From 2b240f15ccefb408b57566bcc818fe7a2f931a7f Mon Sep 17 00:00:00 2001 From: Eric Beahan Date: Thu, 14 Jan 2021 10:21:12 -0600 Subject: [PATCH] [1.x] add http.request.id (#1208) (#1223) Co-authored-by: Eric Beahan Co-authored-by: Gil Raphaelli --- CHANGELOG.next.md | 2 ++ code/go/ecs/http.go | 6 ++++++ docs/field-details.asciidoc | 18 ++++++++++++++++++ experimental/generated/beats/fields.ecs.yml | 11 +++++++++++ experimental/generated/csv/fields.csv | 1 + experimental/generated/ecs/ecs_flat.yml | 15 +++++++++++++++ experimental/generated/ecs/ecs_nested.yml | 15 +++++++++++++++ .../generated/elasticsearch/7/template.json | 4 ++++ .../elasticsearch/component/http.json | 4 ++++ generated/beats/fields.ecs.yml | 11 +++++++++++ generated/csv/fields.csv | 1 + generated/ecs/ecs_flat.yml | 15 +++++++++++++++ generated/ecs/ecs_nested.yml | 15 +++++++++++++++ generated/elasticsearch/6/template.json | 4 ++++ generated/elasticsearch/7/template.json | 4 ++++ generated/elasticsearch/component/http.json | 4 ++++ schemas/http.yml | 13 +++++++++++++ 17 files changed, 143 insertions(+) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index f3225ffdb3..ca70e28078 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -17,6 +17,8 @@ Thanks, you're awesome :-) --> #### Added +* Added `http.request.id`. #1208 + #### Improvements #### Deprecated diff --git a/code/go/ecs/http.go b/code/go/ecs/http.go index 9abb112274..278b28378a 100644 --- a/code/go/ecs/http.go +++ b/code/go/ecs/http.go @@ -22,6 +22,12 @@ package ecs // Fields related to HTTP activity. Use the `url` field set to store the url of // the request. type Http struct { + // A unique identifier for each HTTP request to correlate logs between + // clients and servers in transactions. + // The id may be contained in a non-standard HTTP header, such as + // `X-Request-ID` or `X-Correlation-ID`. + RequestID string `ecs:"request.id"` + // HTTP request method. // Prior to ECS 1.6.0 the following guidance was provided: // "The field value must be normalized to lowercase for querying." diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc index 73bc4467d3..1c24738341 100644 --- a/docs/field-details.asciidoc +++ b/docs/field-details.asciidoc @@ -3383,6 +3383,24 @@ example: `1437` // =============================================================== +| +[[field-http-request-id]] +<> + +| A unique identifier for each HTTP request to correlate logs between clients and servers in transactions. + +The id may be contained in a non-standard HTTP header, such as `X-Request-ID` or `X-Correlation-ID`. + +type: keyword + + + +example: `123e4567-e89b-12d3-a456-426614174000` + +| extended + +// =============================================================== + | [[field-http-request-method]] <> diff --git a/experimental/generated/beats/fields.ecs.yml b/experimental/generated/beats/fields.ecs.yml index d19d6a36d8..501e0d801e 100644 --- a/experimental/generated/beats/fields.ecs.yml +++ b/experimental/generated/beats/fields.ecs.yml @@ -2413,6 +2413,17 @@ format: bytes description: Total size in bytes of the request (body and headers). example: 1437 + - name: request.id + level: extended + type: keyword + ignore_above: 1024 + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' + example: 123e4567-e89b-12d3-a456-426614174000 + default_field: false - name: request.method level: extended type: keyword diff --git a/experimental/generated/csv/fields.csv b/experimental/generated/csv/fields.csv index 95199f66a2..d7ce2df034 100644 --- a/experimental/generated/csv/fields.csv +++ b/experimental/generated/csv/fields.csv @@ -281,6 +281,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 1.9.0-dev+exp,true,http,http.request.body.content,wildcard,extended,,Hello world,The full HTTP request body. 1.9.0-dev+exp,true,http,http.request.body.content.text,text,extended,,Hello world,The full HTTP request body. 1.9.0-dev+exp,true,http,http.request.bytes,long,extended,,1437,Total size in bytes of the request (body and headers). +1.9.0-dev+exp,true,http,http.request.id,keyword,extended,,123e4567-e89b-12d3-a456-426614174000,HTTP request ID. 1.9.0-dev+exp,true,http,http.request.method,keyword,extended,,"GET, POST, PUT, PoST",HTTP request method. 1.9.0-dev+exp,true,http,http.request.mime_type,keyword,extended,,image/gif,Mime type of the body of the request. 1.9.0-dev+exp,true,http,http.request.referrer,wildcard,extended,,https://blog.example.com/,Referrer for this HTTP request. diff --git a/experimental/generated/ecs/ecs_flat.yml b/experimental/generated/ecs/ecs_flat.yml index a7c053c2d1..25e79b4947 100644 --- a/experimental/generated/ecs/ecs_flat.yml +++ b/experimental/generated/ecs/ecs_flat.yml @@ -3832,6 +3832,21 @@ http.request.bytes: normalize: [] short: Total size in bytes of the request (body and headers). type: long +http.request.id: + dashed_name: http-request-id + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' + example: 123e4567-e89b-12d3-a456-426614174000 + flat_name: http.request.id + ignore_above: 1024 + level: extended + name: request.id + normalize: [] + short: HTTP request ID. + type: keyword http.request.method: dashed_name: http-request-method description: 'HTTP request method. diff --git a/experimental/generated/ecs/ecs_nested.yml b/experimental/generated/ecs/ecs_nested.yml index 2b825db77d..ef90a2bcd8 100644 --- a/experimental/generated/ecs/ecs_nested.yml +++ b/experimental/generated/ecs/ecs_nested.yml @@ -4548,6 +4548,21 @@ http: normalize: [] short: Total size in bytes of the request (body and headers). type: long + http.request.id: + dashed_name: http-request-id + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' + example: 123e4567-e89b-12d3-a456-426614174000 + flat_name: http.request.id + ignore_above: 1024 + level: extended + name: request.id + normalize: [] + short: HTTP request ID. + type: keyword http.request.method: dashed_name: http-request-method description: 'HTTP request method. diff --git a/experimental/generated/elasticsearch/7/template.json b/experimental/generated/elasticsearch/7/template.json index 7420e1c441..70ed2974d8 100644 --- a/experimental/generated/elasticsearch/7/template.json +++ b/experimental/generated/elasticsearch/7/template.json @@ -1296,6 +1296,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/experimental/generated/elasticsearch/component/http.json b/experimental/generated/elasticsearch/component/http.json index b2284df25e..3b79b53c86 100644 --- a/experimental/generated/elasticsearch/component/http.json +++ b/experimental/generated/elasticsearch/component/http.json @@ -29,6 +29,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml index 55bf39366c..aca54a4756 100644 --- a/generated/beats/fields.ecs.yml +++ b/generated/beats/fields.ecs.yml @@ -2315,6 +2315,17 @@ format: bytes description: Total size in bytes of the request (body and headers). example: 1437 + - name: request.id + level: extended + type: keyword + ignore_above: 1024 + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' + example: 123e4567-e89b-12d3-a456-426614174000 + default_field: false - name: request.method level: extended type: keyword diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv index 87ca4a70d3..b6d222e2b4 100644 --- a/generated/csv/fields.csv +++ b/generated/csv/fields.csv @@ -271,6 +271,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description 1.9.0-dev,true,http,http.request.body.content,wildcard,extended,,Hello world,The full HTTP request body. 1.9.0-dev,true,http,http.request.body.content.text,text,extended,,Hello world,The full HTTP request body. 1.9.0-dev,true,http,http.request.bytes,long,extended,,1437,Total size in bytes of the request (body and headers). +1.9.0-dev,true,http,http.request.id,keyword,extended,,123e4567-e89b-12d3-a456-426614174000,HTTP request ID. 1.9.0-dev,true,http,http.request.method,keyword,extended,,"GET, POST, PUT, PoST",HTTP request method. 1.9.0-dev,true,http,http.request.mime_type,keyword,extended,,image/gif,Mime type of the body of the request. 1.9.0-dev,true,http,http.request.referrer,wildcard,extended,,https://blog.example.com/,Referrer for this HTTP request. diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml index 7e7347eba8..eed7fb34ad 100644 --- a/generated/ecs/ecs_flat.yml +++ b/generated/ecs/ecs_flat.yml @@ -3712,6 +3712,21 @@ http.request.bytes: normalize: [] short: Total size in bytes of the request (body and headers). type: long +http.request.id: + dashed_name: http-request-id + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' + example: 123e4567-e89b-12d3-a456-426614174000 + flat_name: http.request.id + ignore_above: 1024 + level: extended + name: request.id + normalize: [] + short: HTTP request ID. + type: keyword http.request.method: dashed_name: http-request-method description: 'HTTP request method. diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml index 47cd8526ef..a78c8b1774 100644 --- a/generated/ecs/ecs_nested.yml +++ b/generated/ecs/ecs_nested.yml @@ -4405,6 +4405,21 @@ http: normalize: [] short: Total size in bytes of the request (body and headers). type: long + http.request.id: + dashed_name: http-request-id + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' + example: 123e4567-e89b-12d3-a456-426614174000 + flat_name: http.request.id + ignore_above: 1024 + level: extended + name: request.id + normalize: [] + short: HTTP request ID. + type: keyword http.request.method: dashed_name: http-request-method description: 'HTTP request method. diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json index 378c3dc0fa..248a06ed55 100644 --- a/generated/elasticsearch/6/template.json +++ b/generated/elasticsearch/6/template.json @@ -1270,6 +1270,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json index 2a9466df8b..87007a70f3 100644 --- a/generated/elasticsearch/7/template.json +++ b/generated/elasticsearch/7/template.json @@ -1233,6 +1233,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/generated/elasticsearch/component/http.json b/generated/elasticsearch/component/http.json index 0e38b06c88..d208148bdb 100644 --- a/generated/elasticsearch/component/http.json +++ b/generated/elasticsearch/component/http.json @@ -29,6 +29,10 @@ "bytes": { "type": "long" }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, "method": { "ignore_above": 1024, "type": "keyword" diff --git a/schemas/http.yml b/schemas/http.yml index f0ee23c53a..75475199b4 100644 --- a/schemas/http.yml +++ b/schemas/http.yml @@ -8,6 +8,19 @@ type: group fields: + - name: request.id + level: extended + type: keyword + short: HTTP request ID. + description: > + A unique identifier for each HTTP request to correlate logs between clients + and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`. + + example: 123e4567-e89b-12d3-a456-426614174000 + - name: request.method level: extended type: keyword