diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index cfa90dc05..0e46b2013 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -39,6 +39,7 @@ Thanks, you're awesome :-) --> #### Added * Add `access` as an allowed type for `event.type: file`. #2174 +* Add `orchestrator.resource.annotation` and `orchestrator.resource.label`. #2181 * Add `event.kind: asset` as a beta category. #2191 ### Tooling and Artifact Changes diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc index 6c78f2919..02fd3a99a 100644 --- a/docs/fields/field-details.asciidoc +++ b/docs/fields/field-details.asciidoc @@ -6957,6 +6957,25 @@ example: `elastic` // =============================================================== +| +[[field-orchestrator-resource-annotation]] +<> + +a| The list of annotations added to the resource. + +type: keyword + + +Note: this field should contain an array of values. + + + +example: `['key1:value1', 'key2:value2', 'key3:value3']` + +| extended + +// =============================================================== + | [[field-orchestrator-resource-id]] <> @@ -6988,6 +7007,25 @@ Note: this field should contain an array of values. +| extended + +// =============================================================== + +| +[[field-orchestrator-resource-label]] +<> + +a| The list of labels added to the resource. + +type: keyword + + +Note: this field should contain an array of values. + + + +example: `['key1:value1', 'key2:value2', 'key3:value3']` + | extended // =============================================================== diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 6d567340b..6e902323c 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -5179,6 +5179,13 @@ setups). example: elastic default_field: false + - name: resource.annotation + level: extended + type: keyword + ignore_above: 1024 + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + default_field: false - name: resource.id level: extended type: keyword @@ -5193,6 +5200,13 @@ only one element: the IP of the Pod (as opposed to the Node on which the Pod is running).' default_field: false + - name: resource.label + level: extended + type: keyword + ignore_above: 1024 + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + default_field: false - name: resource.name level: extended type: keyword diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index e9e979dd4..334e732da 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -559,8 +559,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.8.0-dev+exp,true,orchestrator,orchestrator.cluster.version,keyword,extended,,,The version of the cluster. 8.8.0-dev+exp,true,orchestrator,orchestrator.namespace,keyword,extended,,kube-system,Namespace in which the action is taking place. 8.8.0-dev+exp,true,orchestrator,orchestrator.organization,keyword,extended,,elastic,Organization affected by the event (for multi-tenant orchestrator setups). +8.8.0-dev+exp,true,orchestrator,orchestrator.resource.annotation,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of annotations added to the resource. 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.id,keyword,extended,,,Unique ID of the resource being acted upon. 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.ip,ip,extended,array,,IP address assigned to the resource associated with the event being observed. +8.8.0-dev+exp,true,orchestrator,orchestrator.resource.label,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of labels added to the resource. 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.name,keyword,extended,,test-pod-cdcws,Name of the resource being acted upon. 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.parent.type,keyword,extended,,DaemonSet,Type or kind of the parent resource associated with the event being observed. 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.type,keyword,extended,,service,Type of resource being acted upon. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index bff6b1f9b..002e97e7e 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -7379,6 +7379,18 @@ orchestrator.organization: normalize: [] short: Organization affected by the event (for multi-tenant orchestrator setups). type: keyword +orchestrator.resource.annotation: + dashed_name: orchestrator-resource-annotation + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.annotation + ignore_above: 1024 + level: extended + name: resource.annotation + normalize: + - array + short: The list of annotations added to the resource. + type: keyword orchestrator.resource.id: dashed_name: orchestrator-resource-id description: Unique ID of the resource being acted upon. @@ -7401,6 +7413,18 @@ orchestrator.resource.ip: - array short: IP address assigned to the resource associated with the event being observed. type: ip +orchestrator.resource.label: + dashed_name: orchestrator-resource-label + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.label + ignore_above: 1024 + level: extended + name: resource.label + normalize: + - array + short: The list of labels added to the resource. + type: keyword orchestrator.resource.name: dashed_name: orchestrator-resource-name description: Name of the resource being acted upon. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index ac4d22cc3..48c9f2425 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -9144,6 +9144,18 @@ orchestrator: normalize: [] short: Organization affected by the event (for multi-tenant orchestrator setups). type: keyword + orchestrator.resource.annotation: + dashed_name: orchestrator-resource-annotation + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.annotation + ignore_above: 1024 + level: extended + name: resource.annotation + normalize: + - array + short: The list of annotations added to the resource. + type: keyword orchestrator.resource.id: dashed_name: orchestrator-resource-id description: Unique ID of the resource being acted upon. @@ -9167,6 +9179,18 @@ orchestrator: - array short: IP address assigned to the resource associated with the event being observed. type: ip + orchestrator.resource.label: + dashed_name: orchestrator-resource-label + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.label + ignore_above: 1024 + level: extended + name: resource.label + normalize: + - array + short: The list of labels added to the resource. + type: keyword orchestrator.resource.name: dashed_name: orchestrator-resource-name description: Name of the resource being acted upon. diff --git a/experimental/generated/elasticsearch/composable/component/orchestrator.json b/experimental/generated/elasticsearch/composable/component/orchestrator.json index 60bdac6c7..1dd799d11 100644 --- a/experimental/generated/elasticsearch/composable/component/orchestrator.json +++ b/experimental/generated/elasticsearch/composable/component/orchestrator.json @@ -42,6 +42,10 @@ }, "resource": { "properties": { + "annotation": { + "ignore_above": 1024, + "type": "keyword" + }, "id": { "ignore_above": 1024, "type": "keyword" @@ -49,6 +53,10 @@ "ip": { "type": "ip" }, + "label": { + "ignore_above": 1024, + "type": "keyword" + }, "name": { "ignore_above": 1024, "type": "keyword" diff --git a/experimental/generated/elasticsearch/legacy/template.json b/experimental/generated/elasticsearch/legacy/template.json index 77464c383..58adc38e8 100644 --- a/experimental/generated/elasticsearch/legacy/template.json +++ b/experimental/generated/elasticsearch/legacy/template.json @@ -2611,6 +2611,10 @@ }, "resource": { "properties": { + "annotation": { + "ignore_above": 1024, + "type": "keyword" + }, "id": { "ignore_above": 1024, "type": "keyword" @@ -2618,6 +2622,10 @@ "ip": { "type": "ip" }, + "label": { + "ignore_above": 1024, + "type": "keyword" + }, "name": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 4c977c8c3..0392627ef 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -5129,6 +5129,13 @@ setups). example: elastic default_field: false + - name: resource.annotation + level: extended + type: keyword + ignore_above: 1024 + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + default_field: false - name: resource.id level: extended type: keyword @@ -5143,6 +5150,13 @@ only one element: the IP of the Pod (as opposed to the Node on which the Pod is running).' default_field: false + - name: resource.label + level: extended + type: keyword + ignore_above: 1024 + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + default_field: false - name: resource.name level: extended type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index 52d2ced1d..aeb22eba8 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -552,8 +552,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.8.0-dev,true,orchestrator,orchestrator.cluster.version,keyword,extended,,,The version of the cluster. 8.8.0-dev,true,orchestrator,orchestrator.namespace,keyword,extended,,kube-system,Namespace in which the action is taking place. 8.8.0-dev,true,orchestrator,orchestrator.organization,keyword,extended,,elastic,Organization affected by the event (for multi-tenant orchestrator setups). +8.8.0-dev,true,orchestrator,orchestrator.resource.annotation,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of annotations added to the resource. 8.8.0-dev,true,orchestrator,orchestrator.resource.id,keyword,extended,,,Unique ID of the resource being acted upon. 8.8.0-dev,true,orchestrator,orchestrator.resource.ip,ip,extended,array,,IP address assigned to the resource associated with the event being observed. +8.8.0-dev,true,orchestrator,orchestrator.resource.label,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of labels added to the resource. 8.8.0-dev,true,orchestrator,orchestrator.resource.name,keyword,extended,,test-pod-cdcws,Name of the resource being acted upon. 8.8.0-dev,true,orchestrator,orchestrator.resource.parent.type,keyword,extended,,DaemonSet,Type or kind of the parent resource associated with the event being observed. 8.8.0-dev,true,orchestrator,orchestrator.resource.type,keyword,extended,,service,Type of resource being acted upon. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 250705106..457121893 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -7310,6 +7310,18 @@ orchestrator.organization: normalize: [] short: Organization affected by the event (for multi-tenant orchestrator setups). type: keyword +orchestrator.resource.annotation: + dashed_name: orchestrator-resource-annotation + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.annotation + ignore_above: 1024 + level: extended + name: resource.annotation + normalize: + - array + short: The list of annotations added to the resource. + type: keyword orchestrator.resource.id: dashed_name: orchestrator-resource-id description: Unique ID of the resource being acted upon. @@ -7332,6 +7344,18 @@ orchestrator.resource.ip: - array short: IP address assigned to the resource associated with the event being observed. type: ip +orchestrator.resource.label: + dashed_name: orchestrator-resource-label + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.label + ignore_above: 1024 + level: extended + name: resource.label + normalize: + - array + short: The list of labels added to the resource. + type: keyword orchestrator.resource.name: dashed_name: orchestrator-resource-name description: Name of the resource being acted upon. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 14aebf51d..d0604767b 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -9064,6 +9064,18 @@ orchestrator: normalize: [] short: Organization affected by the event (for multi-tenant orchestrator setups). type: keyword + orchestrator.resource.annotation: + dashed_name: orchestrator-resource-annotation + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.annotation + ignore_above: 1024 + level: extended + name: resource.annotation + normalize: + - array + short: The list of annotations added to the resource. + type: keyword orchestrator.resource.id: dashed_name: orchestrator-resource-id description: Unique ID of the resource being acted upon. @@ -9087,6 +9099,18 @@ orchestrator: - array short: IP address assigned to the resource associated with the event being observed. type: ip + orchestrator.resource.label: + dashed_name: orchestrator-resource-label + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.label + ignore_above: 1024 + level: extended + name: resource.label + normalize: + - array + short: The list of labels added to the resource. + type: keyword orchestrator.resource.name: dashed_name: orchestrator-resource-name description: Name of the resource being acted upon. diff --git a/generated/elasticsearch/composable/component/orchestrator.json b/generated/elasticsearch/composable/component/orchestrator.json index ed20a55b2..c0b4f34f6 100644 --- a/generated/elasticsearch/composable/component/orchestrator.json +++ b/generated/elasticsearch/composable/component/orchestrator.json @@ -42,6 +42,10 @@ }, "resource": { "properties": { + "annotation": { + "ignore_above": 1024, + "type": "keyword" + }, "id": { "ignore_above": 1024, "type": "keyword" @@ -49,6 +53,10 @@ "ip": { "type": "ip" }, + "label": { + "ignore_above": 1024, + "type": "keyword" + }, "name": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/legacy/template.json b/generated/elasticsearch/legacy/template.json index a196ba4b7..ce9983e12 100644 --- a/generated/elasticsearch/legacy/template.json +++ b/generated/elasticsearch/legacy/template.json @@ -2569,6 +2569,10 @@ }, "resource": { "properties": { + "annotation": { + "ignore_above": 1024, + "type": "keyword" + }, "id": { "ignore_above": 1024, "type": "keyword" @@ -2576,6 +2580,10 @@ "ip": { "type": "ip" }, + "label": { + "ignore_above": 1024, + "type": "keyword" + }, "name": { "ignore_above": 1024, "type": "keyword" diff --git a/schemas/orchestrator.yml b/schemas/orchestrator.yml index f73f858a2..fa7fda91f 100644 --- a/schemas/orchestrator.yml +++ b/schemas/orchestrator.yml @@ -34,7 +34,7 @@ level: extended type: keyword description: > - Unique ID of the cluster. + Unique ID of the cluster. - name: cluster.url level: extended @@ -69,6 +69,24 @@ description: > Namespace in which the action is taking place. + - name: resource.annotation + level: extended + type: keyword + example: "['key1:value1', 'key2:value2', 'key3:value3']" + description: > + The list of annotations added to the resource. + normalize: + - array + + - name: resource.label + level: extended + type: keyword + example: "['key1:value1', 'key2:value2', 'key3:value3']" + description: > + The list of labels added to the resource. + normalize: + - array + - name: resource.name level: extended type: keyword @@ -106,7 +124,7 @@ level: extended type: keyword description: > - Unique ID of the resource being acted upon. + Unique ID of the resource being acted upon. - name: api_version level: extended