elastic · bhapas · Oct 4, 2023 · Oct 3, 2023 · Oct 3, 2023 · Oct 3, 2023
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: 2.9.0
+  changes:
+    - description: Adapt fields for changes in file system info
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/8068
 - version: "2.8.3"
   changes:
     - description: Migrate Docker Overview dashboard to lens.

@@ -56,4 +56,4 @@
   dimension: true
 - external: ecs
   name: cloud.instance.id
-  dimension: true
+  dimension: true
@@ -0,0 +1,21 @@
+- name: log.file
+  type: group
+  fields:
+    - name: device_id
+      type: keyword
+      description: ID of the device containing the filesystem where the file resides.
+    - name: fingerprint
+      type: keyword
+      description: The sha256 fingerprint identity of the file when fingerprinting is enabled.
+    - name: inode
+      type: keyword
+      description: Inode number of the log file.
+    - name: idxhi
+      type: keyword
+      description: The high-order part of a unique identifier that is associated with a file. (Windows-only)
+    - name: idxlo
+      type: keyword
+      description: The low-order part of a unique identifier that is associated with a file. (Windows-only)
+    - name: vol
+      type: keyword
+      description: The serial number of the volume that contains a file. (Windows-only)
@@ -1,5 +1,5 @@
 - name: container.labels.*
   type: object
   release: ga
-  description: |
-    Container labels
+  description: |-
+    Container labels
@@ -69,4 +69,4 @@
   dimension: true
 - external: ecs
   name: cloud.instance.id
-  dimension: true
+  dimension: true
@@ -56,4 +56,4 @@
   dimension: true
 - external: ecs
   name: cloud.instance.id
-  dimension: true
+  dimension: true
@@ -55,4 +55,4 @@
   dimension: true
 - external: ecs
   name: cloud.instance.id
-  dimension: true
+  dimension: true
@@ -55,4 +55,4 @@
   dimension: true
 - external: ecs
   name: cloud.instance.id
-  dimension: true
+  dimension: true
@@ -63,4 +63,4 @@
   dimension: true
 - external: ecs
   name: cloud.instance.id
-  dimension: true
+  dimension: true
@@ -1149,7 +1149,13 @@ The Docker `container_logs` data stream collects container logs.
 | host.os.version | Operating system version as a raw string. | keyword |
 | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword |
 | input.type | Type of Filebeat input. | keyword |
+| log.file.device_id | ID of the device containing the filesystem where the file resides. | keyword |
+| log.file.fingerprint | The sha256 fingerprint identity of the file when fingerprinting is enabled. | keyword |
+| log.file.idxhi | The high-order part of a unique identifier that is associated with a file. (Windows-only) | keyword |
+| log.file.idxlo | The low-order part of a unique identifier that is associated with a file. (Windows-only) | keyword |
+| log.file.inode | Inode number of the log file. | keyword |
 | log.file.path | Path to the log file. | keyword |
+| log.file.vol | The serial number of the volume that contains a file. (Windows-only) | keyword |
 | log.offset | Offset of the entry in the log file. | long |
 | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text |
 | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword |

@@ -1,6 +1,6 @@
 name: docker
 title: Docker
-version: 2.8.3
+version: 2.9.0
 release: ga
 description: Collect metrics and logs from Docker instances with Elastic Agent.
 type: integration

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: 0.5.0
+  changes:
+    - description: Adapt fields for changes in file system info
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/8068
 - version: "0.4.2"
   changes:
     - description: Add null check to the rename processor

@@ -0,0 +1,21 @@
+- name: log.file
+  type: group
+  fields:
+    - name: device_id
+      type: keyword
+      description: ID of the device containing the filesystem where the file resides.
+    - name: fingerprint
+      type: keyword
+      description: The sha256 fingerprint identity of the file when fingerprinting is enabled.
+    - name: inode
+      type: keyword
+      description: Inode number of the log file.
+    - name: idxhi
+      type: keyword
+      description: The high-order part of a unique identifier that is associated with a file. (Windows-only)
+    - name: idxlo
+      type: keyword
+      description: The low-order part of a unique identifier that is associated with a file. (Windows-only)
+    - name: vol
+      type: keyword
+      description: The serial number of the volume that contains a file. (Windows-only)
@@ -29,4 +29,4 @@
   dimension: true
 - external: ecs
   name: container.id
-  dimension: true
+  dimension: true
@@ -29,4 +29,4 @@
   dimension: true
 - external: ecs
   name: container.id
-  dimension: true
+  dimension: true
@@ -198,6 +198,12 @@ An example event for `access` looks as following:
 | istio.access.upstream.service_time | Envoy Upstream service time. | long |
 | istio.access.upstream.transport_failure_reason | For HTTP if upstream connection failed due to transport socket (e.g. TLS handshake), provides the failure reason from the transport socket. The format of this field depends on the configured upstream transport socket. For TCP/UDP this field is not implemented ("-"). | text |
 | istio.access.x_forwarded_for | x_forwarded_for (XFF) is a standard proxy header which indicates the IP addresses that a request has flowed through on its way from the client to the server. | keyword |
+| log.file.device_id | ID of the device containing the filesystem where the file resides. | keyword |
+| log.file.fingerprint | The sha256 fingerprint identity of the file when fingerprinting is enabled. | keyword |
+| log.file.idxhi | The high-order part of a unique identifier that is associated with a file. (Windows-only) | keyword |
+| log.file.idxlo | The low-order part of a unique identifier that is associated with a file. (Windows-only) | keyword |
+| log.file.inode | Inode number of the log file. | keyword |
+| log.file.vol | The serial number of the volume that contains a file. (Windows-only) | keyword |
 | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text |
 | network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword |
 | network.protocol | In the OSI Model this would be the Application Layer protocol. For example, `http`, `dns`, or `ssh`. The field value must be normalized to lowercase for querying. | keyword |

@@ -3,7 +3,7 @@ name: istio
 title: Istio
 description: Collect logs and metrics from the service mesh Istio with Elastic Agent.
 type: integration
-version: 0.4.2
+version: 0.5.0
 release: beta
 license: basic
 categories:

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: 1.46.0
+  changes:
+    - description: Adapt fields for changes in file system info
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/8068
 - version: "1.45.0"
   changes:
     - description: Reroute container logs based on pod annotations.

@@ -168,3 +168,24 @@
       description: >
         OS codename, if any.
 
+- name: log.file
+  type: group
+  fields:
+    - name: device_id
+      type: keyword
+      description: ID of the device containing the filesystem where the file resides.
+    - name: fingerprint
+      type: keyword
+      description: The sha256 fingerprint identity of the file when fingerprinting is enabled.
+    - name: inode
+      type: keyword
+      description: Inode number of the log file.
+    - name: idxhi
+      type: keyword
+      description: The high-order part of a unique identifier that is associated with a file. (Windows-only)
+    - name: idxlo
+      type: keyword
+      description: The low-order part of a unique identifier that is associated with a file. (Windows-only)
+    - name: vol
+      type: keyword
+      description: The serial number of the volume that contains a file. (Windows-only)
@@ -198,3 +198,24 @@
       description: >
         OS codename, if any.
 
+- name: log.file
+  type: group
+  fields:
+    - name: device_id
+      type: keyword
+      description: ID of the device containing the filesystem where the file resides.
+    - name: fingerprint
+      type: keyword
+      description: The sha256 fingerprint identity of the file when fingerprinting is enabled.
+    - name: inode
+      type: keyword
+      description: Inode number of the log file.
+    - name: idxhi
+      type: keyword
+      description: The high-order part of a unique identifier that is associated with a file. (Windows-only)
+    - name: idxlo
+      type: keyword
+      description: The low-order part of a unique identifier that is associated with a file. (Windows-only)
+    - name: vol
+      type: keyword
+      description: The serial number of the volume that contains a file. (Windows-only)
@@ -218,7 +218,13 @@ An example event for `audit` looks as following:
 | kubernetes.audit.user.username | The name that uniquely identifies this user among all active users | keyword |
 | kubernetes.audit.userAgent | UserAgent records the user agent string reported by the client. Note that the UserAgent is provided by the client, and must not be trusted | keyword |
 | kubernetes.audit.verb | Verb is the kubernetes verb associated with the request. For non-resource requests, this is the lower-cased HTTP method | keyword |
+| log.file.device_id | ID of the device containing the filesystem where the file resides. | keyword |
+| log.file.fingerprint | The sha256 fingerprint identity of the file when fingerprinting is enabled. | keyword |
+| log.file.idxhi | The high-order part of a unique identifier that is associated with a file. (Windows-only) | keyword |
+| log.file.idxlo | The low-order part of a unique identifier that is associated with a file. (Windows-only) | keyword |
+| log.file.inode | Inode number of the log file. | keyword |
 | log.file.path | Path to the log file. | keyword |
+| log.file.vol | The serial number of the volume that contains a file. (Windows-only) | keyword |
 | log.offset | Offset of the entry in the log file. | long |
 | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text |
 
@@ -1,7 +1,7 @@
 format_version: 2.9.0
 name: kubernetes
 title: Kubernetes
-version: 1.45.0
+version: 1.46.0
 description: Collect logs and metrics from Kubernetes clusters with Elastic Agent.
 type: integration
 categories:

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: 1.8.0
+  changes:
+    - description: Adapt fields for changes in file system info
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/8068
 - version: "1.7.3"
   changes:
     - description: Add null check to the rename processor

@@ -202,3 +202,24 @@
 - name: log.offset
   type: long
   description: Log offset
+- name: log.file
+  type: group
+  fields:
+    - name: device_id
+      type: keyword
+      description: ID of the device containing the filesystem where the file resides.
+    - name: fingerprint
+      type: keyword
+      description: The sha256 fingerprint identity of the file when fingerprinting is enabled.
+    - name: inode
+      type: keyword
+      description: Inode number of the log file.
+    - name: idxhi
+      type: keyword
+      description: The high-order part of a unique identifier that is associated with a file. (Windows-only)
+    - name: idxlo
+      type: keyword
+      description: The low-order part of a unique identifier that is associated with a file. (Windows-only)
+    - name: vol
+      type: keyword
+      description: The serial number of the volume that contains a file. (Windows-only)
@@ -205,3 +205,24 @@
 - name: log.flags
   description: Flags for the log file.
   type: keyword
+- name: log.file
+  type: group
+  fields:
+    - name: device_id
+      type: keyword
+      description: ID of the device containing the filesystem where the file resides.
+    - name: fingerprint
+      type: keyword
+      description: The sha256 fingerprint identity of the file when fingerprinting is enabled.
+    - name: inode
+      type: keyword
+      description: Inode number of the log file.
+    - name: idxhi
+      type: keyword
+      description: The high-order part of a unique identifier that is associated with a file. (Windows-only)
+    - name: idxlo
+      type: keyword
+      description: The low-order part of a unique identifier that is associated with a file. (Windows-only)
+    - name: vol
+      type: keyword
+      description: The serial number of the volume that contains a file. (Windows-only)
@@ -198,7 +198,13 @@ An example event for `access` looks as following:
 | http.response.status_code | HTTP response status code. | long |
 | http.version | HTTP version. | keyword |
 | input.type | Input type | keyword |
+| log.file.device_id | ID of the device containing the filesystem where the file resides. | keyword |
+| log.file.fingerprint | The sha256 fingerprint identity of the file when fingerprinting is enabled. | keyword |
+| log.file.idxhi | The high-order part of a unique identifier that is associated with a file. (Windows-only) | keyword |
+| log.file.idxlo | The low-order part of a unique identifier that is associated with a file. (Windows-only) | keyword |
+| log.file.inode | Inode number of the log file. | keyword |
 | log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword |
+| log.file.vol | The serial number of the volume that contains a file. (Windows-only) | keyword |
 | log.offset | Log offset | long |
 | nginx_ingress_controller.access.http.request.id | The randomly generated ID of the request | text |
 | nginx_ingress_controller.access.http.request.length | The request length (including request line, header, and request body) | long |
@@ -386,7 +392,13 @@ An example event for `error` looks as following:
 | host.os.version | Operating system version as a raw string. | keyword |
 | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword |
 | input.type | Input type | keyword |
+| log.file.device_id | ID of the device containing the filesystem where the file resides. | keyword |
+| log.file.fingerprint | The sha256 fingerprint identity of the file when fingerprinting is enabled. | keyword |
+| log.file.idxhi | The high-order part of a unique identifier that is associated with a file. (Windows-only) | keyword |
+| log.file.idxlo | The low-order part of a unique identifier that is associated with a file. (Windows-only) | keyword |
+| log.file.inode | Inode number of the log file. | keyword |
 | log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword |
+| log.file.vol | The serial number of the volume that contains a file. (Windows-only) | keyword |
 | log.flags | Flags for the log file. | keyword |
 | log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword |
 | log.offset | Log offset | long |

@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: nginx_ingress_controller
 title: Nginx Ingress Controller Logs
-version: 1.7.3
+version: 1.8.0
 license: basic
 description: Collect Nginx Ingress Controller logs.
 type: integration