update changelog, fix id in ecs.yml

elastic · Aug 11, 2021 · 97e6122 · 97e6122
1 parent df4c627
commit 97e6122
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 13 deletions.
diff --git a/packages/netflow/changelog.yml b/packages/netflow/changelog.yml
@@ -3,7 +3,7 @@
   changes:
     - description: Convert to generated ECS fields
       type: enhancement
-      link: https://github.com/elastic/integrations/pull/XXXXXXXXXX
+      link: https://github.com/elastic/integrations/pull/1489
 - version: '1.1.2'
   changes:
     - description: update to ECS 1.11.0

diff --git a/packages/netflow/data_stream/log/fields/ecs.yml b/packages/netflow/data_stream/log/fields/ecs.yml
@@ -32,10 +32,9 @@
   name: client.geo.country_iso_code
 - external: ecs
   name: client.geo.country_name
-- &id001
-  description: Longitude and latitude.
+- description: Longitude and latitude.
   level: core
-  name: source.geo.location
+  name: client.geo.location
   type: geo_point
 - external: ecs
   name: client.geo.name
@@ -121,7 +120,10 @@
   name: destination.geo.country_iso_code
 - external: ecs
   name: destination.geo.country_name
-- *id001
+- description: Longitude and latitude.
+  level: core
+  name: destination.geo.location
+  type: geo_point
 - external: ecs
   name: destination.geo.name
 - external: ecs
@@ -302,7 +304,10 @@
   name: geo.country_iso_code
 - external: ecs
   name: geo.country_name
-- *id001
+- description: Longitude and latitude.
+  level: core
+  name: geo.location
+  type: geo_point
 - external: ecs
   name: geo.name
 - external: ecs
@@ -333,7 +338,10 @@
   name: host.geo.country_iso_code
 - external: ecs
   name: host.geo.country_name
-- *id001
+- description: Longitude and latitude.
+  level: core
+  name: host.geo.location
+  type: geo_point
 - external: ecs
   name: host.geo.name
 - external: ecs
@@ -462,7 +470,10 @@
   name: observer.geo.country_iso_code
 - external: ecs
   name: observer.geo.country_name
-- *id001
+- description: Longitude and latitude.
+  level: core
+  name: observer.geo.location
+  type: geo_point
 - external: ecs
   name: observer.geo.name
 - external: ecs
@@ -587,7 +598,10 @@
   name: server.geo.country_iso_code
 - external: ecs
   name: server.geo.country_name
-- *id001
+- description: Longitude and latitude.
+  level: core
+  name: server.geo.location
+  type: geo_point
 - external: ecs
   name: server.geo.name
 - external: ecs
@@ -660,7 +674,10 @@
   name: source.geo.country_iso_code
 - external: ecs
   name: source.geo.country_name
-- *id001
+- description: Longitude and latitude.
+  level: core
+  name: source.geo.location
+  type: geo_point
 - external: ecs
   name: source.geo.name
 - external: ecs

diff --git a/packages/netflow/docs/README.md b/packages/netflow/docs/README.md
@@ -20,7 +20,7 @@ The `log` dataset collects netflow logs.
 
 | Field | Description | Type |
 |---|---|---|
-| @timestamp | Event timestamp. | date |
+| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date |
 | agent.ephemeral_id | Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not. | keyword |
 | agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword |
 | agent.name | Custom name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty. | keyword |
@@ -37,6 +37,7 @@ The `log` dataset collects netflow logs.
 | client.geo.continent_name | Name of the continent. | keyword |
 | client.geo.country_iso_code | Country ISO code. | keyword |
 | client.geo.country_name | Country name. | keyword |
+| client.geo.location | Longitude and latitude. | geo_point |
 | client.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword |
 | client.geo.region_iso_code | Region ISO code. | keyword |
 | client.geo.region_name | Region name. | keyword |
@@ -65,7 +66,7 @@ The `log` dataset collects netflow logs.
 | cloud.machine.type | Machine type of the host machine. | keyword |
 | cloud.project.id | Name of the project in Google Cloud. | keyword |
 | cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword |
-| cloud.region | Region in which this host, resource, or service is located. | keyword |
+| cloud.region | Region in which this host is running. | keyword |
 | container.id | Unique container id. | keyword |
 | container.image.name | Name of the image the container was built on. | keyword |
 | container.image.tag | Container image tags. | keyword |
@@ -84,6 +85,7 @@ The `log` dataset collects netflow logs.
 | destination.geo.continent_name | Name of the continent. | keyword |
 | destination.geo.country_iso_code | Country ISO code. | keyword |
 | destination.geo.country_name | Country name. | keyword |
+| destination.geo.location | Longitude and latitude. | geo_point |
 | destination.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword |
 | destination.geo.region_iso_code | Region ISO code. | keyword |
 | destination.geo.region_name | Region name. | keyword |
@@ -179,6 +181,7 @@ The `log` dataset collects netflow logs.
 | geo.continent_name | Name of the continent. | keyword |
 | geo.country_iso_code | Country ISO code. | keyword |
 | geo.country_name | Country name. | keyword |
+| geo.location | Longitude and latitude. | geo_point |
 | geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword |
 | geo.region_iso_code | Region ISO code. | keyword |
 | geo.region_name | Region name. | keyword |
@@ -196,13 +199,14 @@ The `log` dataset collects netflow logs.
 | host.geo.continent_name | Name of the continent. | keyword |
 | host.geo.country_iso_code | Country ISO code. | keyword |
 | host.geo.country_name | Country name. | keyword |
+| host.geo.location | Longitude and latitude. | geo_point |
 | host.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword |
 | host.geo.region_iso_code | Region ISO code. | keyword |
 | host.geo.region_name | Region name. | keyword |
 | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword |
 | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword |
 | host.ip | Host ip addresses. | ip |
-| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword |
+| host.mac | Host mac addresses. | keyword |
 | host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword |
 | host.os.build | OS build information. | keyword |
 | host.os.codename | OS codename, if any. | keyword |
@@ -1585,6 +1589,7 @@ The `log` dataset collects netflow logs.
 | observer.geo.continent_name | Name of the continent. | keyword |
 | observer.geo.country_iso_code | Country ISO code. | keyword |
 | observer.geo.country_name | Country name. | keyword |
+| observer.geo.location | Longitude and latitude. | geo_point |
 | observer.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword |
 | observer.geo.region_iso_code | Region ISO code. | keyword |
 | observer.geo.region_name | Region name. | keyword |
@@ -1647,6 +1652,7 @@ The `log` dataset collects netflow logs.
 | server.geo.continent_name | Name of the continent. | keyword |
 | server.geo.country_iso_code | Country ISO code. | keyword |
 | server.geo.country_name | Country name. | keyword |
+| server.geo.location | Longitude and latitude. | geo_point |
 | server.geo.name | User-defined description of a location, at the level of granularity they care about. Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. Not typically used in automated geolocation. | keyword |
 | server.geo.region_iso_code | Region ISO code. | keyword |
 | server.geo.region_name | Region name. | keyword |