elastic · ManojS-shetty · Oct 18, 2022 · Sep 14, 2022 · Sep 14, 2022 · Sep 27, 2022
@@ -1,3 +1,8 @@
+- version: "1.3.4"
+  changes:
+    - description: Added FQDN field for log datastream
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/4216
 - version: "1.3.3"
   changes:
     - description: Add username and password for the template file

@@ -25,6 +25,26 @@ processors:
 - append:
     field: event.category
     value: database
+- append:
+    field: related.user
+    value: "{{{ user.name }}}"
+    allow_duplicates: false
+    if: ctx.user?.name != null && ctx.user?.name != ''
+- append:
+    field: related.user
+    value: "{{{ user.effective.name }}}"
+    allow_duplicates: false
+    if: ctx.user?.effective?.name != null && ctx.user?.effective?.name != ''
+- append:
+    field: related.ip
+    value: "{{{ source.ip }}}"
+    allow_duplicates: false
+    if: ctx.source?.ip != null && ctx.source?.ip != ''
+- append:
+    field: related.hosts
+    value: "{{{ host.hostname }}}"
+    allow_duplicates: false
+    if: ctx.host?.hostname != null && ctx.host?.hostname != ''
 - remove:
     field:
     - first_char

@@ -14,3 +14,19 @@
   name: service.type
 - external: ecs
   name: tags
+- external: ecs
+  name: related.hosts
+- external: ecs
+  name: related.ip
+- external: ecs
+  name: related.user
+- external: ecs
+  name: user.effective.name
+- external: ecs
+  name: user.id
+- external: ecs
+  name: user.name
+- external: ecs
+  name: source.ip
+- external: ecs
+  name: source.port
@@ -1,39 +1,74 @@
 {
-    "container": {
-        "id": "mongodb"
-    },
+    "@timestamp": "2022-10-11T07:20:48.492Z",
     "agent": {
-        "name": "KaiyanMacBookPro",
-        "id": "8e0c8cfc-69bd-4f15-a2e0-7c6ed1f0963a",
-        "ephemeral_id": "a82d1c90-90b8-44e6-94ac-d0ca900b4948",
+        "ephemeral_id": "8a10a13f-0310-4d13-9c2c-7848808fb0de",
+        "hostname": "docker-fleet-agent",
+        "id": "457809df-3de0-4876-849b-e7c76232d35e",
+        "name": "docker-fleet-agent",
         "type": "filebeat",
-        "version": "8.0.0"
+        "version": "7.14.0"
     },
-    "log": {
-        "file": {
-            "path": "/usr/local/var/log/mongodb/mongo.log"
-        },
-        "level": "I"
+    "data_stream": {
+        "dataset": "mongodb.log",
+        "namespace": "ep",
+        "type": "logs"
     },
-    "message": "end connection 127.0.0.1:60764 (1 connection now open)",
-    "@timestamp": "2020-06-29T21:17:11.459Z",
     "ecs": {
-        "version": "1.5.0"
+        "version": "1.10.0"
+    },
+    "elastic_agent": {
+        "id": "457809df-3de0-4876-849b-e7c76232d35e",
+        "snapshot": false,
+        "version": "7.14.0"
     },
     "event": {
-        "created": "2020-06-29T21:17:12.442Z",
-        "kind": "event",
+        "agent_id_status": "verified",
         "category": [
             "database"
         ],
+        "created": "2022-10-11T07:21:05.094Z",
+        "dataset": "mongodb.log",
+        "ingested": "2022-10-11T07:21:08.625873096Z",
+        "kind": "event",
         "type": [
             "info"
         ]
     },
+    "host": {
+        "architecture": "aarch64",
+        "containerized": false,
+        "hostname": "docker-fleet-agent",
+        "id": "2347a1bd8a3945949da8ab5c29f60774",
+        "ip": [
+            "172.21.0.7"
+        ],
+        "mac": [
+            "02:42:ac:15:00:07"
+        ],
+        "name": "docker-fleet-agent",
+        "os": {
+            "codename": "AltArch",
+            "family": "redhat",
+            "kernel": "5.10.124-linuxkit",
+            "name": "CentOS Linux",
+            "platform": "centos",
+            "type": "linux",
+            "version": "7 (AltArch)"
+        }
+    },
+    "message": "***** SERVER RESTARTED *****",
     "mongodb": {
         "log": {
-            "component": "NETWORK",
-            "context": "conn2180"
+            "component": "CONTROL",
+            "context": "main"
         }
-    }
+    },
+    "related": {
+        "hosts": [
+            "docker-fleet-agent"
+        ]
+    },
+    "tags": [
+        "mongodb-logs"
+    ]
 }
@@ -92,9 +92,19 @@ The `log` dataset collects the MongoDB logs.
 | mongodb.log.component | Functional categorization of message | keyword |
 | mongodb.log.context | Context of message | keyword |
 | mongodb.log.id | Integer representing the unique identifier of the log statement | long |
+| related.hosts | All hostnames or other host identifiers seen on your event. Example identifiers include FQDNs, domain names, workstation names, or aliases. | keyword |
+| related.ip | All of the IPs seen on your event. | ip |
+| related.user | All the user names or other user identifiers seen on the event. | keyword |
 | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword |
 | service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword |
+| source.ip | IP address of the source (IPv4 or IPv6). | ip |
+| source.port | Port of the source. | long |
 | tags | List of keywords used to tag each event. | keyword |
+| user.effective.name | Short name or login of the user. | keyword |
+| user.effective.name.text | Multi-field of `user.effective.name`. | match_only_text |
+| user.id | Unique identifier of the user. | keyword |
+| user.name | Short name or login of the user. | keyword |
+| user.name.text | Multi-field of `user.name`. | match_only_text |
 
 
 ## Metrics

@@ -1,6 +1,6 @@
 name: mongodb
 title: MongoDB
-version: 1.3.3
+version: 1.3.4
 description: Collect logs and metrics from MongoDB instances with Elastic Agent.
 type: integration
 categories: