Skip to content

Commit

Permalink
Add orchestrator (resource.parent.type and resource.ip) and container…
Browse files Browse the repository at this point in the history 
… (image.hash.all) fields (elastic#1889)

* Add orchestrator.resource parent_type and ip fields and container.image.hash field.

* Add generated artifacts.

* Update CHANGELOG.

* Update definition of container.image.hash

* Address PR comments.

* Address PR comments.

* Add container.image.hash.all

* address PR comment

* Update CHANGELOG.next
  • Loading branch information
@daniel-almeida
daniel-almeida authored May 2, 2022
1 parent a20edfc commit 3846878
Show file tree
Hide file tree
Showing 18 changed files with 380 additions and 0 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.next.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,9 @@ Thanks, you're awesome :-) -->
* Added `pattern` attribute to `.mac` fields. #1871
* Add `orchestrator.cluster.id` #1875
* Add `orchestrator.resource.id` #1878
* Add `orchestrator.resource.parent.type` #1889
* Add `orchestrator.resource.ip` #1889
* Add `container.image.hash.all` #1889

#### Improvements

Expand Down
54 changes: 54 additions & 0 deletions docs/fields/field-details.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1091,6 +1091,25 @@ type: keyword

// ===============================================================

|
[[field-container-image-hash-all]]
<<field-container-image-hash-all, container.image.hash.all>>

| An array of digests of the image the container was built on. Each digest consists of the hash algorithm and value in this format: `algorithm:value`. Algorithm names should align with the field names in the ECS hash field set.

type: keyword


Note: this field should contain an array of values.



example: `[sha256:f8fefc80e3273dc756f288a63945820d6476ad64883892c771b5e2ece6bf1b26]`

| extended

// ===============================================================

|
[[field-container-image-name]]
<<field-container-image-name, container.image.name>>
Expand Down Expand Up @@ -6414,6 +6433,25 @@ type: keyword



| extended

// ===============================================================

|
[[field-orchestrator-resource-ip]]
<<field-orchestrator-resource-ip, orchestrator.resource.ip>>

| IP address assigned to the resource associated with the event being observed. In the case of a Kubernetes Pod, this array would contain only one element: the IP of the Pod (as opposed to the Node on which the Pod is running).

type: ip


Note: this field should contain an array of values.





| extended

// ===============================================================
Expand All @@ -6434,6 +6472,22 @@ example: `test-pod-cdcws`

// ===============================================================

|
[[field-orchestrator-resource-parent-type]]
<<field-orchestrator-resource-parent-type, orchestrator.resource.parent.type>>

| Type or kind of the parent resource associated with the event being observed. In Kubernetes, this will be the name of a built-in workload resource (e.g., Deployment, StatefulSet, DaemonSet).

type: keyword



example: `DaemonSet`

| extended

// ===============================================================

|
[[field-orchestrator-resource-type]]
<<field-orchestrator-resource-type, orchestrator.resource.type>>
Expand Down
26 changes: 26 additions & 0 deletions experimental/generated/beats/fields.ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -897,6 +897,15 @@
type: keyword
ignore_above: 1024
description: Unique container id.
- name: image.hash.all
level: extended
type: keyword
ignore_above: 1024
description: 'An array of digests of the image the container was built on. Each
digest consists of the hash algorithm and value in this format: `algorithm:value`.
Algorithm names should align with the field names in the ECS hash field set.'
example: '[sha256:f8fefc80e3273dc756f288a63945820d6476ad64883892c771b5e2ece6bf1b26]'
default_field: false
- name: image.name
level: extended
type: keyword
Expand Down Expand Up @@ -4512,13 +4521,30 @@
ignore_above: 1024
description: Unique ID of the resource being acted upon.
default_field: false
- name: resource.ip
level: extended
type: ip
description: 'IP address assigned to the resource associated with the event
being observed. In the case of a Kubernetes Pod, this array would contain
only one element: the IP of the Pod (as opposed to the Node on which the Pod
is running).'
default_field: false
- name: resource.name
level: extended
type: keyword
ignore_above: 1024
description: Name of the resource being acted upon.
example: test-pod-cdcws
default_field: false
- name: resource.parent.type
level: extended
type: keyword
ignore_above: 1024
description: Type or kind of the parent resource associated with the event being
observed. In Kubernetes, this will be the name of a built-in workload resource
(e.g., Deployment, StatefulSet, DaemonSet).
example: DaemonSet
default_field: false
- name: resource.type
level: extended
type: keyword
Expand Down
3 changes: 3 additions & 0 deletions experimental/generated/csv/fields.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
8.4.0-dev+exp,true,container,container.disk.read.bytes,long,extended,,,The number of bytes read by all disks.
8.4.0-dev+exp,true,container,container.disk.write.bytes,long,extended,,,The number of bytes written on all disks.
8.4.0-dev+exp,true,container,container.id,keyword,core,,,Unique container id.
8.4.0-dev+exp,true,container,container.image.hash.all,keyword,extended,array,[sha256:f8fefc80e3273dc756f288a63945820d6476ad64883892c771b5e2ece6bf1b26],An array of digests of the image the container was built on.
8.4.0-dev+exp,true,container,container.image.name,keyword,extended,,,Name of the image the container was built on.
8.4.0-dev+exp,true,container,container.image.tag,keyword,extended,array,,Container image tags.
8.4.0-dev+exp,true,container,container.labels,object,extended,,,Image labels.
Expand Down Expand Up @@ -494,7 +495,9 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
8.4.0-dev+exp,true,orchestrator,orchestrator.namespace,keyword,extended,,kube-system,Namespace in which the action is taking place.
8.4.0-dev+exp,true,orchestrator,orchestrator.organization,keyword,extended,,elastic,Organization affected by the event (for multi-tenant orchestrator setups).
8.4.0-dev+exp,true,orchestrator,orchestrator.resource.id,keyword,extended,,,Unique ID of the resource being acted upon.
8.4.0-dev+exp,true,orchestrator,orchestrator.resource.ip,ip,extended,array,,IP address assigned to the resource associated with the event being observed.
8.4.0-dev+exp,true,orchestrator,orchestrator.resource.name,keyword,extended,,test-pod-cdcws,Name of the resource being acted upon.
8.4.0-dev+exp,true,orchestrator,orchestrator.resource.parent.type,keyword,extended,,DaemonSet,Type or kind of the parent resource associated with the event being observed.
8.4.0-dev+exp,true,orchestrator,orchestrator.resource.type,keyword,extended,,service,Type of resource being acted upon.
8.4.0-dev+exp,true,orchestrator,orchestrator.type,keyword,extended,,kubernetes,"Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry)."
8.4.0-dev+exp,true,organization,organization.id,keyword,extended,,,Unique identifier for the organization.
Expand Down
39 changes: 39 additions & 0 deletions experimental/generated/ecs/ecs_flat.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1102,6 +1102,20 @@ container.id:
normalize: []
short: Unique container id.
type: keyword
container.image.hash.all:
dashed_name: container-image-hash-all
description: 'An array of digests of the image the container was built on. Each
digest consists of the hash algorithm and value in this format: `algorithm:value`.
Algorithm names should align with the field names in the ECS hash field set.'
example: '[sha256:f8fefc80e3273dc756f288a63945820d6476ad64883892c771b5e2ece6bf1b26]'
flat_name: container.image.hash.all
ignore_above: 1024
level: extended
name: image.hash.all
normalize:
- array
short: An array of digests of the image the container was built on.
type: keyword
container.image.name:
dashed_name: container-image-name
description: Name of the image the container was built on.
Expand Down Expand Up @@ -6496,6 +6510,18 @@ orchestrator.resource.id:
normalize: []
short: Unique ID of the resource being acted upon.
type: keyword
orchestrator.resource.ip:
dashed_name: orchestrator-resource-ip
description: 'IP address assigned to the resource associated with the event being
observed. In the case of a Kubernetes Pod, this array would contain only one element:
the IP of the Pod (as opposed to the Node on which the Pod is running).'
flat_name: orchestrator.resource.ip
level: extended
name: resource.ip
normalize:
- array
short: IP address assigned to the resource associated with the event being observed.
type: ip
orchestrator.resource.name:
dashed_name: orchestrator-resource-name
description: Name of the resource being acted upon.
Expand All @@ -6507,6 +6533,19 @@ orchestrator.resource.name:
normalize: []
short: Name of the resource being acted upon.
type: keyword
orchestrator.resource.parent.type:
dashed_name: orchestrator-resource-parent-type
description: Type or kind of the parent resource associated with the event being
observed. In Kubernetes, this will be the name of a built-in workload resource
(e.g., Deployment, StatefulSet, DaemonSet).
example: DaemonSet
flat_name: orchestrator.resource.parent.type
ignore_above: 1024
level: extended
name: resource.parent.type
normalize: []
short: Type or kind of the parent resource associated with the event being observed.
type: keyword
orchestrator.resource.type:
dashed_name: orchestrator-resource-type
description: Type of resource being acted upon.
Expand Down
40 changes: 40 additions & 0 deletions experimental/generated/ecs/ecs_nested.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1482,6 +1482,20 @@ container:
normalize: []
short: Unique container id.
type: keyword
container.image.hash.all:
dashed_name: container-image-hash-all
description: 'An array of digests of the image the container was built on. Each
digest consists of the hash algorithm and value in this format: `algorithm:value`.
Algorithm names should align with the field names in the ECS hash field set.'
example: '[sha256:f8fefc80e3273dc756f288a63945820d6476ad64883892c771b5e2ece6bf1b26]'
flat_name: container.image.hash.all
ignore_above: 1024
level: extended
name: image.hash.all
normalize:
- array
short: An array of digests of the image the container was built on.
type: keyword
container.image.name:
dashed_name: container-image-name
description: Name of the image the container was built on.
Expand Down Expand Up @@ -7924,6 +7938,19 @@ orchestrator:
normalize: []
short: Unique ID of the resource being acted upon.
type: keyword
orchestrator.resource.ip:
dashed_name: orchestrator-resource-ip
description: 'IP address assigned to the resource associated with the event
being observed. In the case of a Kubernetes Pod, this array would contain
only one element: the IP of the Pod (as opposed to the Node on which the Pod
is running).'
flat_name: orchestrator.resource.ip
level: extended
name: resource.ip
normalize:
- array
short: IP address assigned to the resource associated with the event being observed.
type: ip
orchestrator.resource.name:
dashed_name: orchestrator-resource-name
description: Name of the resource being acted upon.
Expand All @@ -7935,6 +7962,19 @@ orchestrator:
normalize: []
short: Name of the resource being acted upon.
type: keyword
orchestrator.resource.parent.type:
dashed_name: orchestrator-resource-parent-type
description: Type or kind of the parent resource associated with the event being
observed. In Kubernetes, this will be the name of a built-in workload resource
(e.g., Deployment, StatefulSet, DaemonSet).
example: DaemonSet
flat_name: orchestrator.resource.parent.type
ignore_above: 1024
level: extended
name: resource.parent.type
normalize: []
short: Type or kind of the parent resource associated with the event being observed.
type: keyword
orchestrator.resource.type:
dashed_name: orchestrator-resource-type
description: Type of resource being acted upon.
Expand Down
8 changes: 8 additions & 0 deletions experimental/generated/elasticsearch/composable/component/container.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,14 @@
},
"image": {
"properties": {
"hash": {
"properties": {
"all": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"name": {
"ignore_above": 1024,
"type": "keyword"
Expand Down
11 changes: 11 additions & 0 deletions experimental/generated/elasticsearch/composable/component/orchestrator.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,21 @@
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"parent": {
"properties": {
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"type": {
"ignore_above": 1024,
"type": "keyword"
Expand Down
19 changes: 19 additions & 0 deletions experimental/generated/elasticsearch/legacy/template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -509,6 +509,14 @@
},
"image": {
"properties": {
"hash": {
"properties": {
"all": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"name": {
"ignore_above": 1024,
"type": "keyword"
Expand Down Expand Up @@ -2372,10 +2380,21 @@
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"parent": {
"properties": {
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"type": {
"ignore_above": 1024,
"type": "keyword"
Expand Down
26 changes: 26 additions & 0 deletions generated/beats/fields.ecs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -847,6 +847,15 @@
type: keyword
ignore_above: 1024
description: Unique container id.
- name: image.hash.all
level: extended
type: keyword
ignore_above: 1024
description: 'An array of digests of the image the container was built on. Each
digest consists of the hash algorithm and value in this format: `algorithm:value`.
Algorithm names should align with the field names in the ECS hash field set.'
example: '[sha256:f8fefc80e3273dc756f288a63945820d6476ad64883892c771b5e2ece6bf1b26]'
default_field: false
- name: image.name
level: extended
type: keyword
Expand Down Expand Up @@ -4462,13 +4471,30 @@
ignore_above: 1024
description: Unique ID of the resource being acted upon.
default_field: false
- name: resource.ip
level: extended
type: ip
description: 'IP address assigned to the resource associated with the event
being observed. In the case of a Kubernetes Pod, this array would contain
only one element: the IP of the Pod (as opposed to the Node on which the Pod
is running).'
default_field: false
- name: resource.name
level: extended
type: keyword
ignore_above: 1024
description: Name of the resource being acted upon.
example: test-pod-cdcws
default_field: false
- name: resource.parent.type
level: extended
type: keyword
ignore_above: 1024
description: Type or kind of the parent resource associated with the event being
observed. In Kubernetes, this will be the name of a built-in workload resource
(e.g., Deployment, StatefulSet, DaemonSet).
example: DaemonSet
default_field: false
- name: resource.type
level: extended
type: keyword
Expand Down
Loading

0 comments on commit 3846878

Please sign in to comment.