From 36ebb017da9592b95db15482a7b35799c0cfd134 Mon Sep 17 00:00:00 2001 From: Eric Beahan Date: Thu, 14 Jan 2021 10:34:51 -0600 Subject: [PATCH] [1.x] add cloud.service.name (#1204) (#1224) * add cloud.platform * expand cloud.platform description * move to cloud.service.name Co-authored-by: Gil Raphaelli --- CHANGELOG.next.md | 1 + code/go/ecs/cloud.go | 6 ++++++ docs/field-details.asciidoc | 18 ++++++++++++++++++ experimental/generated/beats/fields.ecs.yml | 11 +++++++++++ experimental/generated/csv/fields.csv | 1 + experimental/generated/ecs/ecs_flat.yml | 15 +++++++++++++++ experimental/generated/ecs/ecs_nested.yml | 15 +++++++++++++++ .../generated/elasticsearch/7/template.json | 8 ++++++++ .../elasticsearch/component/cloud.json | 8 ++++++++ generated/beats/fields.ecs.yml | 11 +++++++++++ generated/csv/fields.csv | 1 + generated/ecs/ecs_flat.yml | 15 +++++++++++++++ generated/ecs/ecs_nested.yml | 15 +++++++++++++++ generated/elasticsearch/6/template.json | 8 ++++++++ generated/elasticsearch/7/template.json | 8 ++++++++ generated/elasticsearch/component/cloud.json | 8 ++++++++ schemas/cloud.yml | 12 ++++++++++++ 17 files changed, 161 insertions(+) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index ca70e28078..7abb10dbfb 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -18,6 +18,7 @@ Thanks, you're awesome :-) --> #### Added * Added `http.request.id`. #1208 +* Added `cloud.service.name`. #1204 #### Improvements diff --git a/code/go/ecs/cloud.go b/code/go/ecs/cloud.go index 630e0c6fce..13b7ff551a 100644 --- a/code/go/ecs/cloud.go +++ b/code/go/ecs/cloud.go @@ -51,6 +51,12 @@ type Cloud struct { // Examples: AWS account name, Google Cloud ORG display name. AccountName string `ecs:"account.name"` + // The cloud service name is intended to distinguish services running on + // different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs + // App Engine, Azure VM vs App Server. + // Examples: app engine, app service, cloud run, fargate, lambda. + ServiceName string `ecs:"service.name"` + // The cloud project identifier. // Examples: Google Cloud Project id, Azure Project id. ProjectID string `ecs:"project.id"` diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index 1c24738341..eb72c4aa44 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -738,6 +738,24 @@ example: `us-east-1` // =============================================================== +| +[[field-cloud-service-name]] +<> + +| The cloud service name is intended to distinguish services running on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App Engine, Azure VM vs App Server. + +Examples: app engine, app service, cloud run, fargate, lambda. + +type: keyword + + + +example: `lambda` + +| extended + +// =============================================================== + |===== [[ecs-code_signature]] diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 501e0d801e..e687969bf8 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -476,6 +476,17 @@ ignore_above: 1024 description: Region in which this host is running. example: us-east-1 + - name: service.name + level: extended + type: keyword + ignore_above: 1024 + description: 'The cloud service name is intended to distinguish services running + on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs + App Engine, Azure VM vs App Server. + + Examples: app engine, app service, cloud run, fargate, lambda.' + example: lambda + default_field: false - name: code_signature title: Code Signature group: 2 diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index d7ce2df034..bb4d0bf393 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -54,6 +54,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 1.9.0-dev+exp,true,cloud,cloud.project.name,keyword,extended,,my project,The cloud project name. 1.9.0-dev+exp,true,cloud,cloud.provider,keyword,extended,,aws,Name of the cloud provider. 1.9.0-dev+exp,true,cloud,cloud.region,keyword,extended,,us-east-1,Region in which this host is running. +1.9.0-dev+exp,true,cloud,cloud.service.name,keyword,extended,,lambda,The cloud service name. 1.9.0-dev+exp,true,container,container.id,keyword,core,,,Unique container id. 1.9.0-dev+exp,true,container,container.image.name,keyword,extended,,,Name of the image the container was built on. 1.9.0-dev+exp,true,container,container.image.tag,keyword,extended,array,,Container image tags. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 25e79b4947..712c63c9a5 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -643,6 +643,21 @@ cloud.region: normalize: [] short: Region in which this host is running. type: keyword +cloud.service.name: + dashed_name: cloud-service-name + description: 'The cloud service name is intended to distinguish services running + on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App + Engine, Azure VM vs App Server. + + Examples: app engine, app service, cloud run, fargate, lambda.' + example: lambda + flat_name: cloud.service.name + ignore_above: 1024 + level: extended + name: service.name + normalize: [] + short: The cloud service name. + type: keyword container.id: dashed_name: container-id description: Unique container id. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index ef90a2bcd8..9016fe8641 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -814,6 +814,21 @@ cloud: normalize: [] short: Region in which this host is running. type: keyword + cloud.service.name: + dashed_name: cloud-service-name + description: 'The cloud service name is intended to distinguish services running + on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs + App Engine, Azure VM vs App Server. + + Examples: app engine, app service, cloud run, fargate, lambda.' + example: lambda + flat_name: cloud.service.name + ignore_above: 1024 + level: extended + name: service.name + normalize: [] + short: The cloud service name. + type: keyword footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running diff --git a/experimental/generated/elasticsearch/7/template.json b/experimental/generated/elasticsearch/7/template.json index 70ed2974d8..1582968a6f 100644 --- a/experimental/generated/elasticsearch/7/template.json +++ b/experimental/generated/elasticsearch/7/template.json @@ -269,6 +269,14 @@ "region": { "ignore_above": 1024, "type": "keyword" + }, + "service": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } } } }, diff --git a/experimental/generated/elasticsearch/component/cloud.json b/experimental/generated/elasticsearch/component/cloud.json index 52f33efb8c..b33d205acc 100644 --- a/experimental/generated/elasticsearch/component/cloud.json +++ b/experimental/generated/elasticsearch/component/cloud.json @@ -63,6 +63,14 @@ "region": { "ignore_above": 1024, "type": "keyword" + }, + "service": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } } } } diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index aca54a4756..d31d592579 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -476,6 +476,17 @@ ignore_above: 1024 description: Region in which this host is running. example: us-east-1 + - name: service.name + level: extended + type: keyword + ignore_above: 1024 + description: 'The cloud service name is intended to distinguish services running + on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs + App Engine, Azure VM vs App Server. + + Examples: app engine, app service, cloud run, fargate, lambda.' + example: lambda + default_field: false - name: code_signature title: Code Signature group: 2 diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index b6d222e2b4..0d13e795b4 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -54,6 +54,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 1.9.0-dev,true,cloud,cloud.project.name,keyword,extended,,my project,The cloud project name. 1.9.0-dev,true,cloud,cloud.provider,keyword,extended,,aws,Name of the cloud provider. 1.9.0-dev,true,cloud,cloud.region,keyword,extended,,us-east-1,Region in which this host is running. +1.9.0-dev,true,cloud,cloud.service.name,keyword,extended,,lambda,The cloud service name. 1.9.0-dev,true,container,container.id,keyword,core,,,Unique container id. 1.9.0-dev,true,container,container.image.name,keyword,extended,,,Name of the image the container was built on. 1.9.0-dev,true,container,container.image.tag,keyword,extended,array,,Container image tags. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index eed7fb34ad..73efa64c18 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -643,6 +643,21 @@ cloud.region: normalize: [] short: Region in which this host is running. type: keyword +cloud.service.name: + dashed_name: cloud-service-name + description: 'The cloud service name is intended to distinguish services running + on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App + Engine, Azure VM vs App Server. + + Examples: app engine, app service, cloud run, fargate, lambda.' + example: lambda + flat_name: cloud.service.name + ignore_above: 1024 + level: extended + name: service.name + normalize: [] + short: The cloud service name. + type: keyword container.id: dashed_name: container-id description: Unique container id. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index a78c8b1774..1461638964 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -814,6 +814,21 @@ cloud: normalize: [] short: Region in which this host is running. type: keyword + cloud.service.name: + dashed_name: cloud-service-name + description: 'The cloud service name is intended to distinguish services running + on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs + App Engine, Azure VM vs App Server. + + Examples: app engine, app service, cloud run, fargate, lambda.' + example: lambda + flat_name: cloud.service.name + ignore_above: 1024 + level: extended + name: service.name + normalize: [] + short: The cloud service name. + type: keyword footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json index 248a06ed55..6b84ad5897 100644 --- a/generated/elasticsearch/6/template.json +++ b/generated/elasticsearch/6/template.json @@ -278,6 +278,14 @@ "region": { "ignore_above": 1024, "type": "keyword" + }, + "service": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } } } }, diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json index 87007a70f3..2f02eb6e41 100644 --- a/generated/elasticsearch/7/template.json +++ b/generated/elasticsearch/7/template.json @@ -269,6 +269,14 @@ "region": { "ignore_above": 1024, "type": "keyword" + }, + "service": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } } } }, diff --git a/generated/elasticsearch/component/cloud.json b/generated/elasticsearch/component/cloud.json index b13150c6a0..f106357123 100644 --- a/generated/elasticsearch/component/cloud.json +++ b/generated/elasticsearch/component/cloud.json @@ -63,6 +63,14 @@ "region": { "ignore_above": 1024, "type": "keyword" + }, + "service": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } } } } diff --git a/schemas/cloud.yml b/schemas/cloud.yml index 0789feb79a..789b2d7485 100644 --- a/schemas/cloud.yml +++ b/schemas/cloud.yml @@ -80,6 +80,18 @@ Examples: AWS account name, Google Cloud ORG display name. + - name: service.name + level: extended + type: keyword + example: lambda + short: The cloud service name. + description: > + The cloud service name is intended to distinguish services running on + different platforms within a provider, eg AWS EC2 vs Lambda, + GCP GCE vs App Engine, Azure VM vs App Server. + + Examples: app engine, app service, cloud run, fargate, lambda. + - name: project.id level: extended type: keyword