Fix privileged flag

CHANGELOG.next.md

@@ -15,7 +15,7 @@ Thanks, you're awesome :-) -->
 #### Bugfixes
 
 #### Added
-* Added `container.privileged` to indicated whether a container was started in privileged mode. #2219
+* Added `container.security_context.privileged` to indicated whether a container was started in privileged mode. #2219, #2225
 
 #### Improvements
 

docs/fields/field-details.asciidoc

@@ -1218,32 +1218,32 @@ type: long
 // ===============================================================
 
 |
-[[field-container-privileged]]
-<<field-container-privileged, container.privileged>>
-
-a| Indicates whether the container is running in privileged mode.
+[[field-container-runtime]]
+<<field-container-runtime, container.runtime>>
 
-type: bool
+a| Runtime managing this container.
 
+type: keyword
 
 
 
+example: `docker`
 
 | extended
 
 // ===============================================================
 
 |
-[[field-container-runtime]]
-<<field-container-runtime, container.runtime>>
+[[field-container-security-context-privileged]]
+<<field-container-security-context-privileged, container.security_context.privileged>>
 
-a| Runtime managing this container.
+a| Indicates whether the container is running in privileged mode.
+
+type: bool
 
-type: keyword
 
 
 
-example: `docker`
 
 | extended
 

experimental/generated/beats/fields.ecs.yml

@@ -944,17 +944,17 @@
       description: The number of bytes received (gauge) on all network interfaces
         by the container since the last metric collection.
       default_field: false
-    - name: privileged
-      level: extended
-      type: bool
-      description: Indicates whether the container is running in privileged mode.
-      default_field: false
     - name: runtime
       level: extended
       type: keyword
       ignore_above: 1024
       description: Runtime managing this container.
       example: docker
+    - name: security_context.privileged
+      level: extended
+      type: bool
+      description: Indicates whether the container is running in privileged mode.
+      default_field: false
   - name: data_stream
     title: Data Stream
     group: 2

experimental/generated/csv/fields.csv

@@ -99,8 +99,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.10.0-dev+exp,true,container,container.name,keyword,extended,,,Container name.
 8.10.0-dev+exp,true,container,container.network.egress.bytes,long,extended,,,The number of bytes sent on all network interfaces.
 8.10.0-dev+exp,true,container,container.network.ingress.bytes,long,extended,,,The number of bytes received on all network interfaces.
-8.10.0-dev+exp,true,container,container.privileged,bool,extended,,,Indicates whether the container is running in privileged mode.
 8.10.0-dev+exp,true,container,container.runtime,keyword,extended,,docker,Runtime managing this container.
+8.10.0-dev+exp,true,container,container.security_context.privileged,bool,extended,,,Indicates whether the container is running in privileged mode.
 8.10.0-dev+exp,true,data_stream,data_stream.dataset,constant_keyword,extended,,nginx.access,The field can contain anything that makes sense to signify the source of the data.
 8.10.0-dev+exp,true,data_stream,data_stream.namespace,constant_keyword,extended,,production,A user defined namespace. Namespaces are useful to allow grouping of data.
 8.10.0-dev+exp,true,data_stream,data_stream.type,constant_keyword,extended,,logs,An overarching type for the data stream.

experimental/generated/ecs/ecs_flat.yml

@@ -1183,15 +1183,6 @@ container.network.ingress.bytes:
   normalize: []
   short: The number of bytes received on all network interfaces.
   type: long
-container.privileged:
-  dashed_name: container-privileged
-  description: Indicates whether the container is running in privileged mode.
-  flat_name: container.privileged
-  level: extended
-  name: privileged
-  normalize: []
-  short: Indicates whether the container is running in privileged mode.
-  type: bool
 container.runtime:
   dashed_name: container-runtime
   description: Runtime managing this container.
@@ -1203,6 +1194,15 @@ container.runtime:
   normalize: []
   short: Runtime managing this container.
   type: keyword
+container.security_context.privileged:
+  dashed_name: container-security-context-privileged
+  description: Indicates whether the container is running in privileged mode.
+  flat_name: container.security_context.privileged
+  level: extended
+  name: security_context.privileged
+  normalize: []
+  short: Indicates whether the container is running in privileged mode.
+  type: bool
 data_stream.dataset:
   dashed_name: data-stream-dataset
   description: "The field can contain anything that makes sense to signify the source\

experimental/generated/ecs/ecs_nested.yml

@@ -1562,15 +1562,6 @@ container:
       normalize: []
       short: The number of bytes received on all network interfaces.
       type: long
-    container.privileged:
-      dashed_name: container-privileged
-      description: Indicates whether the container is running in privileged mode.
-      flat_name: container.privileged
-      level: extended
-      name: privileged
-      normalize: []
-      short: Indicates whether the container is running in privileged mode.
-      type: bool
     container.runtime:
       dashed_name: container-runtime
       description: Runtime managing this container.
@@ -1582,6 +1573,15 @@ container:
       normalize: []
       short: Runtime managing this container.
       type: keyword
+    container.security_context.privileged:
+      dashed_name: container-security-context-privileged
+      description: Indicates whether the container is running in privileged mode.
+      flat_name: container.security_context.privileged
+      level: extended
+      name: security_context.privileged
+      normalize: []
+      short: Indicates whether the container is running in privileged mode.
+      type: bool
   group: 2
   name: container
   prefix: container.

experimental/generated/elasticsearch/composable/component/container.json

@@ -91,12 +91,16 @@
                 }
               }
             },
-            "privileged": {
-              "type": "bool"
-            },
             "runtime": {
               "ignore_above": 1024,
               "type": "keyword"
+            },
+            "security_context": {
+              "properties": {
+                "privileged": {
+                  "type": "bool"
+                }
+              }
             }
           }
         }

experimental/generated/elasticsearch/legacy/template.json

@@ -560,12 +560,16 @@
               }
             }
           },
-          "privileged": {
-            "type": "bool"
-          },
           "runtime": {
             "ignore_above": 1024,
             "type": "keyword"
+          },
+          "security_context": {
+            "properties": {
+              "privileged": {
+                "type": "bool"
+              }
+            }
           }
         }
       },

generated/beats/fields.ecs.yml

@@ -894,17 +894,17 @@
       description: The number of bytes received (gauge) on all network interfaces
         by the container since the last metric collection.
       default_field: false
-    - name: privileged
-      level: extended
-      type: bool
-      description: Indicates whether the container is running in privileged mode.
-      default_field: false
     - name: runtime
       level: extended
       type: keyword
       ignore_above: 1024
       description: Runtime managing this container.
       example: docker
+    - name: security_context.privileged
+      level: extended
+      type: bool
+      description: Indicates whether the container is running in privileged mode.
+      default_field: false
   - name: data_stream
     title: Data Stream
     group: 2

generated/csv/fields.csv

@@ -92,8 +92,8 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.10.0-dev,true,container,container.name,keyword,extended,,,Container name.
 8.10.0-dev,true,container,container.network.egress.bytes,long,extended,,,The number of bytes sent on all network interfaces.
 8.10.0-dev,true,container,container.network.ingress.bytes,long,extended,,,The number of bytes received on all network interfaces.
-8.10.0-dev,true,container,container.privileged,bool,extended,,,Indicates whether the container is running in privileged mode.
 8.10.0-dev,true,container,container.runtime,keyword,extended,,docker,Runtime managing this container.
+8.10.0-dev,true,container,container.security_context.privileged,bool,extended,,,Indicates whether the container is running in privileged mode.
 8.10.0-dev,true,data_stream,data_stream.dataset,constant_keyword,extended,,nginx.access,The field can contain anything that makes sense to signify the source of the data.
 8.10.0-dev,true,data_stream,data_stream.namespace,constant_keyword,extended,,production,A user defined namespace. Namespaces are useful to allow grouping of data.
 8.10.0-dev,true,data_stream,data_stream.type,constant_keyword,extended,,logs,An overarching type for the data stream.

generated/ecs/ecs_flat.yml

@@ -1114,15 +1114,6 @@ container.network.ingress.bytes:
   normalize: []
   short: The number of bytes received on all network interfaces.
   type: long
-container.privileged:
-  dashed_name: container-privileged
-  description: Indicates whether the container is running in privileged mode.
-  flat_name: container.privileged
-  level: extended
-  name: privileged
-  normalize: []
-  short: Indicates whether the container is running in privileged mode.
-  type: bool
 container.runtime:
   dashed_name: container-runtime
   description: Runtime managing this container.
@@ -1134,6 +1125,15 @@ container.runtime:
   normalize: []
   short: Runtime managing this container.
   type: keyword
+container.security_context.privileged:
+  dashed_name: container-security-context-privileged
+  description: Indicates whether the container is running in privileged mode.
+  flat_name: container.security_context.privileged
+  level: extended
+  name: security_context.privileged
+  normalize: []
+  short: Indicates whether the container is running in privileged mode.
+  type: bool
 data_stream.dataset:
   dashed_name: data-stream-dataset
   description: "The field can contain anything that makes sense to signify the source\

generated/ecs/ecs_nested.yml

@@ -1482,15 +1482,6 @@ container:
       normalize: []
       short: The number of bytes received on all network interfaces.
       type: long
-    container.privileged:
-      dashed_name: container-privileged
-      description: Indicates whether the container is running in privileged mode.
-      flat_name: container.privileged
-      level: extended
-      name: privileged
-      normalize: []
-      short: Indicates whether the container is running in privileged mode.
-      type: bool
     container.runtime:
       dashed_name: container-runtime
       description: Runtime managing this container.
@@ -1502,6 +1493,15 @@ container:
       normalize: []
       short: Runtime managing this container.
       type: keyword
+    container.security_context.privileged:
+      dashed_name: container-security-context-privileged
+      description: Indicates whether the container is running in privileged mode.
+      flat_name: container.security_context.privileged
+      level: extended
+      name: security_context.privileged
+      normalize: []
+      short: Indicates whether the container is running in privileged mode.
+      type: bool
   group: 2
   name: container
   prefix: container.

generated/elasticsearch/composable/component/container.json

@@ -91,12 +91,16 @@
                 }
               }
             },
-            "privileged": {
-              "type": "bool"
-            },
             "runtime": {
               "ignore_above": 1024,
               "type": "keyword"
+            },
+            "security_context": {
+              "properties": {
+                "privileged": {
+                  "type": "bool"
+                }
+              }
             }
           }
         }

generated/elasticsearch/legacy/template.json

@@ -518,12 +518,16 @@
               }
             }
           },
-          "privileged": {
-            "type": "bool"
-          },
           "runtime": {
             "ignore_above": 1024,
             "type": "keyword"
+          },
+          "security_context": {
+            "properties": {
+              "privileged": {
+                "type": "bool"
+              }
+            }
           }
         }
       },

schemas/container.yml

@@ -121,7 +121,7 @@
         The number of bytes (gauge) sent out on all network interfaces by the
         container since the last metric collection.
 
-    - name: privileged
+    - name: security_context.privileged
       type: bool
       level: extended
       short: Indicates whether the container is running in privileged mode.