Merge branch 'main' of github.com:tehbooom/integrations

.buildkite/scripts/backport_branch.sh

@@ -164,15 +164,15 @@ if branchExist "$BACKPORT_BRANCH_NAME"; then
 fi
 
 # backport branch does not exist, running checks and create branch
-echo "Check the entered version and PACKAGE_VERSION are equal"
-version="$(cat packages/${PACKAGE_NAME}/manifest.yml | yq -r .version)"
+version="$(git show "${BASE_COMMIT}":"packages/${PACKAGE_NAME}/manifest.yml" | yq -r .version)"
+echo "Check if version from ${BASE_COMMIT} (${version}) matches with version from input step ${PACKAGE_VERSION}"
 if [[ "${version}" != "${PACKAGE_VERSION}" ]]; then
   buildkite-agent annotate "Unexpected version found in packages/${PACKAGE_NAME}/manifest.yml" --style "error"
   exit 1
 fi
 
 echo "Check that this changeset is the one creating the version $PACKAGE_NAME"
-if ! git show -p ${BASE_COMMIT} packages/${PACKAGE_NAME}/manifest.yml | grep -E "^\+version: ${PACKAGE_VERSION}" ; then
+if ! git show -p ${BASE_COMMIT} packages/${PACKAGE_NAME}/manifest.yml | grep -E "^\+version: \"{0,1}${PACKAGE_VERSION}" ; then
   buildkite-agent annotate "This changeset does not creates the version ${PACKAGE_VERSION}" --style "error"
   exit 1
 fi

.github/CODEOWNERS

@@ -315,6 +315,7 @@
 /packages/ti_crowdstrike @elastic/security-service-integrations
 /packages/ti_cybersixgill @elastic/security-service-integrations
 /packages/ti_eclecticiq @elastic/security-service-integrations
+/packages/ti_eset @elastic/security-service-integrations
 /packages/ti_maltiverse @elastic/security-service-integrations
 /packages/ti_mandiant_advantage @elastic/security-service-integrations
 /packages/ti_misp @elastic/security-service-integrations

dev/codeowners/codeowners.go

@@ -8,12 +8,10 @@ import (
 	"bufio"
 	"fmt"
 	"io/fs"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
 
-	"github.com/pkg/errors"
 	"gopkg.in/yaml.v2"
 )
 
@@ -51,7 +49,7 @@ type githubOwners struct {
 func readGithubOwners(codeownersPath string) (*githubOwners, error) {
 	f, err := os.Open(codeownersPath)
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to open %q", codeownersPath)
+		return nil, fmt.Errorf("failed to open %q: %w", codeownersPath, err)
 	}
 	defer f.Close()
 
@@ -82,7 +80,7 @@ func readGithubOwners(codeownersPath string) (*githubOwners, error) {
 		codeowners.owners[path] = owners
 	}
 	if err := scanner.Err(); err != nil {
-		return nil, errors.Wrapf(err, "scanner error")
+		return nil, fmt.Errorf("scanner error: %w", err)
 	}
 
 	return &codeowners, nil
@@ -128,7 +126,7 @@ func (codeowners *githubOwners) checkManifest(path string) error {
 		return fmt.Errorf("there is no owner for %q in %q", pkgDir, codeowners.path)
 	}
 
-	content, err := ioutil.ReadFile(path)
+	content, err := os.ReadFile(path)
 	if err != nil {
 		return err
 	}

docs/generic_guidelines.md

@@ -18,6 +18,21 @@ Starting with ECS 1.6, ECS is going to start using Basic types for some fields.
 
 All fields produced by an integration must be mapped by `fields.yml`. This guarantees that their index mapping is correct, and Kibana has enough info to deal with all fields.
 
+##### Field limits
+
+By default, data streams will have a `total_fields.limit` setting of 1000. Besides defined custom fields, this also includes dynamically generated ECS fields. If your data stream is expected to eventually house more than 1000 fields, set an explicit limit in the `manifest.yml` of the data stream:
+```yaml
+elasticsearch:
+  index_template:
+    settings:
+      index:
+        mapping:
+          total_fields:
+            limit: 5000
+```
+
+Note: For backwards compatibility, the limit is automatically bumped to 10000 fields if there are more than 500 fields explicitly defined for a data stream, however newly created integrations should not rely on this behavior but instead assume a fixed limit of 1000 fields.
+
 ##### Specify metric types and units
 
 As part of the field definition, there are two settings that add metadata which will help Kibana graphing it:

go.mod

@@ -4,7 +4,7 @@ go 1.21.0
 
 require (
 	github.com/blang/semver v3.5.1+incompatible
-	github.com/elastic/elastic-package v0.98.2
+	github.com/elastic/elastic-package v0.99.0
 	github.com/elastic/go-licenser v0.4.1
 	github.com/elastic/package-registry v1.23.1
 	github.com/magefile/mage v1.15.0
@@ -50,11 +50,11 @@ require (
 	github.com/elastic/go-elasticsearch/v7 v7.17.10 // indirect
 	github.com/elastic/go-resource v0.1.1 // indirect
 	github.com/elastic/go-sysinfo v1.9.0 // indirect
-	github.com/elastic/go-ucfg v0.8.6 // indirect
+	github.com/elastic/go-ucfg v0.8.8 // indirect
 	github.com/elastic/go-windows v1.0.1 // indirect
 	github.com/elastic/gojsonschema v1.2.1 // indirect
 	github.com/elastic/kbncontent v0.1.3 // indirect
-	github.com/elastic/package-spec/v3 v3.1.2 // indirect
+	github.com/elastic/package-spec/v3 v3.1.3 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
@@ -73,7 +73,7 @@ require (
 	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
@@ -190,13 +190,13 @@ require (
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	helm.sh/helm/v3 v3.14.2 // indirect
+	helm.sh/helm/v3 v3.14.3 // indirect
 	howett.net/plist v1.0.0 // indirect
-	k8s.io/api v0.29.2 // indirect
+	k8s.io/api v0.29.3 // indirect
 	k8s.io/apiextensions-apiserver v0.29.0 // indirect
-	k8s.io/apimachinery v0.29.2 // indirect
-	k8s.io/cli-runtime v0.29.2 // indirect
-	k8s.io/client-go v0.29.2 // indirect
+	k8s.io/apimachinery v0.29.3 // indirect
+	k8s.io/cli-runtime v0.29.3 // indirect
+	k8s.io/client-go v0.29.3 // indirect
 	k8s.io/component-base v0.29.0 // indirect
 	k8s.io/klog/v2 v2.110.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect

go.sum

@@ -97,8 +97,8 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/elastic/elastic-integration-corpus-generator-tool v0.10.0 h1:sx1lpZuTG5suJuvgix4FWQFCLFFbzkoOmPoHWYOPLCY=
 github.com/elastic/elastic-integration-corpus-generator-tool v0.10.0/go.mod h1:2/30n+2QRzRzus4TPVUV1T3U/j8g2ItUgvP0pcpjLGk=
-github.com/elastic/elastic-package v0.98.2 h1:/IXy/Ql5m2qYGMTruGSyDrZa3oW8f7D9fz8CYGi4sqY=
-github.com/elastic/elastic-package v0.98.2/go.mod h1:O1ERev5BK6C7MvNnoYqghmxrOByEqnbxaZ/GkfwERX4=
+github.com/elastic/elastic-package v0.99.0 h1:VkZM/OqISPt9S6QQFRUiEONmqHIaSJM2yl9uETddF+A=
+github.com/elastic/elastic-package v0.99.0/go.mod h1:JTVHETbekKMbqy8kedyzZ58qextRKFYJgGrRZkNct4Y=
 github.com/elastic/go-elasticsearch/v7 v7.17.10 h1:TCQ8i4PmIJuBunvBS6bwT2ybzVFxxUhhltAs3Gyu1yo=
 github.com/elastic/go-elasticsearch/v7 v7.17.10/go.mod h1:OJ4wdbtDNk5g503kvlHLyErCgQwwzmDtaFC4XyOxXA4=
 github.com/elastic/go-licenser v0.4.1 h1:1xDURsc8pL5zYT9R29425J3vkHdt4RT5TNEMeRN48x4=
@@ -107,8 +107,8 @@ github.com/elastic/go-resource v0.1.1 h1:vM173uhPoaZ7C64rKrYbbBn5kxOhstE1+YcGFte
 github.com/elastic/go-resource v0.1.1/go.mod h1:7F1Wjs6eSFX0i/235yAK/x9bvPNd9/ML92AiULa4XYA=
 github.com/elastic/go-sysinfo v1.9.0 h1:usICqY/Nw4Mpn9f4LdtpFrKxXroJDe81GaxxUlCckIo=
 github.com/elastic/go-sysinfo v1.9.0/go.mod h1:eBD1wEGVaRnRLGecc9iG1z8eOv5HnEdz9+nWd8UAxcE=
-github.com/elastic/go-ucfg v0.8.6 h1:stUeyh2goTgGX+/wb9gzKvTv0YB0231LTpKUgCKj4U0=
-github.com/elastic/go-ucfg v0.8.6/go.mod h1:4E8mPOLSUV9hQ7sgLEJ4bvt0KhMuDJa8joDT2QGAEKA=
+github.com/elastic/go-ucfg v0.8.8 h1:54KIF/2zFKfl0MzsSOCGOsZ3O2bnjFQJ0nDJcLhviyk=
+github.com/elastic/go-ucfg v0.8.8/go.mod h1:4E8mPOLSUV9hQ7sgLEJ4bvt0KhMuDJa8joDT2QGAEKA=
 github.com/elastic/go-windows v1.0.1 h1:AlYZOldA+UJ0/2nBuqWdo90GFCgG9xuyw9SYzGUtJm0=
 github.com/elastic/go-windows v1.0.1/go.mod h1:FoVvqWSun28vaDQPbj2Elfc0JahhPB7WQEGa3c814Ss=
 github.com/elastic/gojsonschema v1.2.1 h1:cUMbgsz0wyEB4x7xf3zUEvUVDl6WCz2RKcQPul8OsQc=
@@ -117,8 +117,8 @@ github.com/elastic/kbncontent v0.1.3 h1:qT0RkshRhiAgH51dDD983tJloeLLMCYE/qlRRtn3
 github.com/elastic/kbncontent v0.1.3/go.mod h1:kOPREITK9gSJsiw/WKe7QWSO+PRiZMyEFQCw+CMLAHI=
 github.com/elastic/package-registry v1.23.1 h1:C/I8CywYFQ03uTZxuMv4bwBgObPvBGR6EHwpii9uBXM=
 github.com/elastic/package-registry v1.23.1/go.mod h1:ziasnbxTVcUtBXE0dfGZmDeDB0neB33NX5/lwavafmQ=
-github.com/elastic/package-spec/v3 v3.1.2 h1:lDiMH/mMmeoDeNqetxOmLSDamIQltImId3bK4Ax9NEw=
-github.com/elastic/package-spec/v3 v3.1.2/go.mod h1:AV4bFhfYQfYiCF6IoUsjFmNHxawb3SSIDGeFQ5dzYM8=
+github.com/elastic/package-spec/v3 v3.1.3 h1:MxFjUMdiFiTgSIsXppR7sv91BA7JTyr/HuUK6NeFiPI=
+github.com/elastic/package-spec/v3 v3.1.3/go.mod h1:GibfBsEvTOhQJA5kojOEXS+IIo49MPu6IgydhXSH1iY=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -182,8 +182,8 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
@@ -684,8 +684,8 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/dnaeon/go-vcr.v3 v3.1.2 h1:F1smfXBqQqwpVifDfUBQG6zzaGjzT+EnVZakrOdr5wA=
-gopkg.in/dnaeon/go-vcr.v3 v3.1.2/go.mod h1:2IMOnnlx9I6u9x+YBsM3tAMx6AlOxnJ0pWxQAzZ79Ag=
+gopkg.in/dnaeon/go-vcr.v3 v3.2.0 h1:Rltp0Vf+Aq0u4rQXgmXgtgoRDStTnFN83cWgSGSoRzM=
+gopkg.in/dnaeon/go-vcr.v3 v3.2.0/go.mod h1:2IMOnnlx9I6u9x+YBsM3tAMx6AlOxnJ0pWxQAzZ79Ag=
 gopkg.in/hjson/hjson-go.v3 v3.0.1/go.mod h1:X6zrTSVeImfwfZLfgQdInl9mWjqPqgH90jom9nym/lw=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
@@ -701,22 +701,22 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-helm.sh/helm/v3 v3.14.2 h1:V71fv+NGZv0icBlr+in1MJXuUIHCiPG1hW9gEBISTIA=
-helm.sh/helm/v3 v3.14.2/go.mod h1:2itvvDv2WSZXTllknfQo6j7u3VVgMAvm8POCDgYH424=
+helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4=
+helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=
 howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=
-k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A=
-k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0=
+k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw=
+k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80=
 k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0=
 k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc=
-k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8=
-k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU=
-k8s.io/cli-runtime v0.29.2 h1:smfsOcT4QujeghsNjECKN3lwyX9AwcFU0nvJ7sFN3ro=
-k8s.io/cli-runtime v0.29.2/go.mod h1:KLisYYfoqeNfO+MkTWvpqIyb1wpJmmFJhioA0xd4MW8=
-k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg=
-k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA=
+k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU=
+k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU=
+k8s.io/cli-runtime v0.29.3 h1:r68rephmmytoywkw2MyJ+CxjpasJDQY7AGc3XY2iv1k=
+k8s.io/cli-runtime v0.29.3/go.mod h1:aqVUsk86/RhaGJwDhHXH0jcdqBrgdF3bZWk4Z9D4mkM=
+k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg=
+k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0=
 k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s=
 k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M=
 k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=

packages/auditd_manager/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.16.3"
+  changes:
+    - description: capture root requirement
+      type: enhancement
+      link: https://github.com/elastic/integrations/issues/8647
 - version: "1.16.2"
   changes:
     - description: Changed owners

packages/auditd_manager/manifest.yml

@@ -1,7 +1,7 @@
 format_version: "3.0.0"
 name: auditd_manager
 title: "Auditd Manager"
-version: "1.16.2"
+version: "1.16.3"
 description: "The Auditd Manager Integration receives audit events from the Linux Audit Framework that is a part of the Linux kernel."
 type: integration
 categories:
@@ -36,6 +36,9 @@ policy_templates:
       - type: audit/auditd
         title: Collect auditd events
         description: Collecting auditd events
+agent:
+  privileges:
+    root: true
 owner:
   github: elastic/sec-linux-platform
   type: elastic

packages/aws/_dev/benchmark/rally/vpcflow-benchmark.yml

@@ -0,0 +1,14 @@
+---
+description: Benchmark 20000 aws.vpcflow events ingested
+data_stream:
+  name: vpcflow
+corpora:
+  generator:
+    total_events: 20000
+    template:
+      type: gotext
+      path: ./vpcflow-benchmark/template.ndjson
+    config:
+      path: ./vpcflow-benchmark/config.yml
+    fields:
+      path: ./vpcflow-benchmark/fields.yml

packages/aws/_dev/benchmark/rally/vpcflow-benchmark/config.yml

@@ -0,0 +1,59 @@
+fields:
+  - name: timestamp
+    period: -24h
+  - name: cloud_region
+    enum: ["ap-east-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "eu-central-1", "eu-north-1", "eu-west-1", "eu-west-2", "eu-west-3", "me-south-1", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2"]
+  - name: network_direction
+    enum: ["ingress", "egress"]
+  - name: duration_start
+    enum: ["-1h", "-2h", "-3h", "-4h"]
+  - name: duration_end
+    enum: ["-30m", "-20m", "-10m", "-40m"]
+  - name: long_num
+    range:
+      min: 100000000
+      max: 200000000
+  - name: aws_vpcflow_version
+    enum: ["2", "3", "5"]
+  - name: aws_vpcflow_account_id
+    range:
+      min: 100000000000
+      max: 300000000000
+  - name: aws_vpcflow_action
+    enum: ["ACCEPT", "REJECT"]
+  - name: log_status
+    enum: ["OK", "NODATA", "SKIPDATA"]
+  - name: aws_vpcflow_tcp_flags
+    enum: ["0", "1", "2", "3", "4", "18", "19"]
+  - name: aws_vpcflow_pkt_dst_service
+    enum: ["AMAZON", "AMAZON_APPFLOW", "AMAZON_CONNECT", "API_GATEWAY", "CHIME_MEETINGS", "CHIME_VOICECONNECTOR", "CLOUD9", "CLOUDFRONT", "CODEBUILD", "DYNAMODB", "EBS", "EC2", "EC2_INSTANCE_CONNECT", "GLOBALACCELERATOR", "KINESIS_VIDEO_STREAMS", "ROUTE53", "ROUTE53_HEALTHCHECKS", "ROUTE53_HEALTHCHECKS_PUBLISHING", "ROUTE53_RESOLVER", "S3", "WORKSPACES_GATEWAYS"]
+  - name: aws_vpcflow_pkt_src_service
+    enum: ["AMAZON", "AMAZON_APPFLOW", "AMAZON_CONNECT", "API_GATEWAY", "CHIME_MEETINGS", "CHIME_VOICECONNECTOR", "CLOUD9", "CLOUDFRONT", "CODEBUILD", "DYNAMODB", "EBS", "EC2", "EC2_INSTANCE_CONNECT", "GLOBALACCELERATOR", "KINESIS_VIDEO_STREAMS", "ROUTE53", "ROUTE53_HEALTHCHECKS", "ROUTE53_HEALTHCHECKS_PUBLISHING", "ROUTE53_RESOLVER", "S3", "WORKSPACES_GATEWAYS"]
+  - name: aws_vpcflow_traffic_path
+    range:
+      min: 1
+      max: 8
+  - name: aws_vpcflow_sublocation_type
+    enum: ["wavelength", "outpost", "localzone"]
+  - name: aws_vpcflow_srcport
+    range:
+      min: 0
+      max: 65535
+  - name: aws_vpcflow_dstport
+    range:
+      min: 0
+      max: 65535
+  - name: aws_vpcflow_protocol
+    enum: ["1", "2", "6", "17", "47", "58", "132"]
+  - name: aws_vpcflow_packets
+    range:
+      min: 0
+      max: 100
+  - name: aws_vpcflow_bytes
+    range:
+      min: 0
+      max: 10000
+  - name: bucket_num
+    range:
+      min: 63461
+      max: 63471

packages/aws/_dev/benchmark/rally/vpcflow-benchmark/fields.yml

@@ -0,0 +1,61 @@
+- name: timestamp
+  type: date
+- name: cloud_region
+  type: keyword
+- name: network_direction
+  type: keyword
+- name: aws_vpcflow_version
+  type: keyword
+- name: aws_vpcflow_account_id
+  type: long
+- name: aws_vpcflow_interface_id
+  type: keyword
+- name: aws_vpcflow_action
+  type: keyword
+- name: log_status
+  type: keyword
+- name: aws_vpcflow_pkt_srcaddr
+  type: ip
+- name: aws_vpcflow_pkt_dstaddr
+  type: ip
+- name: aws_vpcflow_vpc_id
+  type: keyword
+- name: long_num
+  type: long
+- name: aws_vpcflow_subnet_id
+  type: keyword
+- name: aws_vpcflow_tcp_flags
+  type: keyword
+- name: aws_vpcflow_pkt_dst_service
+  type: keyword
+- name: aws_vpcflow_pkt_src_service
+  type: keyword
+- name: aws_vpcflow_traffic_path
+  type: long
+- name: aws_vpcflow_sublocation_type
+  type: keyword
+- name: aws_vpcflow_sublocation_id
+  type: keyword
+- name: aws_vpcflow_srcaddr
+  type: ip
+- name: aws_vpcflow_dstaddr
+  type: ip
+- name: aws_vpcflow_srcport
+  type: long
+- name: aws_vpcflow_dstport
+  type: long
+- name: aws_vpcflow_protocol
+  type: keyword
+- name: aws_vpcflow_packets
+  type: long
+- name: aws_vpcflow_bytes
+  type: long
+- name: duration_start
+  type: keyword
+- name: duration_end
+  type: keyword
+- name: file_name
+  type: keyword
+  example: extra-samples
+- name: bucket_num
+  type: long