update libbeat fields.ecs.yml file and ecsVersion to 1.10.0

CHANGELOG-developer.asciidoc

@@ -208,3 +208,4 @@ The list below covers the major changes between 6.3.0 and 7.0.0-alpha2 only.
 - Allow/Merge fields.yml overrides {pull}9188[9188]
 - Filesets can now define multiple ingest pipelines, with the first one considered as the entry point pipeline. {pull}8914[8914]
 - Add `group_measurements_by_instance` option to windows perfmon metricset. {pull}8688[8688]
+- Bump ECS version to 1.10.0. {issue}25734[25734]

NOTICE.txt

@@ -6133,11 +6133,11 @@ This Agreement is governed by the laws of the State of New York and the intellec
 
 --------------------------------------------------------------------------------
 Dependency : github.com/elastic/ecs
-Version: v1.8.0
+Version: v1.10.0
 Licence type (autodetected): Apache-2.0
 --------------------------------------------------------------------------------
 
-Contents of probable licence file $GOMODCACHE/github.com/elastic/ecs@v1.8.0/LICENSE.txt:
+Contents of probable licence file $GOMODCACHE/github.com/elastic/ecs@v1.10.0/LICENSE.txt:
 
 
                                  Apache License

go.mod

@@ -61,7 +61,7 @@ require (
 	github.com/dustin/go-humanize v1.0.0
 	github.com/eapache/go-resiliency v1.2.0
 	github.com/eclipse/paho.mqtt.golang v1.2.1-0.20200121105743-0d940dd29fd2
-	github.com/elastic/ecs v1.8.0
+	github.com/elastic/ecs v1.10.0
 	github.com/elastic/elastic-agent-client/v7 v7.0.0-20210308165121-7dd05ee2b5a5
 	github.com/elastic/go-concert v0.1.0
 	github.com/elastic/go-libaudit/v2 v2.2.0

go.sum

@@ -247,8 +247,8 @@ github.com/eclipse/paho.mqtt.golang v1.2.1-0.20200121105743-0d940dd29fd2 h1:DW6W
 github.com/eclipse/paho.mqtt.golang v1.2.1-0.20200121105743-0d940dd29fd2/go.mod h1:H9keYFcgq3Qr5OUJm/JZI/i6U7joQ8SYLhZwfeOo6Ts=
 github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3 h1:lnDkqiRFKm0rxdljqrj3lotWinO9+jFmeDXIC4gvIQs=
 github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3/go.mod h1:aPqzac6AYkipvp4hufTyMj5PDIphF3+At8zr7r51xjY=
-github.com/elastic/ecs v1.8.0 h1:wa61IDQsQcZyJa6hwbhqGO+631H+kGHhe0J4V7tMPZY=
-github.com/elastic/ecs v1.8.0/go.mod h1:pgiLbQsijLOJvFR8OTILLu0Ni/R/foUNg0L+T6mU9b4=
+github.com/elastic/ecs v1.10.0 h1:C+0ZidF/eh5DKYAZBir3Hq9Q6aMXcwpgEuQnj4bRzKA=
+github.com/elastic/ecs v1.10.0/go.mod h1:pgiLbQsijLOJvFR8OTILLu0Ni/R/foUNg0L+T6mU9b4=
 github.com/elastic/elastic-agent-client/v7 v7.0.0-20210308165121-7dd05ee2b5a5 h1:n4VHMzwk4o8+0zTCDej1M6uUR9rkzScpSeZXi0B8y1w=
 github.com/elastic/elastic-agent-client/v7 v7.0.0-20210308165121-7dd05ee2b5a5/go.mod h1:uh/Gj9a0XEbYoM4NYz4LvaBVARz3QXLmlNjsrKY9fTc=
 github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270 h1:cWPqxlPtir4RoQVCpGSRXmLqjEHpJKbR60rxh1nQZY4=

libbeat/_meta/fields.ecs.yml

@@ -1,5 +1,5 @@
 # WARNING! Do not edit this file directly, it was generated by the ECS project,
-# based on ECS version 1.9.0.
+# based on ECS version 1.10.0.
 # Please visit https://github.com/elastic/ecs to suggest changes to ECS fields.
 
 - key: ecs
@@ -638,54 +638,54 @@
       title: Data Stream
       group: 2
       description: 'The data_stream fields take part in defining the new data stream
-        naming scheme.
-
-        In the new data stream naming scheme the value of the data stream fields combine
-        to the name of the actual data stream in the following manner: `{data_stream.type}-{data_stream.dataset}-{data_stream.namespace}`.
-        This means the fields can only contain characters that are valid as part of
-        names of data streams. More details about this can be found in this https://www.elastic.co/blog/an-introduction-to-the-elastic-data-stream-naming-scheme[blog
-        post].
-
-        An Elasticsearch data stream consists of one or more backing indices, and a
-        data stream name forms part of the backing indices names. Due to this convention,
-        data streams must also follow index naming restrictions. For example, data stream
-        names cannot include `\`, `/`, `*`, `?`, `"`, `<`, `>`, `|`, ` ` (space character),
-        `,`, or `#`. Please see the Elasticsearch reference for additional https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html#indices-create-api-path-params[restrictions].'
+      naming scheme.
+
+      In the new data stream naming scheme the value of the data stream fields combine
+      to the name of the actual data stream in the following manner: `{data_stream.type}-{data_stream.dataset}-{data_stream.namespace}`.
+      This means the fields can only contain characters that are valid as part of
+      names of data streams. More details about this can be found in this https://www.elastic.co/blog/an-introduction-to-the-elastic-data-stream-naming-scheme[blog
+      post].
+
+      An Elasticsearch data stream consists of one or more backing indices, and a
+      data stream name forms part of the backing indices names. Due to this convention,
+      data streams must also follow index naming restrictions. For example, data stream
+      names cannot include `\`, `/`, `*`, `?`, `"`, `<`, `>`, `|`, ` ` (space character),
+      `,`, or `#`. Please see the Elasticsearch reference for additional https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html#indices-create-api-path-params[restrictions].'
       type: group
       fields:
-      - name: dataset
-        level: extended
-        type: constant_keyword
-        description: "The field can contain anything that makes sense to signify the\
-          \ source of the data.\nExamples include `nginx.access`, `prometheus`, `endpoint`\
-          \ etc. For data streams that otherwise fit, but that do not have dataset set\
-          \ we use the value \"generic\" for the dataset value. `event.dataset` should\
-          \ have the same value as `data_stream.dataset`.\nBeyond the Elasticsearch\
-          \ data stream naming criteria noted above, the `dataset` value has additional\
-          \ restrictions:\n  * Must not contain `-`\n  * No longer than 100 characters"
-        example: nginx.access
-        default_field: false
-      - name: namespace
-        level: extended
-        type: constant_keyword
-        description: "A user defined namespace. Namespaces are useful to allow grouping\
-          \ of data.\nMany users already organize their indices this way, and the data\
-          \ stream naming scheme now provides this best practice as a default. Many\
-          \ users will populate this field with `default`. If no value is used, it falls\
-          \ back to `default`.\nBeyond the Elasticsearch index naming criteria noted\
-          \ above, `namespace` value has the additional restrictions:\n  * Must not\
-          \ contain `-`\n  * No longer than 100 characters"
-        example: production
-        default_field: false
-      - name: type
-        level: extended
-        type: constant_keyword
-        description: 'An overarching type for the data stream.
-
-          Currently allowed values are "logs" and "metrics". We expect to also add "traces"
-          and "synthetics" in the near future.'
-        example: logs
-        default_field: false
+        - name: dataset
+          level: extended
+          type: constant_keyword
+          description: "The field can contain anything that makes sense to signify the\
+        \ source of the data.\nExamples include `nginx.access`, `prometheus`, `endpoint`\
+        \ etc. For data streams that otherwise fit, but that do not have dataset set\
+        \ we use the value \"generic\" for the dataset value. `event.dataset` should\
+        \ have the same value as `data_stream.dataset`.\nBeyond the Elasticsearch\
+        \ data stream naming criteria noted above, the `dataset` value has additional\
+        \ restrictions:\n  * Must not contain `-`\n  * No longer than 100 characters"
+          example: nginx.access
+          default_field: false
+        - name: namespace
+          level: extended
+          type: constant_keyword
+          description: "A user defined namespace. Namespaces are useful to allow grouping\
+        \ of data.\nMany users already organize their indices this way, and the data\
+        \ stream naming scheme now provides this best practice as a default. Many\
+        \ users will populate this field with `default`. If no value is used, it falls\
+        \ back to `default`.\nBeyond the Elasticsearch index naming criteria noted\
+        \ above, `namespace` value has the additional restrictions:\n  * Must not\
+        \ contain `-`\n  * No longer than 100 characters"
+          example: production
+          default_field: false
+        - name: type
+          level: extended
+          type: constant_keyword
+          description: 'An overarching type for the data stream.
+
+        Currently allowed values are "logs" and "metrics". We expect to also add "traces"
+        and "synthetics" in the near future.'
+          example: logs
+          default_field: false
     - name: destination
       title: Destination
       group: 2

metricbeat/cmd/root.go

@@ -43,7 +43,7 @@ const (
 	Name = "metricbeat"
 
 	// ecsVersion specifies the version of ECS that this beat is implementing.
-	ecsVersion = "1.9.0"
+	ecsVersion = "1.10.0"
 )
 
 // RootCmd to handle beats cli

packetbeat/cmd/root.go

@@ -37,7 +37,7 @@ const (
 	Name = "packetbeat"
 
 	// ecsVersion specifies the version of ECS that Packetbeat is implementing.
-	ecsVersion = "1.9.0"
+	ecsVersion = "1.10.0"
 )
 
 // withECSVersion is a modifier that adds ecs.version to events.

packetbeat/protos/http/event.go

@@ -36,6 +36,9 @@ type ProtocolFields struct {
 	// "Lowercase Capitalization" in the "Implementing ECS"  section.
 	RequestMethod common.NetString `ecs:"request.method"`
 
+	// HTTP request ID.
+	RequestID common.NetString `ecs:"request.id"`
+
 	// The full http request body.
 	RequestBodyContent common.NetString `ecs:"request.body.content"`
 

x-pack/metricbeat/cmd/root.go

@@ -31,7 +31,7 @@ const (
 	Name = "metricbeat"
 
 	// ecsVersion specifies the version of ECS that this beat is implementing.
-	ecsVersion = "1.9.0"
+	ecsVersion = "1.10.0"
 )
 
 // RootCmd to handle beats cli