elastic · AlexanderWert · Mar 2, 2022 · Feb 24, 2022 · Feb 24, 2022 · Feb 24, 2022
@@ -75,6 +75,7 @@ Thanks, you're awesome :-) -->
 
 * Added two new fields (sha384,tlsh) to hash schema and one field to pe schema (pehash). #1678
 * Added `email.*` beta field set. ##1688, #1705
+* Added `faas.id` and `faas.name` fields. #1796
 
 #### Removed
 

@@ -3648,6 +3648,40 @@ example: `af9d5aa4-a685-4c5f-a22b-444f80b3cc28`
 
 // ===============================================================
 
+|
+[[field-faas-id]]
+<<field-faas-id, faas.id>>
+
+| The unique identifier of a serverless function.
+
+For AWS Lambda it's the function ARN (Amazon Resource Name) without a version or alias suffix.
+
+type: keyword
+
+
+
+example: `arn:aws:lambda:us-west-2:123456789012:function:my-function`
+
+| extended
+
+// ===============================================================
+
+|
+[[field-faas-name]]
+<<field-faas-name, faas.name>>
+
+| The name of a serverless function.
+
+type: keyword
+
+
+
+example: `my-function`
+
+| extended
+
+// ===============================================================
+
 |
 [[field-faas-trigger]]
 <<field-faas-trigger, faas.trigger>>
@@ -3708,6 +3742,22 @@ example: `http`
 
 // ===============================================================
 
+|
+[[field-faas-version]]
+<<field-faas-version, faas.version>>
+
+| The version of a serverless function.
+
+type: keyword
+
+
+
+example: `123`
+
+| extended
+
+// ===============================================================
+
 |=====
 
 

@@ -2455,6 +2455,23 @@
       description: The execution ID of the current function execution.
       example: af9d5aa4-a685-4c5f-a22b-444f80b3cc28
       default_field: false
+    - name: id
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'The unique identifier of a serverless function.
+
+        For AWS Lambda it''s the function ARN (Amazon Resource Name) without a version
+        or alias suffix.'
+      example: arn:aws:lambda:us-west-2:123456789012:function:my-function
+      default_field: false
+    - name: name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: The name of a serverless function.
+      example: my-function
+      default_field: false
     - name: trigger
       level: extended
       type: nested
@@ -2475,6 +2492,13 @@
         \  * http\n  * pubsub\n  * datasource\n  * timer\n  * other"
       example: http
       default_field: false
+    - name: version
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: The version of a serverless function.
+      example: '123'
+      default_field: false
   - name: file
     title: File
     group: 2

@@ -246,9 +246,12 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.3.0-dev+exp,true,event,event.url,keyword,extended,,https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe,Event investigation URL
 8.3.0-dev+exp,true,faas,faas.coldstart,boolean,extended,,,Boolean value indicating a cold start of a function.
 8.3.0-dev+exp,true,faas,faas.execution,keyword,extended,,af9d5aa4-a685-4c5f-a22b-444f80b3cc28,The execution ID of the current function execution.
+8.3.0-dev+exp,true,faas,faas.id,keyword,extended,,arn:aws:lambda:us-west-2:123456789012:function:my-function,The unique identifier of a serverless function.
+8.3.0-dev+exp,true,faas,faas.name,keyword,extended,,my-function,The name of a serverless function.
 8.3.0-dev+exp,true,faas,faas.trigger,nested,extended,,,Details about the function trigger.
 8.3.0-dev+exp,true,faas,faas.trigger.request_id,keyword,extended,,123456789,"The ID of the trigger request , message, event, etc."
 8.3.0-dev+exp,true,faas,faas.trigger.type,keyword,extended,,http,The trigger for the function execution.
+8.3.0-dev+exp,true,faas,faas.version,keyword,extended,,123,The version of a serverless function.
 8.3.0-dev+exp,true,file,file.accessed,date,extended,,,Last time the file was accessed.
 8.3.0-dev+exp,true,file,file.attributes,keyword,extended,array,"[""readonly"", ""system""]",Array of file attributes.
 8.3.0-dev+exp,true,file,file.code_signature.digest_algorithm,keyword,extended,,sha256,Hashing algorithm used to sign the process.

@@ -3475,6 +3475,31 @@ faas.execution:
   normalize: []
   short: The execution ID of the current function execution.
   type: keyword
+faas.id:
+  dashed_name: faas-id
+  description: 'The unique identifier of a serverless function.
+
+    For AWS Lambda it''s the function ARN (Amazon Resource Name) without a version
+    or alias suffix.'
+  example: arn:aws:lambda:us-west-2:123456789012:function:my-function
+  flat_name: faas.id
+  ignore_above: 1024
+  level: extended
+  name: id
+  normalize: []
+  short: The unique identifier of a serverless function.
+  type: keyword
+faas.name:
+  dashed_name: faas-name
+  description: The name of a serverless function.
+  example: my-function
+  flat_name: faas.name
+  ignore_above: 1024
+  level: extended
+  name: name
+  normalize: []
+  short: The name of a serverless function.
+  type: keyword
 faas.trigger:
   dashed_name: faas-trigger
   description: Details about the function trigger.
@@ -3507,6 +3532,17 @@ faas.trigger.type:
   normalize: []
   short: The trigger for the function execution.
   type: keyword
+faas.version:
+  dashed_name: faas-version
+  description: The version of a serverless function.
+  example: '123'
+  flat_name: faas.version
+  ignore_above: 1024
+  level: extended
+  name: version
+  normalize: []
+  short: The version of a serverless function.
+  type: keyword
 file.accessed:
   dashed_name: file-accessed
   description: 'Last time the file was accessed.

@@ -4372,6 +4372,31 @@ faas:
       normalize: []
       short: The execution ID of the current function execution.
       type: keyword
+    faas.id:
+      dashed_name: faas-id
+      description: 'The unique identifier of a serverless function.
+
+        For AWS Lambda it''s the function ARN (Amazon Resource Name) without a version
+        or alias suffix.'
+      example: arn:aws:lambda:us-west-2:123456789012:function:my-function
+      flat_name: faas.id
+      ignore_above: 1024
+      level: extended
+      name: id
+      normalize: []
+      short: The unique identifier of a serverless function.
+      type: keyword
+    faas.name:
+      dashed_name: faas-name
+      description: The name of a serverless function.
+      example: my-function
+      flat_name: faas.name
+      ignore_above: 1024
+      level: extended
+      name: name
+      normalize: []
+      short: The name of a serverless function.
+      type: keyword
     faas.trigger:
       dashed_name: faas-trigger
       description: Details about the function trigger.
@@ -4404,6 +4429,17 @@ faas:
       normalize: []
       short: The trigger for the function execution.
       type: keyword
+    faas.version:
+      dashed_name: faas-version
+      description: The version of a serverless function.
+      example: '123'
+      flat_name: faas.version
+      ignore_above: 1024
+      level: extended
+      name: version
+      normalize: []
+      short: The version of a serverless function.
+      type: keyword
   group: 2
   name: faas
   prefix: faas.

@@ -15,6 +15,14 @@
               "ignore_above": 1024,
               "type": "keyword"
             },
+            "id": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+            "name": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
             "trigger": {
               "properties": {
                 "request_id": {
@@ -27,6 +35,10 @@
                 }
               },
               "type": "nested"
+            },
+            "version": {
+              "ignore_above": 1024,
+              "type": "keyword"
             }
           }
         }

@@ -1227,6 +1227,14 @@
             "ignore_above": 1024,
             "type": "keyword"
           },
+          "id": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
+          "name": {
+            "ignore_above": 1024,
+            "type": "keyword"
+          },
           "trigger": {
             "properties": {
               "request_id": {
@@ -1239,6 +1247,10 @@
               }
             },
             "type": "nested"
+          },
+          "version": {
+            "ignore_above": 1024,
+            "type": "keyword"
           }
         }
       },

@@ -2405,6 +2405,23 @@
       description: The execution ID of the current function execution.
       example: af9d5aa4-a685-4c5f-a22b-444f80b3cc28
       default_field: false
+    - name: id
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'The unique identifier of a serverless function.
+
+        For AWS Lambda it''s the function ARN (Amazon Resource Name) without a version
+        or alias suffix.'
+      example: arn:aws:lambda:us-west-2:123456789012:function:my-function
+      default_field: false
+    - name: name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: The name of a serverless function.
+      example: my-function
+      default_field: false
     - name: trigger
       level: extended
       type: nested
@@ -2425,6 +2442,13 @@
         \  * http\n  * pubsub\n  * datasource\n  * timer\n  * other"
       example: http
       default_field: false
+    - name: version
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: The version of a serverless function.
+      example: '123'
+      default_field: false
   - name: file
     title: File
     group: 2

@@ -239,9 +239,12 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.3.0-dev,true,event,event.url,keyword,extended,,https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe,Event investigation URL
 8.3.0-dev,true,faas,faas.coldstart,boolean,extended,,,Boolean value indicating a cold start of a function.
 8.3.0-dev,true,faas,faas.execution,keyword,extended,,af9d5aa4-a685-4c5f-a22b-444f80b3cc28,The execution ID of the current function execution.
+8.3.0-dev,true,faas,faas.id,keyword,extended,,arn:aws:lambda:us-west-2:123456789012:function:my-function,The unique identifier of a serverless function.
+8.3.0-dev,true,faas,faas.name,keyword,extended,,my-function,The name of a serverless function.
 8.3.0-dev,true,faas,faas.trigger,nested,extended,,,Details about the function trigger.
 8.3.0-dev,true,faas,faas.trigger.request_id,keyword,extended,,123456789,"The ID of the trigger request , message, event, etc."
 8.3.0-dev,true,faas,faas.trigger.type,keyword,extended,,http,The trigger for the function execution.
+8.3.0-dev,true,faas,faas.version,keyword,extended,,123,The version of a serverless function.
 8.3.0-dev,true,file,file.accessed,date,extended,,,Last time the file was accessed.
 8.3.0-dev,true,file,file.attributes,keyword,extended,array,"[""readonly"", ""system""]",Array of file attributes.
 8.3.0-dev,true,file,file.code_signature.digest_algorithm,keyword,extended,,sha256,Hashing algorithm used to sign the process.

@@ -3406,6 +3406,31 @@ faas.execution:
   normalize: []
   short: The execution ID of the current function execution.
   type: keyword
+faas.id:
+  dashed_name: faas-id
+  description: 'The unique identifier of a serverless function.
+
+    For AWS Lambda it''s the function ARN (Amazon Resource Name) without a version
+    or alias suffix.'
+  example: arn:aws:lambda:us-west-2:123456789012:function:my-function
+  flat_name: faas.id
+  ignore_above: 1024
+  level: extended
+  name: id
+  normalize: []
+  short: The unique identifier of a serverless function.
+  type: keyword
+faas.name:
+  dashed_name: faas-name
+  description: The name of a serverless function.
+  example: my-function
+  flat_name: faas.name
+  ignore_above: 1024
+  level: extended
+  name: name
+  normalize: []
+  short: The name of a serverless function.
+  type: keyword
 faas.trigger:
   dashed_name: faas-trigger
   description: Details about the function trigger.
@@ -3438,6 +3463,17 @@ faas.trigger.type:
   normalize: []
   short: The trigger for the function execution.
   type: keyword
+faas.version:
+  dashed_name: faas-version
+  description: The version of a serverless function.
+  example: '123'
+  flat_name: faas.version
+  ignore_above: 1024
+  level: extended
+  name: version
+  normalize: []
+  short: The version of a serverless function.
+  type: keyword
 file.accessed:
   dashed_name: file-accessed
   description: 'Last time the file was accessed.