+jFmeDXIC4gvIQs=
github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3/go.mod h1:aPqzac6AYkipvp4hufTyMj5PDIphF3+At8zr7r51xjY=
github.com/elastic/ecs v1.8.0 h1:wa61IDQsQcZyJa6hwbhqGO+631H+kGHhe0J4V7tMPZY=
github.com/elastic/ecs v1.8.0/go.mod h1:pgiLbQsijLOJvFR8OTILLu0Ni/R/foUNg0L+T6mU9b4=
github.com/elastic/ecs v1.10.0 h1:C+0ZidF/eh5DKYAZBir3Hq9Q6aMXcwpgEuQnj4bRzKA=
github.com/elastic/ecs v1.10.0/go.mod h1:pgiLbQsijLOJvFR8OTILLu0Ni/R/foUNg0L+T6mU9b4=
github.com/elastic/elastic-agent-client/v7 v7.0.0-20210308165121-7dd05ee2b5a5 h1:n4VHMzwk4o8+0zTCDej1M6uUR9rkzScpSeZXi0B8y1w=
github.com/elastic/elastic-agent-client/v7 v7.0.0-20210308165121-7dd05ee2b5a5/go.mod h1:uh/Gj9a0XEbYoM4NYz4LvaBVARz3QXLmlNjsrKY9fTc=
github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270 h1:cWPqxlPtir4RoQVCpGSRXmLqjEHpJKbR60rxh1nQZY4=
Expand Down
2 changes: 1 addition & 1 deletion heartbeat/include/fields.go

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion journalbeat/include/fields.go

Large diffs are not rendered by default.

94 changes: 47 additions & 47 deletions libbeat/_meta/fields.ecs.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# WARNING! Do not edit this file directly, it was generated by the ECS project,
# based on ECS version 1.9.0.
# based on ECS version 1.10.0.
# Please visit https://github.com/elastic/ecs to suggest changes to ECS fields.

- key: ecs
Expand Down Expand Up @@ -638,54 +638,54 @@
title: Data Stream
group: 2
description: 'The data_stream fields take part in defining the new data stream
naming scheme.
In the new data stream naming scheme the value of the data stream fields combine
to the name of the actual data stream in the following manner: `{data_stream.type}-{data_stream.dataset}-{data_stream.namespace}`.
This means the fields can only contain characters that are valid as part of
names of data streams. More details about this can be found in this https://www.elastic.co/blog/an-introduction-to-the-elastic-data-stream-naming-scheme[blog
post].
An Elasticsearch data stream consists of one or more backing indices, and a
data stream name forms part of the backing indices names. Due to this convention,
data streams must also follow index naming restrictions. For example, data stream
names cannot include `\`, `/`, `*`, `?`, `"`, `<`, `>`, `|`, ` ` (space character),
`,`, or `#`. Please see the Elasticsearch reference for additional https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html#indices-create-api-path-params[restrictions].'
naming scheme.
In the new data stream naming scheme the value of the data stream fields combine
to the name of the actual data stream in the following manner: `{data_stream.type}-{data_stream.dataset}-{data_stream.namespace}`.
This means the fields can only contain characters that are valid as part of
names of data streams. More details about this can be found in this https://www.elastic.co/blog/an-introduction-to-the-elastic-data-stream-naming-scheme[blog
post].
An Elasticsearch data stream consists of one or more backing indices, and a
data stream name forms part of the backing indices names. Due to this convention,
data streams must also follow index naming restrictions. For example, data stream
names cannot include `\`, `/`, `*`, `?`, `"`, `<`, `>`, `|`, ` ` (space character),
`,`, or `#`. Please see the Elasticsearch reference for additional https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html#indices-create-api-path-params[restrictions].'
type: group
fields:
- name: dataset
level: extended
type: constant_keyword
description: "The field can contain anything that makes sense to signify the\
\ source of the data.\nExamples include `nginx.access`, `prometheus`, `endpoint`\
\ etc. For data streams that otherwise fit, but that do not have dataset set\
\ we use the value \"generic\" for the dataset value. `event.dataset` should\
\ have the same value as `data_stream.dataset`.\nBeyond the Elasticsearch\
\ data stream naming criteria noted above, the `dataset` value has additional\
\ restrictions:\n * Must not contain `-`\n * No longer than 100 characters"
example: nginx.access
default_field: false
- name: namespace
level: extended
type: constant_keyword
description: "A user defined namespace. Namespaces are useful to allow grouping\
\ of data.\nMany users already organize their indices this way, and the data\
\ stream naming scheme now provides this best practice as a default. Many\
\ users will populate this field with `default`. If no value is used, it falls\
\ back to `default`.\nBeyond the Elasticsearch index naming criteria noted\
\ above, `namespace` value has the additional restrictions:\n * Must not\
\ contain `-`\n * No longer than 100 characters"
example: production
default_field: false
- name: type
level: extended
type: constant_keyword
description: 'An overarching type for the data stream.
Currently allowed values are "logs" and "metrics". We expect to also add "traces"
and "synthetics" in the near future.'
example: logs
default_field: false
- name: dataset
level: extended
type: constant_keyword
description: "The field can contain anything that makes sense to signify the\
\ source of the data.\nExamples include `nginx.access`, `prometheus`, `endpoint`\
\ etc. For data streams that otherwise fit, but that do not have dataset set\
\ we use the value \"generic\" for the dataset value. `event.dataset` should\
\ have the same value as `data_stream.dataset`.\nBeyond the Elasticsearch\
\ data stream naming criteria noted above, the `dataset` value has additional\
\ restrictions:\n * Must not contain `-`\n * No longer than 100 characters"
example: nginx.access
default_field: false
- name: namespace
level: extended
type: constant_keyword
description: "A user defined namespace. Namespaces are useful to allow grouping\
\ of data.\nMany users already organize their indices this way, and the data\
\ stream naming scheme now provides this best practice as a default. Many\
\ users will populate this field with `default`. If no value is used, it falls\
\ back to `default`.\nBeyond the Elasticsearch index naming criteria noted\
\ above, `namespace` value has the additional restrictions:\n * Must not\
\ contain `-`\n * No longer than 100 characters"
example: production
default_field: false
- name: type
level: extended
type: constant_keyword
description: 'An overarching type for the data stream.
Currently allowed values are "logs" and "metrics". We expect to also add "traces"
and "synthetics" in the near future.'
example: logs
default_field: false
- name: destination
title: Destination
group: 2
Expand Down
2 changes: 1 addition & 1 deletion metricbeat/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ const (
Name = "metricbeat"

// ecsVersion specifies the version of ECS that this beat is implementing.
ecsVersion = "1.9.0"
ecsVersion = "1.10.0"
)

// RootCmd to handle beats cli
Expand Down
2 changes: 1 addition & 1 deletion packetbeat/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ const (
Name = "packetbeat"

// ecsVersion specifies the version of ECS that Packetbeat is implementing.
ecsVersion = "1.9.0"
ecsVersion = "1.10.0"
)

// withECSVersion is a modifier that adds ecs.version to events.
Expand Down
2 changes: 1 addition & 1 deletion packetbeat/include/fields.go

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions packetbeat/protos/http/event.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@ type ProtocolFields struct {
// "Lowercase Capitalization" in the "Implementing ECS" section.
RequestMethod common.NetString `ecs:"request.method"`

// HTTP request ID.
RequestID common.NetString `ecs:"request.id"`

// The full http request body.
RequestBodyContent common.NetString `ecs:"request.body.content"`

Expand Down
2 changes: 1 addition & 1 deletion winlogbeat/include/fields.go

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion x-pack/functionbeat/include/fields.go

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion x-pack/heartbeat/include/fields.go

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion x-pack/metricbeat/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ const (
Name = "metricbeat"

// ecsVersion specifies the version of ECS that this beat is implementing.
ecsVersion = "1.9.0"
ecsVersion = "1.10.0"
)

// RootCmd to handle beats cli
Expand Down
2 changes: 1 addition & 1 deletion x-pack/osquerybeat/include/fields.go

Large diffs are not rendered by default.

0 comments on commit 5d2baaa

Please sign in to comment.