From 1c723ddf34e930e8c4af47d8851c6470bd51bfb2 Mon Sep 17 00:00:00 2001 From: Michael Wolf Date: Thu, 5 Dec 2024 18:11:34 -0800 Subject: [PATCH 1/3] Promote beta fields to GA Promote beta fields that have been present since the previous major release to GA * cloud.origin * cloud.target * elf fields * event.kind->asset type * faas fields * process.boot_id * process.pid_ns_inode * volume fields --- docs/fields/field-details.asciidoc | 34 +++++++---------------- docs/fields/field-values.asciidoc | 2 -- experimental/generated/ecs/ecs_flat.yml | 5 +--- experimental/generated/ecs/ecs_nested.yml | 24 ++++------------ generated/ecs/ecs_flat.yml | 5 +--- generated/ecs/ecs_nested.yml | 24 ++++------------ schemas/cloud.yml | 2 -- schemas/elf.yml | 4 --- schemas/event.yml | 2 -- schemas/faas.yml | 2 -- schemas/host.yml | 2 -- schemas/volume.yml | 2 -- 12 files changed, 22 insertions(+), 86 deletions(-) diff --git a/docs/fields/field-details.asciidoc b/docs/fields/field-details.asciidoc index 6d5ba6a780..c3d0ea017b 100644 --- a/docs/fields/field-details.asciidoc +++ b/docs/fields/field-details.asciidoc @@ -790,17 +790,15 @@ Note also that the `cloud` fields may be used directly at the root of the events | `cloud.origin.*` -| <>| beta:[ Reusing the `cloud` fields in this location is currently considered beta.] - -Provides the cloud information of the origin entity in case of an incoming request or event. +| <> +| Provides the cloud information of the origin entity in case of an incoming request or event. // =============================================================== | `cloud.target.*` -| <>| beta:[ Reusing the `cloud` fields in this location is currently considered beta.] - -Provides the cloud information of the target entity in case of an outgoing request or event. +| <> +| Provides the cloud information of the target entity in case of an outgoing request or event. // =============================================================== @@ -2220,8 +2218,6 @@ example: `1.0.0` These fields contain Linux Executable Linkable Format (ELF) metadata. -beta::[ These fields are in beta and are subject to change.] - [discrete] ==== ELF Header Field Details @@ -3907,8 +3903,6 @@ example: `https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38f The user fields describe information about the function as a service (FaaS) that is relevant to the event. -beta::[ These fields are in beta and are subject to change.] - [discrete] ==== FaaS Field Details @@ -4478,9 +4472,8 @@ Note also that the `file` fields may be used directly at the root of the events. | `file.elf.*` -| <>| beta:[ This field reuse is beta and subject to change.] - -These fields contain Linux Executable Linkable Format (ELF) metadata. +| <> +| These fields contain Linux Executable Linkable Format (ELF) metadata. // =============================================================== @@ -5031,9 +5024,7 @@ example: `x86_64` [[field-host-boot-id]] <> -a| beta:[ This field is beta and subject to change. ] - -Linux boot uuid taken from /proc/sys/kernel/random/boot_id. Note the boot_id value from /proc may or may not be the same in containers as on the host. Some container runtimes will bind mount a new boot_id value onto the proc file in each container. +a| Linux boot uuid taken from /proc/sys/kernel/random/boot_id. Note the boot_id value from /proc may or may not be the same in containers as on the host. Some container runtimes will bind mount a new boot_id value onto the proc file in each container. type: keyword @@ -5279,9 +5270,7 @@ type: long [[field-host-pid-ns-ino]] <> -a| beta:[ This field is beta and subject to change. ] - -This is the inode number of the namespace in the namespace file system (nsfs). Unsigned int inum in include/linux/ns_common.h. +a| This is the inode number of the namespace in the namespace file system (nsfs). Unsigned int inum in include/linux/ns_common.h. type: keyword @@ -8787,9 +8776,8 @@ The externally attested user based on an external source such as the Kube API. | `process.elf.*` -| <>| beta:[ This field reuse is beta and subject to change.] - -These fields contain Linux Executable Linkable Format (ELF) metadata. +| <> +| These fields contain Linux Executable Linkable Format (ELF) metadata. // =============================================================== @@ -13000,8 +12988,6 @@ Note also that the `vlan` fields are not expected to be used directly at the roo Fields related to storage volume details. -beta::[ These fields are beta and are subject to change.] - [discrete] ==== Volume Field Details diff --git a/docs/fields/field-values.asciidoc b/docs/fields/field-values.asciidoc index 0a4030ba06..c05396aa7e 100644 --- a/docs/fields/field-values.asciidoc +++ b/docs/fields/field-values.asciidoc @@ -64,8 +64,6 @@ This value is not used by Elastic solutions for alert documents that are created [[ecs-event-kind-asset]] ==== asset -beta:[ This event categorization value is beta and subject to change. ] - This value indicates events whose primary purpose is to store an inventory of assets/entities and their attributes. Assets/entities are objects (such as users and hosts) that are expected to be subjects of detailed analysis within the system. Examples include lists of user identities or accounts ingested from directory services such as Active Directory (AD), inventory of hosts pulled from configuration management databases (CMDB), and lists of cloud storage buckets pulled from cloud provider APIs. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index 52e90b2670..656a778cec 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -3370,8 +3370,7 @@ event.kind: This value is not used by Elastic solutions for alert documents that are created by rules executing within the Kibana alerting framework.' name: alert - - beta: This event categorization value is beta and subject to change. - description: 'This value indicates events whose primary purpose is to store an + - description: 'This value indicates events whose primary purpose is to store an inventory of assets/entities and their attributes. Assets/entities are objects (such as users and hosts) that are expected to be subjects of detailed analysis within the system. @@ -5678,7 +5677,6 @@ host.architecture: short: Operating system architecture. type: keyword host.boot.id: - beta: This field is beta and subject to change. dashed_name: host-boot-id description: Linux boot uuid taken from /proc/sys/kernel/random/boot_id. Note the boot_id value from /proc may or may not be the same in containers as on the host. @@ -6095,7 +6093,6 @@ host.os.version: short: Operating system version as a raw string. type: keyword host.pid_ns_ino: - beta: This field is beta and subject to change. dashed_name: host-pid-ns-ino description: This is the inode number of the namespace in the namespace file system (nsfs). Unsigned int inum in include/linux/ns_common.h. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 6e1b49a8f9..e1bdb186a3 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -1268,25 +1268,21 @@ cloud: expected: - as: origin at: cloud - beta: Reusing the `cloud` fields in this location is currently considered beta. full: cloud.origin short_override: Provides the cloud information of the origin entity in case of an incoming request or event. - as: target at: cloud - beta: Reusing the `cloud` fields in this location is currently considered beta. full: cloud.target short_override: Provides the cloud information of the target entity in case of an outgoing request or event. top_level: true reused_here: - - beta: Reusing the `cloud` fields in this location is currently considered beta. - full: cloud.origin + - full: cloud.origin schema_name: cloud short: Provides the cloud information of the origin entity in case of an incoming request or event. - - beta: Reusing the `cloud` fields in this location is currently considered beta. - full: cloud.target + - full: cloud.target schema_name: cloud short: Provides the cloud information of the target entity in case of an outgoing request or event. @@ -3118,7 +3114,6 @@ ecs: title: ECS type: group elf: - beta: These fields are in beta and are subject to change. description: These fields contain Linux Executable Linkable Format (ELF) metadata. fields: elf.architecture: @@ -3533,11 +3528,9 @@ elf: expected: - as: elf at: file - beta: This field reuse is beta and subject to change. full: file.elf - as: elf at: process - beta: This field reuse is beta and subject to change. full: process.elf top_level: false short: These fields contain Linux Executable Linkable Format (ELF) metadata. @@ -4379,8 +4372,7 @@ event: This value is not used by Elastic solutions for alert documents that are created by rules executing within the Kibana alerting framework.' name: alert - - beta: This event categorization value is beta and subject to change. - description: 'This value indicates events whose primary purpose is to store + - description: 'This value indicates events whose primary purpose is to store an inventory of assets/entities and their attributes. Assets/entities are objects (such as users and hosts) that are expected to be subjects of detailed analysis within the system. @@ -4841,7 +4833,6 @@ event: title: Event type: group faas: - beta: These fields are in beta and are subject to change. description: The user fields describe information about the function as a service (FaaS) that is relevant to the event. fields: @@ -6715,8 +6706,7 @@ file: - full: file.code_signature schema_name: code_signature short: These fields contain information about binary code signatures. - - beta: This field reuse is beta and subject to change. - full: file.elf + - full: file.elf schema_name: elf short: These fields contain Linux Executable Linkable Format (ELF) metadata. - beta: This field reuse is beta and subject to change. @@ -7104,7 +7094,6 @@ host: short: Operating system architecture. type: keyword host.boot.id: - beta: This field is beta and subject to change. dashed_name: host-boot-id description: Linux boot uuid taken from /proc/sys/kernel/random/boot_id. Note the boot_id value from /proc may or may not be the same in containers as on @@ -7523,7 +7512,6 @@ host: short: Operating system version as a raw string. type: keyword host.pid_ns_ino: - beta: This field is beta and subject to change. dashed_name: host-pid-ns-ino description: This is the inode number of the namespace in the namespace file system (nsfs). Unsigned int inum in include/linux/ns_common.h. @@ -15209,8 +15197,7 @@ process: - full: process.code_signature schema_name: code_signature short: These fields contain information about binary code signatures. - - beta: This field reuse is beta and subject to change. - full: process.elf + - full: process.elf schema_name: elf short: These fields contain Linux Executable Linkable Format (ELF) metadata. - beta: This field reuse is beta and subject to change. @@ -25145,7 +25132,6 @@ vlan: title: VLAN type: group volume: - beta: These fields are beta and are subject to change. description: Fields related to storage volume details. fields: volume.bus_type: diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 3ab5bc75d5..4d6a83c0a6 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -3301,8 +3301,7 @@ event.kind: This value is not used by Elastic solutions for alert documents that are created by rules executing within the Kibana alerting framework.' name: alert - - beta: This event categorization value is beta and subject to change. - description: 'This value indicates events whose primary purpose is to store an + - description: 'This value indicates events whose primary purpose is to store an inventory of assets/entities and their attributes. Assets/entities are objects (such as users and hosts) that are expected to be subjects of detailed analysis within the system. @@ -5609,7 +5608,6 @@ host.architecture: short: Operating system architecture. type: keyword host.boot.id: - beta: This field is beta and subject to change. dashed_name: host-boot-id description: Linux boot uuid taken from /proc/sys/kernel/random/boot_id. Note the boot_id value from /proc may or may not be the same in containers as on the host. @@ -6026,7 +6024,6 @@ host.os.version: short: Operating system version as a raw string. type: keyword host.pid_ns_ino: - beta: This field is beta and subject to change. dashed_name: host-pid-ns-ino description: This is the inode number of the namespace in the namespace file system (nsfs). Unsigned int inum in include/linux/ns_common.h. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index c068d535a1..f70dbd6a09 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -1188,25 +1188,21 @@ cloud: expected: - as: origin at: cloud - beta: Reusing the `cloud` fields in this location is currently considered beta. full: cloud.origin short_override: Provides the cloud information of the origin entity in case of an incoming request or event. - as: target at: cloud - beta: Reusing the `cloud` fields in this location is currently considered beta. full: cloud.target short_override: Provides the cloud information of the target entity in case of an outgoing request or event. top_level: true reused_here: - - beta: Reusing the `cloud` fields in this location is currently considered beta. - full: cloud.origin + - full: cloud.origin schema_name: cloud short: Provides the cloud information of the origin entity in case of an incoming request or event. - - beta: Reusing the `cloud` fields in this location is currently considered beta. - full: cloud.target + - full: cloud.target schema_name: cloud short: Provides the cloud information of the target entity in case of an outgoing request or event. @@ -3038,7 +3034,6 @@ ecs: title: ECS type: group elf: - beta: These fields are in beta and are subject to change. description: These fields contain Linux Executable Linkable Format (ELF) metadata. fields: elf.architecture: @@ -3453,11 +3448,9 @@ elf: expected: - as: elf at: file - beta: This field reuse is beta and subject to change. full: file.elf - as: elf at: process - beta: This field reuse is beta and subject to change. full: process.elf top_level: false short: These fields contain Linux Executable Linkable Format (ELF) metadata. @@ -4299,8 +4292,7 @@ event: This value is not used by Elastic solutions for alert documents that are created by rules executing within the Kibana alerting framework.' name: alert - - beta: This event categorization value is beta and subject to change. - description: 'This value indicates events whose primary purpose is to store + - description: 'This value indicates events whose primary purpose is to store an inventory of assets/entities and their attributes. Assets/entities are objects (such as users and hosts) that are expected to be subjects of detailed analysis within the system. @@ -4761,7 +4753,6 @@ event: title: Event type: group faas: - beta: These fields are in beta and are subject to change. description: The user fields describe information about the function as a service (FaaS) that is relevant to the event. fields: @@ -6635,8 +6626,7 @@ file: - full: file.code_signature schema_name: code_signature short: These fields contain information about binary code signatures. - - beta: This field reuse is beta and subject to change. - full: file.elf + - full: file.elf schema_name: elf short: These fields contain Linux Executable Linkable Format (ELF) metadata. - beta: This field reuse is beta and subject to change. @@ -7024,7 +7014,6 @@ host: short: Operating system architecture. type: keyword host.boot.id: - beta: This field is beta and subject to change. dashed_name: host-boot-id description: Linux boot uuid taken from /proc/sys/kernel/random/boot_id. Note the boot_id value from /proc may or may not be the same in containers as on @@ -7443,7 +7432,6 @@ host: short: Operating system version as a raw string. type: keyword host.pid_ns_ino: - beta: This field is beta and subject to change. dashed_name: host-pid-ns-ino description: This is the inode number of the namespace in the namespace file system (nsfs). Unsigned int inum in include/linux/ns_common.h. @@ -15129,8 +15117,7 @@ process: - full: process.code_signature schema_name: code_signature short: These fields contain information about binary code signatures. - - beta: This field reuse is beta and subject to change. - full: process.elf + - full: process.elf schema_name: elf short: These fields contain Linux Executable Linkable Format (ELF) metadata. - beta: This field reuse is beta and subject to change. @@ -25065,7 +25052,6 @@ vlan: title: VLAN type: group volume: - beta: These fields are beta and are subject to change. description: Fields related to storage volume details. fields: volume.bus_type: diff --git a/schemas/cloud.yml b/schemas/cloud.yml index 904270b588..43cf3a1a8e 100644 --- a/schemas/cloud.yml +++ b/schemas/cloud.yml @@ -44,11 +44,9 @@ expected: - at: cloud as: origin - beta: Reusing the `cloud` fields in this location is currently considered beta. short_override: Provides the cloud information of the origin entity in case of an incoming request or event. - at: cloud as: target - beta: Reusing the `cloud` fields in this location is currently considered beta. short_override: Provides the cloud information of the target entity in case of an outgoing request or event. type: group fields: diff --git a/schemas/elf.yml b/schemas/elf.yml index b5c93b4d99..5faf364a80 100644 --- a/schemas/elf.yml +++ b/schemas/elf.yml @@ -20,18 +20,14 @@ group: 2 description: > These fields contain Linux Executable Linkable Format (ELF) metadata. - beta: > - These fields are in beta and are subject to change. type: group reusable: top_level: false expected: - at: file as: elf - beta: This field reuse is beta and subject to change. - at: process as: elf - beta: This field reuse is beta and subject to change. fields: - name: creation_date short: Build or compile date. diff --git a/schemas/event.yml b/schemas/event.yml index cd3a247bbb..21c89f4877 100644 --- a/schemas/event.yml +++ b/schemas/event.yml @@ -99,8 +99,6 @@ `event.kind: asset` is not used for normal system events or logs that are coming from an asset/entity, nor is it used for system events or logs coming from a directory or CMDB system. - beta: > - This event categorization value is beta and subject to change. - name: enrichment description: > The `enrichment` value indicates an event collected to provide additional diff --git a/schemas/faas.yml b/schemas/faas.yml index 018e3f93a9..291f8d7a01 100644 --- a/schemas/faas.yml +++ b/schemas/faas.yml @@ -22,8 +22,6 @@ description: > The user fields describe information about the function as a service (FaaS) that is relevant to the event. - beta: > - These fields are in beta and are subject to change. type: group fields: - name: name diff --git a/schemas/host.yml b/schemas/host.yml index 9b7373ad1e..3c416db7db 100644 --- a/schemas/host.yml +++ b/schemas/host.yml @@ -186,7 +186,6 @@ type: keyword short: Linux boot uuid taken from /proc/sys/kernel/random/boot_id example: 88a1f0ed-5ae5-41ee-af6b-41921c311872 - beta: This field is beta and subject to change. description: > Linux boot uuid taken from /proc/sys/kernel/random/boot_id. Note the boot_id value from /proc may or may not be the same in containers as on the host. Some container runtimes will bind mount a new boot_id value onto the proc file in each container. @@ -195,6 +194,5 @@ type: keyword short: Pid namespace inode example: 256383 - beta: This field is beta and subject to change. description: > This is the inode number of the namespace in the namespace file system (nsfs). Unsigned int inum in include/linux/ns_common.h. diff --git a/schemas/volume.yml b/schemas/volume.yml index f2e6dadfa1..557c9053bc 100644 --- a/schemas/volume.yml +++ b/schemas/volume.yml @@ -20,8 +20,6 @@ group: 2 description: > Fields related to storage volume details. - beta: > - These fields are beta and are subject to change. type: group fields: - name: mount_name From 11ad80327ad1235efb061d1cbb631cc8578e0a51 Mon Sep 17 00:00:00 2001 From: Michael Wolf Date: Thu, 5 Dec 2024 18:17:33 -0800 Subject: [PATCH 2/3] Update CHANGELOG --- CHANGELOG.next.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index b46ee2c925..5de7c0a0b5 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -18,6 +18,7 @@ Thanks, you're awesome :-) --> #### Improvements +* Promote beta fields to GA. #2411 * Define base encoding of `x509.serial_number`. #2383 * Restrict the encoding of `x509.serial_number` to base 16. #2398 From dcb08067abd178256c655fef22ccf439fef610e1 Mon Sep 17 00:00:00 2001 From: Michael Wolf Date: Tue, 4 Feb 2025 10:47:08 -0800 Subject: [PATCH 3/3] Update otel docs --- docs/opentelemetry/otel-fields-mapping.asciidoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/opentelemetry/otel-fields-mapping.asciidoc b/docs/opentelemetry/otel-fields-mapping.asciidoc index e871993a42..4e6d5f047a 100644 --- a/docs/opentelemetry/otel-fields-mapping.asciidoc +++ b/docs/opentelemetry/otel-fields-mapping.asciidoc @@ -540,7 +540,7 @@ Note: The `body` in OTLP is of type `Any` and can be either an unstructured log .1+| [[otel-mapping-for-faas-coldstart]] -<> [beta] +<> @@ -554,7 +554,7 @@ Note: The `body` in OTLP is of type `Any` and can be either an unstructured log // =============================================================== .1+| [[otel-mapping-for-faas-execution]] -<> [beta] +<> @@ -568,7 +568,7 @@ Note: The `body` in OTLP is of type `Any` and can be either an unstructured log // =============================================================== .1+| [[otel-mapping-for-faas-name]] -<> [beta] +<> @@ -582,7 +582,7 @@ Note: The `body` in OTLP is of type `Any` and can be either an unstructured log // =============================================================== .1+| [[otel-mapping-for-faas-trigger-type]] -<> [beta] +<> @@ -596,7 +596,7 @@ Note: The `body` in OTLP is of type `Any` and can be either an unstructured log // =============================================================== .1+| [[otel-mapping-for-faas-version]] -<> [beta] +<>