diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc index f47e1dfa9..09f85d074 100644 --- a/docs/fields/field-details.asciidoc +++ b/docs/fields/field-details.asciidoc @@ -6941,6 +6941,25 @@ example: `elastic` // =============================================================== +| +[[field-orchestrator-resource-annotation]] +<> + +a| The list of annotations added to the resource. + +type: keyword + + +Note: this field should contain an array of values. + + + +example: `['key1:value1', 'key2:value2', 'key3:value3']` + +| extended + +// =============================================================== + | [[field-orchestrator-resource-id]] <> @@ -6972,6 +6991,25 @@ Note: this field should contain an array of values. +| extended + +// =============================================================== + +| +[[field-orchestrator-resource-label]] +<> + +a| The list of labels added to the resource. + +type: keyword + + +Note: this field should contain an array of values. + + + +example: `['key1:value1', 'key2:value2', 'key3:value3']` + | extended // =============================================================== diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index d8a4d71a9..0447763b8 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -5174,6 +5174,13 @@ setups). example: elastic default_field: false + - name: resource.annotation + level: extended + type: keyword + ignore_above: 1024 + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + default_field: false - name: resource.id level: extended type: keyword @@ -5188,6 +5195,13 @@ only one element: the IP of the Pod (as opposed to the Node on which the Pod is running).' default_field: false + - name: resource.label + level: extended + type: keyword + ignore_above: 1024 + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + default_field: false - name: resource.name level: extended type: keyword diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index 9714e055d..404dd4182 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -558,8 +558,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.9.0-dev+exp,true,orchestrator,orchestrator.cluster.version,keyword,extended,,,The version of the cluster. 8.9.0-dev+exp,true,orchestrator,orchestrator.namespace,keyword,extended,,kube-system,Namespace in which the action is taking place. 8.9.0-dev+exp,true,orchestrator,orchestrator.organization,keyword,extended,,elastic,Organization affected by the event (for multi-tenant orchestrator setups). +8.9.0-dev+exp,true,orchestrator,orchestrator.resource.annotation,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of annotations added to the resource. 8.9.0-dev+exp,true,orchestrator,orchestrator.resource.id,keyword,extended,,,Unique ID of the resource being acted upon. 8.9.0-dev+exp,true,orchestrator,orchestrator.resource.ip,ip,extended,array,,IP address assigned to the resource associated with the event being observed. +8.9.0-dev+exp,true,orchestrator,orchestrator.resource.label,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of labels added to the resource. 8.9.0-dev+exp,true,orchestrator,orchestrator.resource.name,keyword,extended,,test-pod-cdcws,Name of the resource being acted upon. 8.9.0-dev+exp,true,orchestrator,orchestrator.resource.parent.type,keyword,extended,,DaemonSet,Type or kind of the parent resource associated with the event being observed. 8.9.0-dev+exp,true,orchestrator,orchestrator.resource.type,keyword,extended,,service,Type of resource being acted upon. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 70131bf08..46e388afd 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -7370,6 +7370,18 @@ orchestrator.organization: normalize: [] short: Organization affected by the event (for multi-tenant orchestrator setups). type: keyword +orchestrator.resource.annotation: + dashed_name: orchestrator-resource-annotation + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.annotation + ignore_above: 1024 + level: extended + name: resource.annotation + normalize: + - array + short: The list of annotations added to the resource. + type: keyword orchestrator.resource.id: dashed_name: orchestrator-resource-id description: Unique ID of the resource being acted upon. @@ -7392,6 +7404,18 @@ orchestrator.resource.ip: - array short: IP address assigned to the resource associated with the event being observed. type: ip +orchestrator.resource.label: + dashed_name: orchestrator-resource-label + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.label + ignore_above: 1024 + level: extended + name: resource.label + normalize: + - array + short: The list of labels added to the resource. + type: keyword orchestrator.resource.name: dashed_name: orchestrator-resource-name description: Name of the resource being acted upon. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 1ea077fd5..aa57d41b7 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -9135,6 +9135,18 @@ orchestrator: normalize: [] short: Organization affected by the event (for multi-tenant orchestrator setups). type: keyword + orchestrator.resource.annotation: + dashed_name: orchestrator-resource-annotation + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.annotation + ignore_above: 1024 + level: extended + name: resource.annotation + normalize: + - array + short: The list of annotations added to the resource. + type: keyword orchestrator.resource.id: dashed_name: orchestrator-resource-id description: Unique ID of the resource being acted upon. @@ -9158,6 +9170,18 @@ orchestrator: - array short: IP address assigned to the resource associated with the event being observed. type: ip + orchestrator.resource.label: + dashed_name: orchestrator-resource-label + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.label + ignore_above: 1024 + level: extended + name: resource.label + normalize: + - array + short: The list of labels added to the resource. + type: keyword orchestrator.resource.name: dashed_name: orchestrator-resource-name description: Name of the resource being acted upon. diff --git a/experimental/generated/elasticsearch/composable/component/orchestrator.json b/experimental/generated/elasticsearch/composable/component/orchestrator.json index d4a15c945..ae8295a66 100644 --- a/experimental/generated/elasticsearch/composable/component/orchestrator.json +++ b/experimental/generated/elasticsearch/composable/component/orchestrator.json @@ -42,6 +42,10 @@ }, "resource": { "properties": { + "annotation": { + "ignore_above": 1024, + "type": "keyword" + }, "id": { "ignore_above": 1024, "type": "keyword" @@ -49,6 +53,10 @@ "ip": { "type": "ip" }, + "label": { + "ignore_above": 1024, + "type": "keyword" + }, "name": { "ignore_above": 1024, "type": "keyword" diff --git a/experimental/generated/elasticsearch/legacy/template.json b/experimental/generated/elasticsearch/legacy/template.json index 4f9ddc299..d4e3f9c87 100644 --- a/experimental/generated/elasticsearch/legacy/template.json +++ b/experimental/generated/elasticsearch/legacy/template.json @@ -2610,6 +2610,10 @@ }, "resource": { "properties": { + "annotation": { + "ignore_above": 1024, + "type": "keyword" + }, "id": { "ignore_above": 1024, "type": "keyword" @@ -2617,6 +2621,10 @@ "ip": { "type": "ip" }, + "label": { + "ignore_above": 1024, + "type": "keyword" + }, "name": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 6de87167c..cb1149a64 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -5124,6 +5124,13 @@ setups). example: elastic default_field: false + - name: resource.annotation + level: extended + type: keyword + ignore_above: 1024 + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + default_field: false - name: resource.id level: extended type: keyword @@ -5138,6 +5145,13 @@ only one element: the IP of the Pod (as opposed to the Node on which the Pod is running).' default_field: false + - name: resource.label + level: extended + type: keyword + ignore_above: 1024 + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + default_field: false - name: resource.name level: extended type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index fb03a1583..daa2f8079 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -551,8 +551,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.9.0-dev,true,orchestrator,orchestrator.cluster.version,keyword,extended,,,The version of the cluster. 8.9.0-dev,true,orchestrator,orchestrator.namespace,keyword,extended,,kube-system,Namespace in which the action is taking place. 8.9.0-dev,true,orchestrator,orchestrator.organization,keyword,extended,,elastic,Organization affected by the event (for multi-tenant orchestrator setups). +8.9.0-dev,true,orchestrator,orchestrator.resource.annotation,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of annotations added to the resource. 8.9.0-dev,true,orchestrator,orchestrator.resource.id,keyword,extended,,,Unique ID of the resource being acted upon. 8.9.0-dev,true,orchestrator,orchestrator.resource.ip,ip,extended,array,,IP address assigned to the resource associated with the event being observed. +8.9.0-dev,true,orchestrator,orchestrator.resource.label,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of labels added to the resource. 8.9.0-dev,true,orchestrator,orchestrator.resource.name,keyword,extended,,test-pod-cdcws,Name of the resource being acted upon. 8.9.0-dev,true,orchestrator,orchestrator.resource.parent.type,keyword,extended,,DaemonSet,Type or kind of the parent resource associated with the event being observed. 8.9.0-dev,true,orchestrator,orchestrator.resource.type,keyword,extended,,service,Type of resource being acted upon. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 62613614d..2a758da05 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -7301,6 +7301,18 @@ orchestrator.organization: normalize: [] short: Organization affected by the event (for multi-tenant orchestrator setups). type: keyword +orchestrator.resource.annotation: + dashed_name: orchestrator-resource-annotation + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.annotation + ignore_above: 1024 + level: extended + name: resource.annotation + normalize: + - array + short: The list of annotations added to the resource. + type: keyword orchestrator.resource.id: dashed_name: orchestrator-resource-id description: Unique ID of the resource being acted upon. @@ -7323,6 +7335,18 @@ orchestrator.resource.ip: - array short: IP address assigned to the resource associated with the event being observed. type: ip +orchestrator.resource.label: + dashed_name: orchestrator-resource-label + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.label + ignore_above: 1024 + level: extended + name: resource.label + normalize: + - array + short: The list of labels added to the resource. + type: keyword orchestrator.resource.name: dashed_name: orchestrator-resource-name description: Name of the resource being acted upon. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 8f48efac7..58939dd61 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -9055,6 +9055,18 @@ orchestrator: normalize: [] short: Organization affected by the event (for multi-tenant orchestrator setups). type: keyword + orchestrator.resource.annotation: + dashed_name: orchestrator-resource-annotation + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.annotation + ignore_above: 1024 + level: extended + name: resource.annotation + normalize: + - array + short: The list of annotations added to the resource. + type: keyword orchestrator.resource.id: dashed_name: orchestrator-resource-id description: Unique ID of the resource being acted upon. @@ -9078,6 +9090,18 @@ orchestrator: - array short: IP address assigned to the resource associated with the event being observed. type: ip + orchestrator.resource.label: + dashed_name: orchestrator-resource-label + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.label + ignore_above: 1024 + level: extended + name: resource.label + normalize: + - array + short: The list of labels added to the resource. + type: keyword orchestrator.resource.name: dashed_name: orchestrator-resource-name description: Name of the resource being acted upon. diff --git a/generated/elasticsearch/composable/component/orchestrator.json b/generated/elasticsearch/composable/component/orchestrator.json index 971f15131..8839f4f45 100644 --- a/generated/elasticsearch/composable/component/orchestrator.json +++ b/generated/elasticsearch/composable/component/orchestrator.json @@ -42,6 +42,10 @@ }, "resource": { "properties": { + "annotation": { + "ignore_above": 1024, + "type": "keyword" + }, "id": { "ignore_above": 1024, "type": "keyword" @@ -49,6 +53,10 @@ "ip": { "type": "ip" }, + "label": { + "ignore_above": 1024, + "type": "keyword" + }, "name": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/legacy/template.json b/generated/elasticsearch/legacy/template.json index 0731842c8..669b8094e 100644 --- a/generated/elasticsearch/legacy/template.json +++ b/generated/elasticsearch/legacy/template.json @@ -2568,6 +2568,10 @@ }, "resource": { "properties": { + "annotation": { + "ignore_above": 1024, + "type": "keyword" + }, "id": { "ignore_above": 1024, "type": "keyword" @@ -2575,6 +2579,10 @@ "ip": { "type": "ip" }, + "label": { + "ignore_above": 1024, + "type": "keyword" + }, "name": { "ignore_above": 1024, "type": "keyword" diff --git a/schemas/orchestrator.yml b/schemas/orchestrator.yml index f73f858a2..fa7fda91f 100644 --- a/schemas/orchestrator.yml +++ b/schemas/orchestrator.yml @@ -34,7 +34,7 @@ level: extended type: keyword description: > - Unique ID of the cluster. + Unique ID of the cluster. - name: cluster.url level: extended @@ -69,6 +69,24 @@ description: > Namespace in which the action is taking place. + - name: resource.annotation + level: extended + type: keyword + example: "['key1:value1', 'key2:value2', 'key3:value3']" + description: > + The list of annotations added to the resource. + normalize: + - array + + - name: resource.label + level: extended + type: keyword + example: "['key1:value1', 'key2:value2', 'key3:value3']" + description: > + The list of labels added to the resource. + normalize: + - array + - name: resource.name level: extended type: keyword @@ -106,7 +124,7 @@ level: extended type: keyword description: > - Unique ID of the resource being acted upon. + Unique ID of the resource being acted upon. - name: api_version level: extended