From bacab87177fff4bd5c398e5cd33c8373db5127ac Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Fri, 29 Jan 2021 16:20:59 -0700 Subject: [PATCH 1/4] Add additional host fields --- schemas/host.yml | 66 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/schemas/host.yml b/schemas/host.yml index 2fdbd9e4f7..a7e95ed3f9 100644 --- a/schemas/host.yml +++ b/schemas/host.yml @@ -96,3 +96,69 @@ For Linux this could be the domain of the host's LDAP provider. example: CONTOSO + - name: cpu.usage + level: extended + type: scaled_float + scaling_factor: 1000 + short: Percent CPU used, between 0 and 1. + beta: This field is currently considered beta. + description: > + Percent CPU used which is normalized by the number of CPU cores and it + ranges from 0 to 1. Scaling factor: 1000. + + For example: For a two core host, this value should be the average of + the two cores, between 0 and 1. + + - name: disk.read.bytes + type: long + level: extended + short: The number of bytes read by all disks. + beta: This field is currently considered beta. + description: > + The total number of bytes (gauge) read successfully (aggregated from all + disks) since the last metric collection. + + - name: disk.write.bytes + type: long + level: extended + short: The number of bytes written on all disks. + beta: This field is currently considered beta. + description: > + The total number of bytes (gauge) written successfully (aggregated from + all disks) since the last metric collection. + + - name: network.ingress.bytes + type: long + level: extended + short: The number of bytes received on all network interfaces. + beta: This field is currently considered beta. + description: > + The number of bytes received (gauge) on all network interfaces by the + host since the last metric collection. + + - name: network.ingress.packets + type: long + level: extended + short: The number of packets received on all network interfaces. + beta: This field is currently considered beta. + description: > + The number of packets (gauge) received on all network interfaces by the + host since the last metric collection. + + - name: network.egress.bytes + type: long + level: extended + short: The number of bytes sent on all network interfaces. + beta: This field is currently considered beta. + description: > + The number of bytes (gauge) sent out on all network interfaces by the + host since the last metric collection. + + - name: network.egress.packets + type: long + level: extended + short: The number of packets sent on all network interfaces. + beta: This field is currently considered beta. + description: > + The number of packets (gauge) sent out on all network interfaces by the + host since the last metric collection. From c05e04dd41814ac4e1ef877cb002e426567db751 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Fri, 29 Jan 2021 16:39:54 -0700 Subject: [PATCH 2/4] add changelog --- CHANGELOG.next.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index d353014c18..efa0d975be 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -20,6 +20,7 @@ Thanks, you're awesome :-) --> * Added `http.request.id`. #1208 * Added `cloud.service.name`. #1204 * Added `hash.ssdeep`. #1169 +* Added additional host fields. #1248 #### Improvements From 3bdf6914f1435454532625a9890f85657f0ef982 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Tue, 2 Feb 2021 15:22:21 -0700 Subject: [PATCH 3/4] run make command --- code/go/ecs/host.go | 30 +++++ docs/field-details.asciidoc | 128 ++++++++++++++++++++ experimental/generated/ecs/ecs_flat.yml | 7 ++ experimental/generated/ecs/ecs_nested.yml | 7 ++ generated/beats/fields.ecs.yml | 46 +++++++ generated/csv/fields.csv | 7 ++ generated/ecs/ecs_flat.yml | 81 +++++++++++++ generated/ecs/ecs_nested.yml | 81 +++++++++++++ generated/elasticsearch/6/template.json | 50 ++++++++ generated/elasticsearch/7/template.json | 50 ++++++++ generated/elasticsearch/component/host.json | 50 ++++++++ 11 files changed, 537 insertions(+) diff --git a/code/go/ecs/host.go b/code/go/ecs/host.go index 1d66d78832..1267ded580 100644 --- a/code/go/ecs/host.go +++ b/code/go/ecs/host.go @@ -64,4 +64,34 @@ type Host struct { // or NetBIOS domain name. For Linux this could be the domain of the host's // LDAP provider. Domain string `ecs:"domain"` + + // Percent CPU used which is normalized by the number of CPU cores and it + // ranges from 0 to 1. Scaling factor: 1000. + // For example: For a two core host, this value should be the average of + // the two cores, between 0 and 1. + CpuUsage float64 `ecs:"cpu.usage"` + + // The total number of bytes (gauge) read successfully (aggregated from all + // disks) since the last metric collection. + DiskReadBytes int64 `ecs:"disk.read.bytes"` + + // The total number of bytes (gauge) written successfully (aggregated from + // all disks) since the last metric collection. + DiskWriteBytes int64 `ecs:"disk.write.bytes"` + + // The number of bytes received (gauge) on all network interfaces by the + // host since the last metric collection. + NetworkIngressBytes int64 `ecs:"network.ingress.bytes"` + + // The number of packets (gauge) received on all network interfaces by the + // host since the last metric collection. + NetworkIngressPackets int64 `ecs:"network.ingress.packets"` + + // The number of bytes (gauge) sent out on all network interfaces by the + // host since the last metric collection. + NetworkEgressBytes int64 `ecs:"network.egress.bytes"` + + // The number of packets (gauge) sent out on all network interfaces by the + // host since the last metric collection. + NetworkEgressPackets int64 `ecs:"network.egress.packets"` } diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index b1d4dbe8be..81cfe37f1f 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -3134,6 +3134,62 @@ example: `x86_64` // =============================================================== +| +[[field-host-cpu-usage]] +<> + +| beta:[ This field is currently considered beta. ] + +Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. Scaling factor: 1000. + +For example: For a two core host, this value should be the average of the two cores, between 0 and 1. + +type: scaled_float + + + + + +| extended + +// =============================================================== + +| +[[field-host-disk-read-bytes]] +<> + +| beta:[ This field is currently considered beta. ] + +The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. + +type: long + + + + + +| extended + +// =============================================================== + +| +[[field-host-disk-write-bytes]] +<> + +| beta:[ This field is currently considered beta. ] + +The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. + +type: long + + + + + +| extended + +// =============================================================== + | [[field-host-domain]] <> @@ -3246,6 +3302,78 @@ type: keyword // =============================================================== +| +[[field-host-network-egress-bytes]] +<> + +| beta:[ This field is currently considered beta. ] + +The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + + + + + +| extended + +// =============================================================== + +| +[[field-host-network-egress-packets]] +<> + +| beta:[ This field is currently considered beta. ] + +The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + + + + + +| extended + +// =============================================================== + +| +[[field-host-network-ingress-bytes]] +<> + +| beta:[ This field is currently considered beta. ] + +The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. + +type: long + + + + + +| extended + +// =============================================================== + +| +[[field-host-network-ingress-packets]] +<> + +| beta:[ This field is currently considered beta. ] + +The number of packets (gauge) received on all network interfaces by the host since the last metric collection. + +type: long + + + + + +| extended + +// =============================================================== + | [[field-host-type]] <> diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 4cab1099ae..2e0a1a78b3 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -3267,6 +3267,7 @@ host.architecture: short: Operating system architecture. type: keyword host.cpu.usage: + beta: This field is currently considered beta. dashed_name: host-cpu-usage description: 'Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. Scaling factor: 1000. @@ -3281,6 +3282,7 @@ host.cpu.usage: short: Percent CPU used, between 0 and 1. type: scaled_float host.disk.read.bytes: + beta: This field is currently considered beta. dashed_name: host-disk-read-bytes description: The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. @@ -3291,6 +3293,7 @@ host.disk.read.bytes: short: The number of bytes read by all disks. type: long host.disk.write.bytes: + beta: This field is currently considered beta. dashed_name: host-disk-write-bytes description: The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. @@ -3474,6 +3477,7 @@ host.name: short: Name of the host. type: keyword host.network.egress.bytes: + beta: This field is currently considered beta. dashed_name: host-network-egress-bytes description: The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. @@ -3484,6 +3488,7 @@ host.network.egress.bytes: short: The number of bytes sent on all network interfaces. type: long host.network.egress.packets: + beta: This field is currently considered beta. dashed_name: host-network-egress-packets description: The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. @@ -3494,6 +3499,7 @@ host.network.egress.packets: short: The number of packets sent on all network interfaces. type: long host.network.ingress.bytes: + beta: This field is currently considered beta. dashed_name: host-network-ingress-bytes description: The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. @@ -3504,6 +3510,7 @@ host.network.ingress.bytes: short: The number of bytes received on all network interfaces. type: long host.network.ingress.packets: + beta: This field is currently considered beta. dashed_name: host-network-ingress-packets description: The number of packets (gauge) received on all network interfaces by the host since the last metric collection. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index ef1e3567d2..b64f8a47e5 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -3966,6 +3966,7 @@ host: short: Operating system architecture. type: keyword host.cpu.usage: + beta: This field is currently considered beta. dashed_name: host-cpu-usage description: 'Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. Scaling factor: 1000. @@ -3980,6 +3981,7 @@ host: short: Percent CPU used, between 0 and 1. type: scaled_float host.disk.read.bytes: + beta: This field is currently considered beta. dashed_name: host-disk-read-bytes description: The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. @@ -3990,6 +3992,7 @@ host: short: The number of bytes read by all disks. type: long host.disk.write.bytes: + beta: This field is currently considered beta. dashed_name: host-disk-write-bytes description: The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. @@ -4175,6 +4178,7 @@ host: short: Name of the host. type: keyword host.network.egress.bytes: + beta: This field is currently considered beta. dashed_name: host-network-egress-bytes description: The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. @@ -4185,6 +4189,7 @@ host: short: The number of bytes sent on all network interfaces. type: long host.network.egress.packets: + beta: This field is currently considered beta. dashed_name: host-network-egress-packets description: The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. @@ -4195,6 +4200,7 @@ host: short: The number of packets sent on all network interfaces. type: long host.network.ingress.bytes: + beta: This field is currently considered beta. dashed_name: host-network-ingress-bytes description: The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. @@ -4205,6 +4211,7 @@ host: short: The number of bytes received on all network interfaces. type: long host.network.ingress.packets: + beta: This field is currently considered beta. dashed_name: host-network-ingress-packets description: The number of packets (gauge) received on all network interfaces by the host since the last metric collection. diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index e024332068..b7b2107cad 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2111,6 +2111,28 @@ ignore_above: 1024 description: Operating system architecture. example: x86_64 + - name: cpu.usage + level: extended + type: scaled_float + description: 'Percent CPU used which is normalized by the number of CPU cores + and it ranges from 0 to 1. Scaling factor: 1000. + + For example: For a two core host, this value should be the average of the + two cores, between 0 and 1.' + scaling_factor: 1000 + default_field: false + - name: disk.read.bytes + level: extended + type: long + description: The total number of bytes (gauge) read successfully (aggregated + from all disks) since the last metric collection. + default_field: false + - name: disk.write.bytes + level: extended + type: long + description: The total number of bytes (gauge) written successfully (aggregated + from all disks) since the last metric collection. + default_field: false - name: domain level: extended type: keyword @@ -2209,6 +2231,30 @@ It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' + - name: network.egress.bytes + level: extended + type: long + description: The number of bytes (gauge) sent out on all network interfaces + by the host since the last metric collection. + default_field: false + - name: network.egress.packets + level: extended + type: long + description: The number of packets (gauge) sent out on all network interfaces + by the host since the last metric collection. + default_field: false + - name: network.ingress.bytes + level: extended + type: long + description: The number of bytes received (gauge) on all network interfaces + by the host since the last metric collection. + default_field: false + - name: network.ingress.packets + level: extended + type: long + description: The number of packets (gauge) received on all network interfaces + by the host since the last metric collection. + default_field: false - name: os.family level: extended type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index 47ba74e36e..b0f739370f 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -233,6 +233,9 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 2.0.0-dev,true,group,group.id,keyword,extended,,,Unique identifier for the group on the system/platform. 2.0.0-dev,true,group,group.name,keyword,extended,,,Name of the group. 2.0.0-dev,true,host,host.architecture,keyword,core,,x86_64,Operating system architecture. +2.0.0-dev,true,host,host.cpu.usage,scaled_float,extended,,,"Percent CPU used, between 0 and 1." +2.0.0-dev,true,host,host.disk.read.bytes,long,extended,,,The number of bytes read by all disks. +2.0.0-dev,true,host,host.disk.write.bytes,long,extended,,,The number of bytes written on all disks. 2.0.0-dev,true,host,host.domain,keyword,extended,,CONTOSO,Name of the directory the group is a member of. 2.0.0-dev,true,host,host.geo.city_name,keyword,core,,Montreal,City name. 2.0.0-dev,true,host,host.geo.continent_name,keyword,core,,North America,Name of the continent. @@ -247,6 +250,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 2.0.0-dev,true,host,host.ip,ip,core,array,,Host ip addresses. 2.0.0-dev,true,host,host.mac,keyword,core,array,,Host mac addresses. 2.0.0-dev,true,host,host.name,keyword,core,,,Name of the host. +2.0.0-dev,true,host,host.network.egress.bytes,long,extended,,,The number of bytes sent on all network interfaces. +2.0.0-dev,true,host,host.network.egress.packets,long,extended,,,The number of packets sent on all network interfaces. +2.0.0-dev,true,host,host.network.ingress.bytes,long,extended,,,The number of bytes received on all network interfaces. +2.0.0-dev,true,host,host.network.ingress.packets,long,extended,,,The number of packets received on all network interfaces. 2.0.0-dev,true,host,host.os.family,keyword,extended,,debian,"OS family (such as redhat, debian, freebsd, windows)." 2.0.0-dev,true,host,host.os.full,keyword,extended,,Mac OS Mojave,"Operating system name, including the version or code name." 2.0.0-dev,true,host,host.os.full.text,text,extended,,Mac OS Mojave,"Operating system name, including the version or code name." diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 1af94d22d3..7cfe58c2d5 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -3248,6 +3248,43 @@ host.architecture: normalize: [] short: Operating system architecture. type: keyword +host.cpu.usage: + beta: This field is currently considered beta. + dashed_name: host-cpu-usage + description: 'Percent CPU used which is normalized by the number of CPU cores and + it ranges from 0 to 1. Scaling factor: 1000. + + For example: For a two core host, this value should be the average of the two + cores, between 0 and 1.' + flat_name: host.cpu.usage + level: extended + name: cpu.usage + normalize: [] + scaling_factor: 1000 + short: Percent CPU used, between 0 and 1. + type: scaled_float +host.disk.read.bytes: + beta: This field is currently considered beta. + dashed_name: host-disk-read-bytes + description: The total number of bytes (gauge) read successfully (aggregated from + all disks) since the last metric collection. + flat_name: host.disk.read.bytes + level: extended + name: disk.read.bytes + normalize: [] + short: The number of bytes read by all disks. + type: long +host.disk.write.bytes: + beta: This field is currently considered beta. + dashed_name: host-disk-write-bytes + description: The total number of bytes (gauge) written successfully (aggregated + from all disks) since the last metric collection. + flat_name: host.disk.write.bytes + level: extended + name: disk.write.bytes + normalize: [] + short: The number of bytes written on all disks. + type: long host.domain: dashed_name: host-domain description: 'Name of the domain of which the host is a member. @@ -3423,6 +3460,50 @@ host.name: normalize: [] short: Name of the host. type: keyword +host.network.egress.bytes: + beta: This field is currently considered beta. + dashed_name: host-network-egress-bytes + description: The number of bytes (gauge) sent out on all network interfaces by the + host since the last metric collection. + flat_name: host.network.egress.bytes + level: extended + name: network.egress.bytes + normalize: [] + short: The number of bytes sent on all network interfaces. + type: long +host.network.egress.packets: + beta: This field is currently considered beta. + dashed_name: host-network-egress-packets + description: The number of packets (gauge) sent out on all network interfaces by + the host since the last metric collection. + flat_name: host.network.egress.packets + level: extended + name: network.egress.packets + normalize: [] + short: The number of packets sent on all network interfaces. + type: long +host.network.ingress.bytes: + beta: This field is currently considered beta. + dashed_name: host-network-ingress-bytes + description: The number of bytes received (gauge) on all network interfaces by the + host since the last metric collection. + flat_name: host.network.ingress.bytes + level: extended + name: network.ingress.bytes + normalize: [] + short: The number of bytes received on all network interfaces. + type: long +host.network.ingress.packets: + beta: This field is currently considered beta. + dashed_name: host-network-ingress-packets + description: The number of packets (gauge) received on all network interfaces by + the host since the last metric collection. + flat_name: host.network.ingress.packets + level: extended + name: network.ingress.packets + normalize: [] + short: The number of packets received on all network interfaces. + type: long host.os.family: dashed_name: host-os-family description: OS family (such as redhat, debian, freebsd, windows). diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index a3934fd463..1d9797e31c 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -3926,6 +3926,43 @@ host: normalize: [] short: Operating system architecture. type: keyword + host.cpu.usage: + beta: This field is currently considered beta. + dashed_name: host-cpu-usage + description: 'Percent CPU used which is normalized by the number of CPU cores + and it ranges from 0 to 1. Scaling factor: 1000. + + For example: For a two core host, this value should be the average of the + two cores, between 0 and 1.' + flat_name: host.cpu.usage + level: extended + name: cpu.usage + normalize: [] + scaling_factor: 1000 + short: Percent CPU used, between 0 and 1. + type: scaled_float + host.disk.read.bytes: + beta: This field is currently considered beta. + dashed_name: host-disk-read-bytes + description: The total number of bytes (gauge) read successfully (aggregated + from all disks) since the last metric collection. + flat_name: host.disk.read.bytes + level: extended + name: disk.read.bytes + normalize: [] + short: The number of bytes read by all disks. + type: long + host.disk.write.bytes: + beta: This field is currently considered beta. + dashed_name: host-disk-write-bytes + description: The total number of bytes (gauge) written successfully (aggregated + from all disks) since the last metric collection. + flat_name: host.disk.write.bytes + level: extended + name: disk.write.bytes + normalize: [] + short: The number of bytes written on all disks. + type: long host.domain: dashed_name: host-domain description: 'Name of the domain of which the host is a member. @@ -4103,6 +4140,50 @@ host: normalize: [] short: Name of the host. type: keyword + host.network.egress.bytes: + beta: This field is currently considered beta. + dashed_name: host-network-egress-bytes + description: The number of bytes (gauge) sent out on all network interfaces + by the host since the last metric collection. + flat_name: host.network.egress.bytes + level: extended + name: network.egress.bytes + normalize: [] + short: The number of bytes sent on all network interfaces. + type: long + host.network.egress.packets: + beta: This field is currently considered beta. + dashed_name: host-network-egress-packets + description: The number of packets (gauge) sent out on all network interfaces + by the host since the last metric collection. + flat_name: host.network.egress.packets + level: extended + name: network.egress.packets + normalize: [] + short: The number of packets sent on all network interfaces. + type: long + host.network.ingress.bytes: + beta: This field is currently considered beta. + dashed_name: host-network-ingress-bytes + description: The number of bytes received (gauge) on all network interfaces + by the host since the last metric collection. + flat_name: host.network.ingress.bytes + level: extended + name: network.ingress.bytes + normalize: [] + short: The number of bytes received on all network interfaces. + type: long + host.network.ingress.packets: + beta: This field is currently considered beta. + dashed_name: host-network-ingress-packets + description: The number of packets (gauge) received on all network interfaces + by the host since the last metric collection. + flat_name: host.network.ingress.packets + level: extended + name: network.ingress.packets + normalize: [] + short: The number of packets received on all network interfaces. + type: long host.os.family: dashed_name: host-os-family description: OS family (such as redhat, debian, freebsd, windows). diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json index 424d1712bf..46ac036f47 100644 --- a/generated/elasticsearch/6/template.json +++ b/generated/elasticsearch/6/template.json @@ -1091,6 +1091,32 @@ "ignore_above": 1024, "type": "keyword" }, + "cpu": { + "properties": { + "usage": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "disk": { + "properties": { + "read": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "write": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, "domain": { "ignore_above": 1024, "type": "keyword" @@ -1149,6 +1175,30 @@ "ignore_above": 1024, "type": "keyword" }, + "network": { + "properties": { + "egress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + }, + "ingress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + } + } + }, "os": { "properties": { "family": { diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json index 33526e303b..9a040b8b8c 100644 --- a/generated/elasticsearch/7/template.json +++ b/generated/elasticsearch/7/template.json @@ -1090,6 +1090,32 @@ "ignore_above": 1024, "type": "keyword" }, + "cpu": { + "properties": { + "usage": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "disk": { + "properties": { + "read": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "write": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, "domain": { "ignore_above": 1024, "type": "keyword" @@ -1148,6 +1174,30 @@ "ignore_above": 1024, "type": "keyword" }, + "network": { + "properties": { + "egress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + }, + "ingress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + } + } + }, "os": { "properties": { "family": { diff --git a/generated/elasticsearch/component/host.json b/generated/elasticsearch/component/host.json index c9be5fc226..35654b2bd4 100644 --- a/generated/elasticsearch/component/host.json +++ b/generated/elasticsearch/component/host.json @@ -12,6 +12,32 @@ "ignore_above": 1024, "type": "keyword" }, + "cpu": { + "properties": { + "usage": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "disk": { + "properties": { + "read": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "write": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, "domain": { "ignore_above": 1024, "type": "keyword" @@ -70,6 +96,30 @@ "ignore_above": 1024, "type": "keyword" }, + "network": { + "properties": { + "egress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + }, + "ingress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + } + } + }, "os": { "properties": { "family": { From fd9a15cf730ccc9d75988157097995461cc2782c Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Thu, 4 Feb 2021 14:09:50 -0700 Subject: [PATCH 4/4] Remove fields from experimental/schemas/host.yml --- code/go/ecs/host.go | 3 +- docs/field-details.asciidoc | 4 +- experimental/generated/beats/fields.ecs.yml | 4 +- experimental/generated/ecs/ecs_flat.yml | 4 +- experimental/generated/ecs/ecs_nested.yml | 4 +- experimental/schemas/host.yml | 61 --------------------- generated/beats/fields.ecs.yml | 4 +- generated/ecs/ecs_flat.yml | 4 +- generated/ecs/ecs_nested.yml | 4 +- schemas/host.yml | 4 +- 10 files changed, 26 insertions(+), 70 deletions(-) diff --git a/code/go/ecs/host.go b/code/go/ecs/host.go index 1267ded580..da274375ad 100644 --- a/code/go/ecs/host.go +++ b/code/go/ecs/host.go @@ -66,7 +66,8 @@ type Host struct { Domain string `ecs:"domain"` // Percent CPU used which is normalized by the number of CPU cores and it - // ranges from 0 to 1. Scaling factor: 1000. + // ranges from 0 to 1. + // Scaling factor: 1000. // For example: For a two core host, this value should be the average of // the two cores, between 0 and 1. CpuUsage float64 `ecs:"cpu.usage"` diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index 81cfe37f1f..6937463079 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -3140,7 +3140,9 @@ example: `x86_64` | beta:[ This field is currently considered beta. ] -Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. Scaling factor: 1000. +Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. + +Scaling factor: 1000. For example: For a two core host, this value should be the average of the two cores, between 0 and 1. diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index 3e141c3dbd..930303e744 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -2138,7 +2138,9 @@ level: extended type: scaled_float description: 'Percent CPU used which is normalized by the number of CPU cores - and it ranges from 0 to 1. Scaling factor: 1000. + and it ranges from 0 to 1. + + Scaling factor: 1000. For example: For a two core host, this value should be the average of the two cores, between 0 and 1.' diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 2e0a1a78b3..9b17b914ab 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -3270,7 +3270,9 @@ host.cpu.usage: beta: This field is currently considered beta. dashed_name: host-cpu-usage description: 'Percent CPU used which is normalized by the number of CPU cores and - it ranges from 0 to 1. Scaling factor: 1000. + it ranges from 0 to 1. + + Scaling factor: 1000. For example: For a two core host, this value should be the average of the two cores, between 0 and 1.' diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index b64f8a47e5..08dd69b9b7 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -3969,7 +3969,9 @@ host: beta: This field is currently considered beta. dashed_name: host-cpu-usage description: 'Percent CPU used which is normalized by the number of CPU cores - and it ranges from 0 to 1. Scaling factor: 1000. + and it ranges from 0 to 1. + + Scaling factor: 1000. For example: For a two core host, this value should be the average of the two cores, between 0 and 1.' diff --git a/experimental/schemas/host.yml b/experimental/schemas/host.yml index b7b57cfc09..91f3d1bbc2 100644 --- a/experimental/schemas/host.yml +++ b/experimental/schemas/host.yml @@ -1,65 +1,4 @@ - name: host fields: - # RFC 0005 - - name: cpu.usage - type: scaled_float - scaling_factor: 1000 - level: extended - short: Percent CPU used, between 0 and 1. - description: > - Percent CPU used which is normalized by the number of CPU cores and it - ranges from 0 to 1. Scaling factor: 1000. - - For example: For a two core host, this value should be the average of the - two cores, between 0 and 1. - - - name: network.ingress.bytes - type: long - level: extended - short: The number of bytes received on all network interfaces. - description: > - The number of bytes received (gauge) on all network interfaces by the - host since the last metric collection. - - - name: network.ingress.packets - type: long - level: extended - short: The number of packets received on all network interfaces. - description: > - The number of packets (gauge) received on all network interfaces by the - host since the last metric collection. - - - name: network.egress.bytes - type: long - level: extended - short: The number of bytes sent on all network interfaces. - description: > - The number of bytes (gauge) sent out on all network interfaces by the - host since the last metric collection. - - - name: network.egress.packets - type: long - level: extended - short: The number of packets sent on all network interfaces. - description: > - The number of packets (gauge) sent out on all network interfaces by the - host since the last metric collection. - - - name: disk.read.bytes - type: long - level: extended - short: The number of bytes read by all disks. - description: > - The total number of bytes (gauge) read successfully (aggregated from all - disks) since the last metric collection. - - - name: disk.write.bytes - type: long - level: extended - short: The number of bytes written on all disks. - description: > - The total number of bytes (gauge) written successfully (aggregated from - all disks) since the last metric collection. - - name: hostname type: wildcard diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index b7b2107cad..377eb0fba0 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2115,7 +2115,9 @@ level: extended type: scaled_float description: 'Percent CPU used which is normalized by the number of CPU cores - and it ranges from 0 to 1. Scaling factor: 1000. + and it ranges from 0 to 1. + + Scaling factor: 1000. For example: For a two core host, this value should be the average of the two cores, between 0 and 1.' diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 7cfe58c2d5..2f0e972d81 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -3252,7 +3252,9 @@ host.cpu.usage: beta: This field is currently considered beta. dashed_name: host-cpu-usage description: 'Percent CPU used which is normalized by the number of CPU cores and - it ranges from 0 to 1. Scaling factor: 1000. + it ranges from 0 to 1. + + Scaling factor: 1000. For example: For a two core host, this value should be the average of the two cores, between 0 and 1.' diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 1d9797e31c..dadade20f9 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -3930,7 +3930,9 @@ host: beta: This field is currently considered beta. dashed_name: host-cpu-usage description: 'Percent CPU used which is normalized by the number of CPU cores - and it ranges from 0 to 1. Scaling factor: 1000. + and it ranges from 0 to 1. + + Scaling factor: 1000. For example: For a two core host, this value should be the average of the two cores, between 0 and 1.' diff --git a/schemas/host.yml b/schemas/host.yml index a7e95ed3f9..0ce8eb340b 100644 --- a/schemas/host.yml +++ b/schemas/host.yml @@ -104,7 +104,9 @@ beta: This field is currently considered beta. description: > Percent CPU used which is normalized by the number of CPU cores and it - ranges from 0 to 1. Scaling factor: 1000. + ranges from 0 to 1. + + Scaling factor: 1000. For example: For a two core host, this value should be the average of the two cores, between 0 and 1.