From 3aa857bc4c5b73584758d2e5b260b5c31b946e85 Mon Sep 17 00:00:00 2001 From: Michel Laterman <82832767+michel-laterman@users.noreply.github.com> Date: Tue, 25 Jul 2023 09:42:49 -0700 Subject: [PATCH] Add additional mappings for fleet-server logs (#7096) * Add additional mappings for fleet-server logs * Add CHANGELOG and update version * use ECS attributes --- packages/elastic_agent/changelog.yml | 5 ++++ .../elastic_agent_logs/fields/fields.yml | 3 +++ .../fleet_server_logs/fields/ecs.yml | 16 +++++++++++++ .../fleet_server_logs/fields/fields.yml | 24 +++++++++++++++++++ packages/elastic_agent/manifest.yml | 2 +- 5 files changed, 49 insertions(+), 1 deletion(-) diff --git a/packages/elastic_agent/changelog.yml b/packages/elastic_agent/changelog.yml index b68ac119c560..03aa308677e0 100644 --- a/packages/elastic_agent/changelog.yml +++ b/packages/elastic_agent/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.9.0" + changes: + - description: Add fleet-server attributes to log. + type: enhancement + link: https://github.com/elastic/integrations/pull/7096 - version: "1.8.0" changes: - description: Added new Health dashboards for Input Metrics diff --git a/packages/elastic_agent/data_stream/elastic_agent_logs/fields/fields.yml b/packages/elastic_agent/data_stream/elastic_agent_logs/fields/fields.yml index 4f90a16fc680..e31bc7911101 100644 --- a/packages/elastic_agent/data_stream/elastic_agent_logs/fields/fields.yml +++ b/packages/elastic_agent/data_stream/elastic_agent_logs/fields/fields.yml @@ -51,6 +51,9 @@ type: keyword ignore_above: 1024 description: Previous component health + - name: dataset + type: keyword + ignore_above: 1024 - name: unit type: group description: Agent unit that the log message is about, only available on Elastic Agent 8.6.0+ diff --git a/packages/elastic_agent/data_stream/fleet_server_logs/fields/ecs.yml b/packages/elastic_agent/data_stream/fleet_server_logs/fields/ecs.yml index 638b77e5c834..65802056c30e 100644 --- a/packages/elastic_agent/data_stream/fleet_server_logs/fields/ecs.yml +++ b/packages/elastic_agent/data_stream/fleet_server_logs/fields/ecs.yml @@ -14,3 +14,19 @@ external: ecs - name: log.level external: ecs +- name: error.message + external: ecs +- name: http.request.id + external: ecs +- name: http.request.body.bytes + external: ecs +- name: http.request.method + external: ecs +- name: http.response.status_code + external: ecs +- name: http.response.body.bytes + external: ecs +- name: http.version + external: ecs +- name: url.full + external: ecs diff --git a/packages/elastic_agent/data_stream/fleet_server_logs/fields/fields.yml b/packages/elastic_agent/data_stream/fleet_server_logs/fields/fields.yml index 24771ec5046e..5dad28b927c8 100644 --- a/packages/elastic_agent/data_stream/fleet_server_logs/fields/fields.yml +++ b/packages/elastic_agent/data_stream/fleet_server_logs/fields/fields.yml @@ -26,3 +26,27 @@ ignore_above: 1024 description: Elastic agent version. example: 7.11.0 +- name: policy_id + type: keyword + ignore_above: 1024 + description: The policy ID fleet-server is operating on when starting a monitor or similar internal workflow. +- name: fleet + title: Fleet Server + description: Fleet server annotations. + type: group + fields: + - name: access.apikey.id + level: extended + type: keyword + ignore_above: 1024 + description: The API key used when a fleet endpoint is accessed. + - name: agent.id + level: extended + type: keyword + ignore_above: 1024 + description: The ID of the agent interacting with a fleet endpoint. + - name: policy.id + level: extended + type: keyword + ignore_above: 1024 + description: The ID of the policy being used in a request to a fleet endpoint. diff --git a/packages/elastic_agent/manifest.yml b/packages/elastic_agent/manifest.yml index bd00002d53df..2f09f1a38b6b 100644 --- a/packages/elastic_agent/manifest.yml +++ b/packages/elastic_agent/manifest.yml @@ -1,6 +1,6 @@ name: elastic_agent title: Elastic Agent -version: 1.8.0 +version: 1.9.0 description: Collect logs and metrics from Elastic Agents. type: integration format_version: 1.0.0