Add additional mappings for fleet-server logs (#7096)

* Add additional mappings for fleet-server logs

* Add CHANGELOG and update version

* use ECS attributes

packages/elastic_agent/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.9.0"
+  changes:
+    - description: Add fleet-server attributes to log.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/7096
 - version: "1.8.0"
   changes:
     - description: Added new Health dashboards for Input Metrics

packages/elastic_agent/data_stream/elastic_agent_logs/fields/fields.yml

@@ -51,6 +51,9 @@
       type: keyword
       ignore_above: 1024
       description: Previous component health
+    - name: dataset
+      type: keyword
+      ignore_above: 1024
 - name: unit
   type: group
   description: Agent unit that the log message is about, only available on Elastic Agent 8.6.0+

packages/elastic_agent/data_stream/fleet_server_logs/fields/ecs.yml

@@ -14,3 +14,19 @@
   external: ecs
 - name: log.level
   external: ecs
+- name: error.message
+  external: ecs
+- name: http.request.id
+  external: ecs
+- name: http.request.body.bytes
+  external: ecs
+- name: http.request.method
+  external: ecs
+- name: http.response.status_code
+  external: ecs
+- name: http.response.body.bytes
+  external: ecs
+- name: http.version
+  external: ecs
+- name: url.full
+  external: ecs

packages/elastic_agent/data_stream/fleet_server_logs/fields/fields.yml

@@ -26,3 +26,27 @@
       ignore_above: 1024
       description: Elastic agent version.
       example: 7.11.0
+- name: policy_id
+  type: keyword
+  ignore_above: 1024
+  description: The policy ID fleet-server is operating on when starting a monitor or similar internal workflow.
+- name: fleet
+  title: Fleet Server
+  description: Fleet server annotations.
+  type: group
+  fields:
+    - name: access.apikey.id
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: The API key used when a fleet endpoint is accessed.
+    - name: agent.id
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: The ID of the agent interacting with a fleet endpoint.
+    - name: policy.id
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: The ID of the policy being used in a request to a fleet endpoint.

packages/elastic_agent/manifest.yml

@@ -1,6 +1,6 @@
 name: elastic_agent
 title: Elastic Agent
-version: 1.8.0
+version: 1.9.0
 description: Collect logs and metrics from Elastic Agents.
 type: integration
 format_version: 1.0.0