Move add-cloud-metadata to ECS (#9265)

Fields renamed: ``` * meta.cloud.instance_id -> cloud.instance.id * meta.cloud.instance_name -> cloud.instance.name * meta.cloud.machine_type -> cloud.machine.type * meta.cloud.availability_zone -> cloud.availability_zone * meta.cloud.project_id -> cloud.project.id * meta.cloud.region -> cloud.region ``` Further changes: * Added alias for old fields * Update asset generation to include ECS assets in libbeat fields.yml. This is needed for testing as the aliases fields are in there.
elastic · Dec 13, 2018 · 9354aa0 · 9354aa0
1 parent d8246d5
commit 9354aa0
Show file tree

Hide file tree

Showing 35 changed files with 352 additions and 211 deletions.
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
@@ -13,6 +13,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha1...master[Check the HEAD d
 
 *Affecting all Beats*
 
+- Update add_cloud_metadata fields to adjust to ECS. {pull}9265[9265]
 - Automaticall cap signed integers to 63bits. {pull}8991[8991]
 
 *Auditbeat*

diff --git a/auditbeat/docs/fields.asciidoc b/auditbeat/docs/fields.asciidoc
@@ -2509,67 +2509,76 @@ Metadata from cloud providers added by the add_cloud_metadata processor.
 
 
 
-*`meta.cloud.provider`*::
+*`cloud.project.id`*::
 +
 --
-example: ec2
+example: project-x
 
-Name of the cloud provider. Possible values are ec2, gce, or digitalocean.
+Name of the project in Google Cloud.
 
 
+--
+
+*`meta.cloud.provider`*::
++
+--
+type: alias
+
+alias to: cloud.provider
+
 --
 
 *`meta.cloud.instance_id`*::
 +
 --
-Instance ID of the host machine.
+type: alias
 
+alias to: cloud.instance.id
 
 --
 
 *`meta.cloud.instance_name`*::
 +
 --
-Instance name of the host machine.
+type: alias
 
+alias to: cloud.instance.name
 
 --
 
 *`meta.cloud.machine_type`*::
 +
 --
-example: t2.medium
-
-Machine type of the host machine.
+type: alias
 
+alias to: cloud.machine.type
 
 --
 
 *`meta.cloud.availability_zone`*::
 +
 --
-example: us-east-1c
-
-Availability zone in which this host is running.
+type: alias
 
+alias to: cloud.availability_zone
 
 --
 
 *`meta.cloud.project_id`*::
 +
 --
-example: project-x
-
-Name of the project in Google Cloud.
+type: alias
 
+alias to: cloud.project.id
 
 --
 
 *`meta.cloud.region`*::
 +
 --
-Region in which this host is running.
+type: alias
 
+alias to: cloud.region
 
 --
 

diff --git a/auditbeat/include/fields.go b/auditbeat/include/fields.go
diff --git a/dev-tools/ecs-migration.yml b/dev-tools/ecs-migration.yml
@@ -51,6 +51,47 @@
 
 ## Suricata module
 
+# Processor fields
+
+# Cloud
+- form: meta.cloud.provider
+  to: cloud.provider
+  alias: true
+  alias6: true
+
+- form: meta.cloud.instance_id
+  to: cloud.instance.id
+  alias: true
+  alias6: true
+
+- form: meta.cloud.instance_name
+  to: cloud.instance.name
+  alias: true
+  alias6: true
+
+- form: meta.cloud.machine_type
+  to: cloud.machine.type
+  alias: true
+  alias6: true
+
+- form: meta.cloud.availability_zone
+  to: cloud.availability_zone
+  alias: true
+  alias6: true
+
+- form: meta.cloud.project_id
+  to: cloud.project.id
+  alias: true
+  alias6: true
+
+- form: meta.cloud.region
+  to: cloud.region
+  alias: true
+  alias6: true
+
+
+# Suricata module
+
 - from: source_ecs.ip
   to: source.ip
   alias: true

diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc
@@ -624,67 +624,76 @@ Metadata from cloud providers added by the add_cloud_metadata processor.
 
 
 
-*`meta.cloud.provider`*::
+*`cloud.project.id`*::
 +
 --
-example: ec2
+example: project-x
 
-Name of the cloud provider. Possible values are ec2, gce, or digitalocean.
+Name of the project in Google Cloud.
 
 
+--
+
+*`meta.cloud.provider`*::
++
+--
+type: alias
+
+alias to: cloud.provider
+
 --
 
 *`meta.cloud.instance_id`*::
 +
 --
-Instance ID of the host machine.
+type: alias
 
+alias to: cloud.instance.id
 
 --
 
 *`meta.cloud.instance_name`*::
 +
 --
-Instance name of the host machine.
+type: alias
 
+alias to: cloud.instance.name
 
 --
 
 *`meta.cloud.machine_type`*::
 +
 --
-example: t2.medium
-
-Machine type of the host machine.
+type: alias
 
+alias to: cloud.machine.type
 
 --
 
 *`meta.cloud.availability_zone`*::
 +
 --
-example: us-east-1c
-
-Availability zone in which this host is running.
+type: alias
 
+alias to: cloud.availability_zone
 
 --
 
 *`meta.cloud.project_id`*::
 +
 --
-example: project-x
-
-Name of the project in Google Cloud.
+type: alias
 
+alias to: cloud.project.id
 
 --
 
 *`meta.cloud.region`*::
 +
 --
-Region in which this host is running.
+type: alias
 
+alias to: cloud.region
 
 --
 

diff --git a/filebeat/include/fields.go b/filebeat/include/fields.go
diff --git a/heartbeat/docs/fields.asciidoc b/heartbeat/docs/fields.asciidoc
@@ -100,67 +100,76 @@ Metadata from cloud providers added by the add_cloud_metadata processor.
 
 
 
-*`meta.cloud.provider`*::
+*`cloud.project.id`*::
 +
 --
-example: ec2
+example: project-x
 
-Name of the cloud provider. Possible values are ec2, gce, or digitalocean.
+Name of the project in Google Cloud.
 
 
+--
+
+*`meta.cloud.provider`*::
++
+--
+type: alias
+
+alias to: cloud.provider
+
 --
 
 *`meta.cloud.instance_id`*::
 +
 --
-Instance ID of the host machine.
+type: alias
 
+alias to: cloud.instance.id
 
 --
 
 *`meta.cloud.instance_name`*::
 +
 --
-Instance name of the host machine.
+type: alias
 
+alias to: cloud.instance.name
 
 --
 
 *`meta.cloud.machine_type`*::
 +
 --
-example: t2.medium
-
-Machine type of the host machine.
+type: alias
 
+alias to: cloud.machine.type
 
 --
 
 *`meta.cloud.availability_zone`*::
 +
 --
-example: us-east-1c
-
-Availability zone in which this host is running.
+type: alias
 
+alias to: cloud.availability_zone
 
 --
 
 *`meta.cloud.project_id`*::
 +
 --
-example: project-x
-
-Name of the project in Google Cloud.
+type: alias
 
+alias to: cloud.project.id
 
 --
 
 *`meta.cloud.region`*::
 +
 --
-Region in which this host is running.
+type: alias
 
+alias to: cloud.region
 
 --
 

diff --git a/heartbeat/include/fields.go b/heartbeat/include/fields.go