update ecs, add fields and screenshot

elastic · Feb 4, 2021 · 16d3dd5 · 16d3dd5
1 parent 6cadb56
commit 16d3dd5
Show file tree

Hide file tree

Showing 22 changed files with 1,266 additions and 1 deletion.
diff --git a/packages/docker/_dev/build/docs/README.md b/packages/docker/_dev/build/docs/README.md
@@ -39,24 +39,32 @@ running Docker containers.
 
 {{fields "container"}}
 
+{{event "container"}}
+
 ### CPU 
 
 The Docker `cpu` data stream collects runtime CPU metrics.
 
 {{fields "cpu"}}
 
+{{event "cpu"}}
+
 ### Diskio
 
 The Docker `diskio` data stream collects disk I/O metrics.
 
 {{fields "diskio"}}
 
+{{event "diskio"}}
+
 ### Event
 
 The Docker `event` data stream collects docker events
 
 {{fields "event"}}
 
+{{event "event"}}
+
 ### Healthcheck
 
 The Docker `healthcheck` data stream collects healthcheck status metrics about
@@ -67,28 +75,38 @@ docker `HEALTHCHECK` instruction has been used to build the docker image.
 
 {{fields "healthcheck"}}
 
+{{event "healthcheck"}}
+
 ### Image
 
 The Docker `image` data stream collects metrics on docker images
 
 {{fields "image"}}
 
+{{event "image"}}
+
 ### Info 
 
 The Docker `info` data stream collects system-wide information based on the
 https://docs.docker.com/engine/reference/api/docker_remote_api_v1.24/#/display-system-wide-information[Docker Remote API].
 
 {{fields "info"}}
 
+{{event "info"}}
+
 ### Memory
 
 The Docker `memory` data stream collects memory metrics from docker.
 
 {{fields "memory"}}
 
+{{event "memory"}}
+
 
 ### Network
 
 The Docker `network` data stream collects network metrics.
 
-{{fields "network"}}
+{{fields "network"}}
+
+{{event "network"}}
diff --git a/packages/docker/data_stream/container/fields/ecs.yml b/packages/docker/data_stream/container/fields/ecs.yml
@@ -1,3 +1,12 @@
+- description: Unique container id.
+  name: container.id
+  type: keyword
+- description: Container name.
+  name: container.name
+  type: keyword
+- description: Container runtime.
+  name: container.runtime
+  type: keyword
 - name: host
   title: Host
   group: 2

diff --git a/packages/docker/data_stream/container/sample_event.json b/packages/docker/data_stream/container/sample_event.json
@@ -0,0 +1,59 @@
+{
+    "@timestamp": "2017-10-12T08:05:34.853Z",
+    "agent": {
+        "hostname": "host.example.com",
+        "name": "host.example.com"
+    },
+    "container": {
+        "id": "cc78e58acfda4501105dc4de8e3ae218f2da616213e6e3af168c40103829302a",
+        "image": {
+            "name": "metricbeat_elasticsearch"
+        },
+        "name": "metricbeat_elasticsearch_1_df866b3a7b3d",
+        "runtime": "docker"
+    },
+    "docker": {
+        "container": {
+            "command": "/usr/local/bin/docker-entrypoint.sh eswrapper",
+            "created": "2019-02-25T10:18:10.000Z",
+            "ip_addresses": [
+                "172.23.0.2"
+            ],
+            "labels": {
+                "com_docker_compose_config-hash": "e3e0a2c6e5d1afb741bc8b1ecb09cda0395886b7a3e5084a9fd110be46d70f78",
+                "com_docker_compose_container-number": "1",
+                "com_docker_compose_oneoff": "False",
+                "com_docker_compose_project": "metricbeat",
+                "com_docker_compose_service": "elasticsearch",
+                "com_docker_compose_slug": "df866b3a7b3d50c0802350cbe58ee5b34fa32b7f6ba7fe9e48cde2c12dd0201d",
+                "com_docker_compose_version": "1.23.1",
+                "license": "Elastic License",
+                "org_label-schema_build-date": "20181006",
+                "org_label-schema_license": "GPLv2",
+                "org_label-schema_name": "elasticsearch",
+                "org_label-schema_schema-version": "1.0",
+                "org_label-schema_url": "https://www.elastic.co/products/elasticsearch",
+                "org_label-schema_vcs-url": "https://github.com/elastic/elasticsearch-docker",
+                "org_label-schema_vendor": "Elastic",
+                "org_label-schema_version": "6.5.1"
+            },
+            "size": {
+                "root_fs": 0,
+                "rw": 0
+            },
+            "status": "Up 7 minutes (healthy)"
+        }
+    },
+    "event": {
+        "dataset": "docker.container",
+        "duration": 115000,
+        "module": "docker"
+    },
+    "metricset": {
+        "name": "container"
+    },
+    "service": {
+        "address": "/var/run/docker.sock",
+        "type": "docker"
+    }
+}
diff --git a/packages/docker/data_stream/cpu/fields/ecs.yml b/packages/docker/data_stream/cpu/fields/ecs.yml
@@ -1,3 +1,12 @@
+- description: Unique container id.
+  name: container.id
+  type: keyword
+- description: Container name.
+  name: container.name
+  type: keyword
+- description: Container runtime.
+  name: container.runtime
+  type: keyword
 - name: host
   title: Host
   group: 2

diff --git a/packages/docker/data_stream/cpu/sample_event.json b/packages/docker/data_stream/cpu/sample_event.json
@@ -0,0 +1,122 @@
+{
+    "@timestamp": "2017-10-12T08:05:34.853Z",
+    "container": {
+        "id": "7f3ca1f1b2b310362e90f700d2b2e52ebd46ef6ddf10c0704f22b25686c466ab",
+        "image": {
+            "name": "metricbeat_beat"
+        },
+        "name": "metricbeat_beat_run_8ba23fa682a6",
+        "runtime": "docker"
+    },
+    "docker": {
+        "container": {
+            "labels": {
+                "com_docker_compose_oneoff": "True",
+                "com_docker_compose_project": "metricbeat",
+                "com_docker_compose_service": "beat",
+                "com_docker_compose_slug": "8ba23fa682a68e2dc082536da22f59eb2d200b3534909fe934807dd5d847424",
+                "com_docker_compose_version": "1.24.1"
+            }
+        },
+        "cpu": {
+            "core": {
+                "0": {
+                    "norm": {
+                        "pct": 0.00105707400990099
+                    },
+                    "pct": 0.00845659207920792,
+                    "ticks": 7410396430
+                },
+                "1": {
+                    "norm": {
+                        "pct": 0.004389216831683168
+                    },
+                    "pct": 0.035113734653465345,
+                    "ticks": 7079258391
+                },
+                "2": {
+                    "norm": {
+                        "pct": 0.003178435024752475
+                    },
+                    "pct": 0.0254274801980198,
+                    "ticks": 7140978706
+                },
+                "3": {
+                    "norm": {
+                        "pct": 0.0033261257425742574
+                    },
+                    "pct": 0.02660900594059406,
+                    "ticks": 7705738146
+                },
+                "4": {
+                    "norm": {
+                        "pct": 0.0016827236386138613
+                    },
+                    "pct": 0.01346178910891089,
+                    "ticks": 8131054429
+                },
+                "5": {
+                    "norm": {
+                        "pct": 0.000781541707920792
+                    },
+                    "pct": 0.006252333663366336,
+                    "ticks": 7213899699
+                },
+                "6": {
+                    "norm": {
+                        "pct": 0.0005364748762376238
+                    },
+                    "pct": 0.00429179900990099,
+                    "ticks": 7961016581
+                },
+                "7": {
+                    "norm": {
+                        "pct": 0.0005079449257425743
+                    },
+                    "pct": 0.004063559405940594,
+                    "ticks": 7946529895
+                }
+            },
+            "kernel": {
+                "norm": {
+                    "pct": 0.007425742574257425
+                },
+                "pct": 0.0594059405940594,
+                "ticks": 26810000000
+            },
+            "system": {
+                "norm": {
+                    "pct": 1
+                },
+                "pct": 8,
+                "ticks": 65836400000000
+            },
+            "total": {
+                "norm": {
+                    "pct": 0.015459536757425743
+                },
+                "pct": 0.12367629405940594
+            },
+            "user": {
+                "norm": {
+                    "pct": 0.006188118811881188
+                },
+                "pct": 0.04950495049504951,
+                "ticks": 35720000000
+            }
+        }
+    },
+    "event": {
+        "dataset": "docker.cpu",
+        "duration": 115000,
+        "module": "docker"
+    },
+    "metricset": {
+        "name": "cpu",
+        "period": 10000
+    },
+    "service": {
+        "address": "/var/run/docker.sock",
+        "type": "docker"
+    }
+}
diff --git a/packages/docker/data_stream/diskio/fields/ecs.yml b/packages/docker/data_stream/diskio/fields/ecs.yml
@@ -1,3 +1,12 @@
+- description: Unique container id.
+  name: container.id
+  type: keyword
+- description: Container name.
+  name: container.name
+  type: keyword
+- description: Container runtime.
+  name: container.runtime
+  type: keyword
 - name: host
   title: Host
   group: 2

diff --git a/packages/docker/data_stream/diskio/sample_event.json b/packages/docker/data_stream/diskio/sample_event.json
@@ -0,0 +1,55 @@
+{
+    "@timestamp": "2017-10-12T08:05:34.853Z",
+    "container": {
+        "id": "8abaa1f3514d3554503034a1df6ee09457f328757bbc9555245244ee853c0b44",
+        "image": {
+            "name": "zookeeper"
+        },
+        "name": "some-zookeeper",
+        "runtime": "docker"
+    },
+    "docker": {
+        "diskio": {
+            "read": {
+                "bytes": 42409984,
+                "ops": 1823,
+                "queued": 0,
+                "rate": 0,
+                "service_time": 0,
+                "wait_time": 0
+            },
+            "reads": 0,
+            "summary": {
+                "bytes": 42414080,
+                "ops": 1824,
+                "queued": 0,
+                "rate": 0,
+                "service_time": 0,
+                "wait_time": 0
+            },
+            "total": 0,
+            "write": {
+                "bytes": 4096,
+                "ops": 1,
+                "queued": 0,
+                "rate": 0,
+                "service_time": 0,
+                "wait_time": 0
+            },
+            "writes": 0
+        }
+    },
+    "event": {
+        "dataset": "docker.diskio",
+        "duration": 115000,
+        "module": "docker"
+    },
+    "metricset": {
+        "name": "diskio",
+        "period": 10000
+    },
+    "service": {
+        "address": "/var/run/docker.sock",
+        "type": "docker"
+    }
+}
diff --git a/packages/docker/data_stream/event/fields/ecs.yml b/packages/docker/data_stream/event/fields/ecs.yml
@@ -1,3 +1,12 @@
+- description: Unique container id.
+  name: container.id
+  type: keyword
+- description: Container name.
+  name: container.name
+  type: keyword
+- description: Container runtime.
+  name: container.runtime
+  type: keyword
 - name: host
   title: Host
   group: 2

diff --git a/packages/docker/data_stream/event/sample_event.json b/packages/docker/data_stream/event/sample_event.json
@@ -0,0 +1,29 @@
+{
+    "@timestamp": "2017-10-12T08:05:34.853Z",
+    "agent": {
+        "hostname": "host.example.com",
+        "name": "host.example.com"
+    },
+    "docker": {
+        "event": {
+            "action": "pull",
+            "actor": {
+                "attributes": {
+                    "name": "busybox"
+                },
+                "id": "busybox:latest"
+            },
+            "from": "",
+            "id": "busybox:latest",
+            "status": "pull",
+            "type": "image"
+        }
+    },
+    "event": {
+        "dataset": "event",
+        "module": "docker"
+    },
+    "service": {
+        "type": "docker"
+    }
+}