diff --git a/packages/windows/changelog.yml b/packages/windows/changelog.yml index 154501056ef..6e31ffaf789 100644 --- a/packages/windows/changelog.yml +++ b/packages/windows/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.24.1" + changes: + - description: Add ECS error.code mapping. + type: bugfix + link: https://github.com/elastic/integrations/issues/6766 - version: "1.24.0" changes: - description: Ensure event.kind is correctly set for pipeline errors. diff --git a/packages/windows/data_stream/forwarded/fields/ecs.yml b/packages/windows/data_stream/forwarded/fields/ecs.yml index 39b88dd3642..0647023c979 100644 --- a/packages/windows/data_stream/forwarded/fields/ecs.yml +++ b/packages/windows/data_stream/forwarded/fields/ecs.yml @@ -48,6 +48,8 @@ name: dns.type - external: ecs name: ecs.version +- external: ecs + name: error.code - external: ecs name: event.action - external: ecs diff --git a/packages/windows/data_stream/powershell/fields/ecs.yml b/packages/windows/data_stream/powershell/fields/ecs.yml index 3491fdf3de5..71edd751565 100644 --- a/packages/windows/data_stream/powershell/fields/ecs.yml +++ b/packages/windows/data_stream/powershell/fields/ecs.yml @@ -6,6 +6,8 @@ name: destination.user.name - external: ecs name: ecs.version +- external: ecs + name: error.code - external: ecs name: event.action - external: ecs diff --git a/packages/windows/data_stream/powershell_operational/fields/ecs.yml b/packages/windows/data_stream/powershell_operational/fields/ecs.yml index 3491fdf3de5..71edd751565 100644 --- a/packages/windows/data_stream/powershell_operational/fields/ecs.yml +++ b/packages/windows/data_stream/powershell_operational/fields/ecs.yml @@ -6,6 +6,8 @@ name: destination.user.name - external: ecs name: ecs.version +- external: ecs + name: error.code - external: ecs name: event.action - external: ecs diff --git a/packages/windows/docs/README.md b/packages/windows/docs/README.md index d31b42054f9..2fc8a840fee 100644 --- a/packages/windows/docs/README.md +++ b/packages/windows/docs/README.md @@ -211,6 +211,7 @@ An example event for `powershell` looks as following: | destination.user.name | Short name or login of the user. | keyword | | destination.user.name.text | Multi-field of `destination.user.name`. | match_only_text | | ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | +| error.code | Error code describing the error. | keyword | | event.action | The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. | keyword | | event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | | event.code | Identification code for this event, if one exists. Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID. | keyword | @@ -547,6 +548,7 @@ An example event for `powershell_operational` looks as following: | destination.user.name | Short name or login of the user. | keyword | | destination.user.name.text | Multi-field of `destination.user.name`. | match_only_text | | ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | +| error.code | Error code describing the error. | keyword | | event.action | The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. | keyword | | event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | | event.code | Identification code for this event, if one exists. Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID. | keyword | diff --git a/packages/windows/manifest.yml b/packages/windows/manifest.yml index 31f12cc8a6d..55b42ed8329 100644 --- a/packages/windows/manifest.yml +++ b/packages/windows/manifest.yml @@ -1,6 +1,6 @@ name: windows title: Windows -version: 1.24.0 +version: 1.24.1 description: Collect logs and metrics from Windows OS and services with Elastic Agent. type: integration categories: