-
Notifications
You must be signed in to change notification settings - Fork 129
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- adding first draft for opensearch observability schema - client attributes - container attributes - destination attributes - host attributes - network attributes - observer attributes - os attributes - additional common fields attributes
- Loading branch information
yang-db
committed
Aug 4, 2022
1 parent
6c6ed10
commit c7a1ef1
Showing
9 changed files
with
22,691 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
#A client is defined as the initiator of a network connection for events | ||
# regarding sessions, connections, or bidirectional flow records. | ||
# | ||
# For TCP events, the client is the initiator of the TCP connection that sends the | ||
# SYN packet(s). For other protocols, the client is generally the initiator or requestor | ||
# in the network transaction. Some systems use the term "originator" to refer the | ||
# client in TCP connections. The client fields describe details about the system | ||
# acting as the client in the network event. Client fields are usually populated | ||
# in conjunction with server fields. Client fields are generally not populated for | ||
# packet-level events. | ||
# | ||
# Client / server representations can add semantic context to an exchange, which | ||
# is helpful to visualize the data in certain situations. If your context falls | ||
# in that category, you should still ensure that source and destination are filled | ||
# appropriately. | ||
type Client implements BaseRecord { | ||
# Client network address | ||
address: String | ||
# | ||
as:AutonomousSystem | ||
# The domain name of the client system. | ||
domain:String | ||
# Bytes sent from the client to the server | ||
bytes:Long | ||
# geographic related fields deriving from client's location | ||
geo:Geo | ||
# Translated IP of source based NAT sessions (e.g. internal client to internet) | ||
natIpp:IP | ||
# IP address of the client (IPv4 or IPv6). | ||
ip:IP | ||
# mac address of the client | ||
mac:String | ||
# port of the client | ||
port:Long | ||
# Translated port of source based NAT sessions | ||
natPort:Long | ||
# Packets sent from the client to the server | ||
packets:Long | ||
# The highest registered client domain, stripped of the subdomain. | ||
registeredDomain:String | ||
# The subdomain portion of a fully qualified domain name includes | ||
# all of the names except the host name under the registered_domain | ||
subdomain:String | ||
# he effective top level domain (eTLD), also known as the domain | ||
# suffix, is the last part of the domain name. | ||
topLevelDomain:String | ||
# Fields about the client side of a network connection, used with server | ||
user:User | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
type Container implements BaseRecord { | ||
# container's unique id | ||
id:ID! | ||
# container's name | ||
name:String | ||
#Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. | ||
cpuUsage:Float | ||
#The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. | ||
diskReadBytes:Long | ||
#The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. | ||
diskWriteBytes:Long | ||
# An array of digests of the image the container was built on | ||
imageHash:String | ||
# Name of the image the container was built on. | ||
imageName:String | ||
# Container image tags. | ||
imageTag:[String] | ||
# Container image labels. | ||
labels:Json | ||
# Memory usage percentage and it ranges from 0 to 1 | ||
memoryUsage:Long | ||
# The number of bytes sent on all network interfaces | ||
networkEgressBytes:Long | ||
# The number of packets (gauge) sent out on all network interfaces | ||
networkIngressPackets:Long | ||
# The number of bytes received from all network interfaces | ||
networkEgressBytes:Long | ||
# The number of packets (gauge) received from all network interfaces | ||
networkIngressPackets:Long | ||
# Runtime managing this container. | ||
runtime:String | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
#Destination fields capture details about the receiver of a network exchange/packet. These fields are populated from a network event, packet, or other event containing details of a network transaction. | ||
# | ||
#Destination fields are usually populated in conjunction with source fields. The source and destination fields are considered the baseline and should always be filled if an event contains source and destination details from a network transaction. If the event also contains identification of the client and server roles, then the client and server fields should also be populated. | ||
type Destination implements BaseRecord { | ||
# Destination network address | ||
address:String | ||
# Bytes sent from the destination to the source. | ||
bytes:Long | ||
#The domain name of the destination system. | ||
domain:String | ||
#The ip address of the destination system. | ||
ip:IP | ||
#The mac address of the destination system. | ||
mac:String | ||
# Translated IP of source based NAT sessions (e.g. internal client to internet) | ||
natIpp:IP | ||
# port of the client | ||
port:Long | ||
# Translated port of source based NAT sessions | ||
natPort:Long | ||
# Packets sent from the destination to the source. | ||
packets:Long | ||
# The highest registered client domain, stripped of the subdomain. | ||
registeredDomain:String | ||
# The subdomain portion of a fully qualified domain name includes | ||
# all of the names except the host name under the registered_domain | ||
subdomain:String | ||
# he effective top level domain (eTLD), also known as the domain | ||
# suffix, is the last part of the domain name. | ||
topLevelDomain:String | ||
|
||
#Fields describing an Autonomous System (Internet routing prefix). | ||
as:AutonomousSystem | ||
# Fields describing a location. | ||
geo:Geo | ||
#Fields to describe the user relevant to the event. | ||
user:User | ||
} |
Oops, something went wrong.