From c21fa7ce1fcbf8e53f21a02ac694bc9a72039db5 Mon Sep 17 00:00:00 2001 From: Karl Godard Date: Wed, 22 Mar 2023 20:03:44 +0000 Subject: [PATCH 1/2] new fields added to orchestrator fieldset --- schemas/orchestrator.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/schemas/orchestrator.yml b/schemas/orchestrator.yml index f73f858a25..067449524a 100644 --- a/schemas/orchestrator.yml +++ b/schemas/orchestrator.yml @@ -34,7 +34,7 @@ level: extended type: keyword description: > - Unique ID of the cluster. + Unique ID of the cluster. - name: cluster.url level: extended @@ -69,6 +69,20 @@ description: > Namespace in which the action is taking place. + - name: resource.annotation + level: extended + type: keyword + example: ['key1:value1', 'key2:value2', 'key3:value3'] + description: > + The list of annotations added to the resource. + + - name: resource.label + level: extended + type: keyword + example: ['key1:value1', 'key2:value2', 'key3:value3'] + description: > + The list of labels added to the resource. + - name: resource.name level: extended type: keyword @@ -106,7 +120,7 @@ level: extended type: keyword description: > - Unique ID of the resource being acted upon. + Unique ID of the resource being acted upon. - name: api_version level: extended From 711a26a99b0206fd0b9a1d5a0e30263845d87d0e Mon Sep 17 00:00:00 2001 From: Karl Godard Date: Wed, 22 Mar 2023 13:07:46 -0700 Subject: [PATCH 2/2] build artifacts --- docs/fields/field-details.asciidoc | 38 +++++++++++++++++++ experimental/generated/beats/fields.ecs.yml | 14 +++++++ experimental/generated/csv/fields.csv | 2 + experimental/generated/ecs/ecs_flat.yml | 24 ++++++++++++ experimental/generated/ecs/ecs_nested.yml | 24 ++++++++++++ .../composable/component/orchestrator.json | 8 ++++ .../elasticsearch/legacy/template.json | 8 ++++ generated/beats/fields.ecs.yml | 14 +++++++ generated/csv/fields.csv | 2 + generated/ecs/ecs_flat.yml | 24 ++++++++++++ generated/ecs/ecs_nested.yml | 24 ++++++++++++ .../composable/component/orchestrator.json | 8 ++++ generated/elasticsearch/legacy/template.json | 8 ++++ schemas/orchestrator.yml | 8 +++- 14 files changed, 204 insertions(+), 2 deletions(-) diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc index 4efa309cf4..2af4dbe74b 100644 --- a/docs/fields/field-details.asciidoc +++ b/docs/fields/field-details.asciidoc @@ -6957,6 +6957,25 @@ example: `elastic` // =============================================================== +| +[[field-orchestrator-resource-annotation]] +<> + +a| The list of annotations added to the resource. + +type: keyword + + +Note: this field should contain an array of values. + + + +example: `['key1:value1', 'key2:value2', 'key3:value3']` + +| extended + +// =============================================================== + | [[field-orchestrator-resource-id]] <> @@ -6988,6 +7007,25 @@ Note: this field should contain an array of values. +| extended + +// =============================================================== + +| +[[field-orchestrator-resource-label]] +<> + +a| The list of labels added to the resource. + +type: keyword + + +Note: this field should contain an array of values. + + + +example: `['key1:value1', 'key2:value2', 'key3:value3']` + | extended // =============================================================== diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 6d567340b7..6e902323ca 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -5179,6 +5179,13 @@ setups). example: elastic default_field: false + - name: resource.annotation + level: extended + type: keyword + ignore_above: 1024 + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + default_field: false - name: resource.id level: extended type: keyword @@ -5193,6 +5200,13 @@ only one element: the IP of the Pod (as opposed to the Node on which the Pod is running).' default_field: false + - name: resource.label + level: extended + type: keyword + ignore_above: 1024 + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + default_field: false - name: resource.name level: extended type: keyword diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index e9e979dd47..334e732da5 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -559,8 +559,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.8.0-dev+exp,true,orchestrator,orchestrator.cluster.version,keyword,extended,,,The version of the cluster. 8.8.0-dev+exp,true,orchestrator,orchestrator.namespace,keyword,extended,,kube-system,Namespace in which the action is taking place. 8.8.0-dev+exp,true,orchestrator,orchestrator.organization,keyword,extended,,elastic,Organization affected by the event (for multi-tenant orchestrator setups). +8.8.0-dev+exp,true,orchestrator,orchestrator.resource.annotation,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of annotations added to the resource. 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.id,keyword,extended,,,Unique ID of the resource being acted upon. 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.ip,ip,extended,array,,IP address assigned to the resource associated with the event being observed. +8.8.0-dev+exp,true,orchestrator,orchestrator.resource.label,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of labels added to the resource. 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.name,keyword,extended,,test-pod-cdcws,Name of the resource being acted upon. 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.parent.type,keyword,extended,,DaemonSet,Type or kind of the parent resource associated with the event being observed. 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.type,keyword,extended,,service,Type of resource being acted upon. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 1c7b03bb28..e7cf3dc0fb 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -7363,6 +7363,18 @@ orchestrator.organization: normalize: [] short: Organization affected by the event (for multi-tenant orchestrator setups). type: keyword +orchestrator.resource.annotation: + dashed_name: orchestrator-resource-annotation + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.annotation + ignore_above: 1024 + level: extended + name: resource.annotation + normalize: + - array + short: The list of annotations added to the resource. + type: keyword orchestrator.resource.id: dashed_name: orchestrator-resource-id description: Unique ID of the resource being acted upon. @@ -7385,6 +7397,18 @@ orchestrator.resource.ip: - array short: IP address assigned to the resource associated with the event being observed. type: ip +orchestrator.resource.label: + dashed_name: orchestrator-resource-label + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.label + ignore_above: 1024 + level: extended + name: resource.label + normalize: + - array + short: The list of labels added to the resource. + type: keyword orchestrator.resource.name: dashed_name: orchestrator-resource-name description: Name of the resource being acted upon. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 444e2d1493..1c6652a978 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -9128,6 +9128,18 @@ orchestrator: normalize: [] short: Organization affected by the event (for multi-tenant orchestrator setups). type: keyword + orchestrator.resource.annotation: + dashed_name: orchestrator-resource-annotation + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.annotation + ignore_above: 1024 + level: extended + name: resource.annotation + normalize: + - array + short: The list of annotations added to the resource. + type: keyword orchestrator.resource.id: dashed_name: orchestrator-resource-id description: Unique ID of the resource being acted upon. @@ -9151,6 +9163,18 @@ orchestrator: - array short: IP address assigned to the resource associated with the event being observed. type: ip + orchestrator.resource.label: + dashed_name: orchestrator-resource-label + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.label + ignore_above: 1024 + level: extended + name: resource.label + normalize: + - array + short: The list of labels added to the resource. + type: keyword orchestrator.resource.name: dashed_name: orchestrator-resource-name description: Name of the resource being acted upon. diff --git a/experimental/generated/elasticsearch/composable/component/orchestrator.json b/experimental/generated/elasticsearch/composable/component/orchestrator.json index 60bdac6c72..1dd799d11c 100644 --- a/experimental/generated/elasticsearch/composable/component/orchestrator.json +++ b/experimental/generated/elasticsearch/composable/component/orchestrator.json @@ -42,6 +42,10 @@ }, "resource": { "properties": { + "annotation": { + "ignore_above": 1024, + "type": "keyword" + }, "id": { "ignore_above": 1024, "type": "keyword" @@ -49,6 +53,10 @@ "ip": { "type": "ip" }, + "label": { + "ignore_above": 1024, + "type": "keyword" + }, "name": { "ignore_above": 1024, "type": "keyword" diff --git a/experimental/generated/elasticsearch/legacy/template.json b/experimental/generated/elasticsearch/legacy/template.json index 77464c3831..58adc38e85 100644 --- a/experimental/generated/elasticsearch/legacy/template.json +++ b/experimental/generated/elasticsearch/legacy/template.json @@ -2611,6 +2611,10 @@ }, "resource": { "properties": { + "annotation": { + "ignore_above": 1024, + "type": "keyword" + }, "id": { "ignore_above": 1024, "type": "keyword" @@ -2618,6 +2622,10 @@ "ip": { "type": "ip" }, + "label": { + "ignore_above": 1024, + "type": "keyword" + }, "name": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 4c977c8c3a..0392627efa 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -5129,6 +5129,13 @@ setups). example: elastic default_field: false + - name: resource.annotation + level: extended + type: keyword + ignore_above: 1024 + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + default_field: false - name: resource.id level: extended type: keyword @@ -5143,6 +5150,13 @@ only one element: the IP of the Pod (as opposed to the Node on which the Pod is running).' default_field: false + - name: resource.label + level: extended + type: keyword + ignore_above: 1024 + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + default_field: false - name: resource.name level: extended type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index 52d2ced1df..aeb22eba81 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -552,8 +552,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 8.8.0-dev,true,orchestrator,orchestrator.cluster.version,keyword,extended,,,The version of the cluster. 8.8.0-dev,true,orchestrator,orchestrator.namespace,keyword,extended,,kube-system,Namespace in which the action is taking place. 8.8.0-dev,true,orchestrator,orchestrator.organization,keyword,extended,,elastic,Organization affected by the event (for multi-tenant orchestrator setups). +8.8.0-dev,true,orchestrator,orchestrator.resource.annotation,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of annotations added to the resource. 8.8.0-dev,true,orchestrator,orchestrator.resource.id,keyword,extended,,,Unique ID of the resource being acted upon. 8.8.0-dev,true,orchestrator,orchestrator.resource.ip,ip,extended,array,,IP address assigned to the resource associated with the event being observed. +8.8.0-dev,true,orchestrator,orchestrator.resource.label,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of labels added to the resource. 8.8.0-dev,true,orchestrator,orchestrator.resource.name,keyword,extended,,test-pod-cdcws,Name of the resource being acted upon. 8.8.0-dev,true,orchestrator,orchestrator.resource.parent.type,keyword,extended,,DaemonSet,Type or kind of the parent resource associated with the event being observed. 8.8.0-dev,true,orchestrator,orchestrator.resource.type,keyword,extended,,service,Type of resource being acted upon. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 41eeb653e9..01b08c8d1c 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -7294,6 +7294,18 @@ orchestrator.organization: normalize: [] short: Organization affected by the event (for multi-tenant orchestrator setups). type: keyword +orchestrator.resource.annotation: + dashed_name: orchestrator-resource-annotation + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.annotation + ignore_above: 1024 + level: extended + name: resource.annotation + normalize: + - array + short: The list of annotations added to the resource. + type: keyword orchestrator.resource.id: dashed_name: orchestrator-resource-id description: Unique ID of the resource being acted upon. @@ -7316,6 +7328,18 @@ orchestrator.resource.ip: - array short: IP address assigned to the resource associated with the event being observed. type: ip +orchestrator.resource.label: + dashed_name: orchestrator-resource-label + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.label + ignore_above: 1024 + level: extended + name: resource.label + normalize: + - array + short: The list of labels added to the resource. + type: keyword orchestrator.resource.name: dashed_name: orchestrator-resource-name description: Name of the resource being acted upon. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 4d9a65a010..2cf474957d 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -9048,6 +9048,18 @@ orchestrator: normalize: [] short: Organization affected by the event (for multi-tenant orchestrator setups). type: keyword + orchestrator.resource.annotation: + dashed_name: orchestrator-resource-annotation + description: The list of annotations added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.annotation + ignore_above: 1024 + level: extended + name: resource.annotation + normalize: + - array + short: The list of annotations added to the resource. + type: keyword orchestrator.resource.id: dashed_name: orchestrator-resource-id description: Unique ID of the resource being acted upon. @@ -9071,6 +9083,18 @@ orchestrator: - array short: IP address assigned to the resource associated with the event being observed. type: ip + orchestrator.resource.label: + dashed_name: orchestrator-resource-label + description: The list of labels added to the resource. + example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']' + flat_name: orchestrator.resource.label + ignore_above: 1024 + level: extended + name: resource.label + normalize: + - array + short: The list of labels added to the resource. + type: keyword orchestrator.resource.name: dashed_name: orchestrator-resource-name description: Name of the resource being acted upon. diff --git a/generated/elasticsearch/composable/component/orchestrator.json b/generated/elasticsearch/composable/component/orchestrator.json index ed20a55b2f..c0b4f34f6a 100644 --- a/generated/elasticsearch/composable/component/orchestrator.json +++ b/generated/elasticsearch/composable/component/orchestrator.json @@ -42,6 +42,10 @@ }, "resource": { "properties": { + "annotation": { + "ignore_above": 1024, + "type": "keyword" + }, "id": { "ignore_above": 1024, "type": "keyword" @@ -49,6 +53,10 @@ "ip": { "type": "ip" }, + "label": { + "ignore_above": 1024, + "type": "keyword" + }, "name": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/legacy/template.json b/generated/elasticsearch/legacy/template.json index a196ba4b76..ce9983e12d 100644 --- a/generated/elasticsearch/legacy/template.json +++ b/generated/elasticsearch/legacy/template.json @@ -2569,6 +2569,10 @@ }, "resource": { "properties": { + "annotation": { + "ignore_above": 1024, + "type": "keyword" + }, "id": { "ignore_above": 1024, "type": "keyword" @@ -2576,6 +2580,10 @@ "ip": { "type": "ip" }, + "label": { + "ignore_above": 1024, + "type": "keyword" + }, "name": { "ignore_above": 1024, "type": "keyword" diff --git a/schemas/orchestrator.yml b/schemas/orchestrator.yml index 067449524a..fa7fda91f5 100644 --- a/schemas/orchestrator.yml +++ b/schemas/orchestrator.yml @@ -72,16 +72,20 @@ - name: resource.annotation level: extended type: keyword - example: ['key1:value1', 'key2:value2', 'key3:value3'] + example: "['key1:value1', 'key2:value2', 'key3:value3']" description: > The list of annotations added to the resource. + normalize: + - array - name: resource.label level: extended type: keyword - example: ['key1:value1', 'key2:value2', 'key3:value3'] + example: "['key1:value1', 'key2:value2', 'key3:value3']" description: > The list of labels added to the resource. + normalize: + - array - name: resource.name level: extended