From 9b24e8ad42a1279993dace0cec2af08971da2f5e Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 5 Mar 2020 14:40:44 +0100 Subject: [PATCH 1/6] Load fields.yml --- dev/import-beats/fields.go | 43 +++++++++++++++++++ dev/import-beats/packages.go | 27 ++++++++++-- dev/package-beats/activemq-0.0.1/manifest.yml | 4 +- .../aerospike-0.0.1/manifest.yml | 4 +- dev/package-beats/apache-0.0.1/manifest.yml | 4 +- .../appsearch-0.0.1/manifest.yml | 4 +- dev/package-beats/auditd-0.0.1/manifest.yml | 4 +- dev/package-beats/aws-0.0.1/manifest.yml | 4 +- dev/package-beats/azure-0.0.1/manifest.yml | 4 +- dev/package-beats/beat-0.0.1/manifest.yml | 4 +- dev/package-beats/cef-0.0.1/manifest.yml | 4 +- dev/package-beats/ceph-0.0.1/manifest.yml | 4 +- dev/package-beats/cisco-0.0.1/manifest.yml | 4 +- .../cloudfoundry-0.0.1/manifest.yml | 4 +- .../cockroachdb-0.0.1/manifest.yml | 4 +- dev/package-beats/consul-0.0.1/manifest.yml | 4 +- dev/package-beats/coredns-0.0.1/manifest.yml | 4 +- .../couchbase-0.0.1/manifest.yml | 4 +- dev/package-beats/couchdb-0.0.1/manifest.yml | 4 +- dev/package-beats/docker-0.0.1/manifest.yml | 4 +- .../dropwizard-0.0.1/manifest.yml | 4 +- .../elasticsearch-0.0.1/manifest.yml | 4 +- .../envoyproxy-0.0.1/manifest.yml | 4 +- dev/package-beats/etcd-0.0.1/manifest.yml | 4 +- dev/package-beats/golang-0.0.1/manifest.yml | 4 +- .../googlecloud-0.0.1/manifest.yml | 4 +- dev/package-beats/graphite-0.0.1/manifest.yml | 4 +- dev/package-beats/haproxy-0.0.1/manifest.yml | 4 +- dev/package-beats/http-0.0.1/manifest.yml | 4 +- dev/package-beats/ibmmq-0.0.1/manifest.yml | 4 +- dev/package-beats/icinga-0.0.1/manifest.yml | 4 +- dev/package-beats/iis-0.0.1/manifest.yml | 4 +- dev/package-beats/iptables-0.0.1/manifest.yml | 4 +- dev/package-beats/istio-0.0.1/manifest.yml | 4 +- dev/package-beats/jolokia-0.0.1/manifest.yml | 4 +- dev/package-beats/kafka-0.0.1/manifest.yml | 4 +- dev/package-beats/kibana-0.0.1/manifest.yml | 4 +- .../kubernetes-0.0.1/manifest.yml | 4 +- dev/package-beats/kvm-0.0.1/manifest.yml | 4 +- dev/package-beats/logstash-0.0.1/manifest.yml | 4 +- .../memcached-0.0.1/manifest.yml | 4 +- dev/package-beats/misp-0.0.1/manifest.yml | 4 +- dev/package-beats/mongodb-0.0.1/manifest.yml | 4 +- dev/package-beats/mssql-0.0.1/manifest.yml | 3 +- dev/package-beats/munin-0.0.1/manifest.yml | 4 +- dev/package-beats/mysql-0.0.1/manifest.yml | 4 +- dev/package-beats/nats-0.0.1/manifest.yml | 4 +- dev/package-beats/netflow-0.0.1/manifest.yml | 4 +- dev/package-beats/nginx-0.0.1/manifest.yml | 4 +- dev/package-beats/oracle-0.0.1/manifest.yml | 3 +- dev/package-beats/osquery-0.0.1/manifest.yml | 4 +- dev/package-beats/panw-0.0.1/manifest.yml | 4 +- dev/package-beats/php_fpm-0.0.1/manifest.yml | 4 +- .../postgresql-0.0.1/manifest.yml | 4 +- .../prometheus-0.0.1/manifest.yml | 4 +- dev/package-beats/rabbitmq-0.0.1/manifest.yml | 4 +- dev/package-beats/redis-0.0.1/manifest.yml | 4 +- .../redisenterprise-0.0.1/manifest.yml | 4 +- dev/package-beats/santa-0.0.1/manifest.yml | 4 +- dev/package-beats/sql-0.0.1/manifest.yml | 4 +- dev/package-beats/stan-0.0.1/manifest.yml | 4 +- dev/package-beats/statsd-0.0.1/manifest.yml | 4 +- dev/package-beats/suricata-0.0.1/manifest.yml | 4 +- dev/package-beats/system-0.0.1/manifest.yml | 4 +- dev/package-beats/tomcat-0.0.1/manifest.yml | 4 +- dev/package-beats/traefik-0.0.1/manifest.yml | 4 +- dev/package-beats/uwsgi-0.0.1/manifest.yml | 4 +- dev/package-beats/vsphere-0.0.1/manifest.yml | 4 +- dev/package-beats/windows-0.0.1/manifest.yml | 4 +- dev/package-beats/zeek-0.0.1/manifest.yml | 4 +- .../zookeeper-0.0.1/manifest.yml | 4 +- 71 files changed, 271 insertions(+), 73 deletions(-) create mode 100644 dev/import-beats/fields.go diff --git a/dev/import-beats/fields.go b/dev/import-beats/fields.go new file mode 100644 index 000000000..b63f3d3af --- /dev/null +++ b/dev/import-beats/fields.go @@ -0,0 +1,43 @@ +package main + +import ( + "fmt" + "io/ioutil" + "path/filepath" + + "github.com/pkg/errors" + "gopkg.in/yaml.v2" +) + +type fields []fieldsEntry + +type fieldsEntry struct { + Key string + Title *string + Description string +} + +func (f fields) getEntry(key string) (*fieldsEntry, error) { + for _, entry := range f { + if entry.Key == key { + return &entry, nil + } + } + return nil, fmt.Errorf("missing entry for key '%s'", key) +} + +func loadFields(modulePath string) (fields, error) { + fieldsFilePath := filepath.Join(modulePath, "fields.yml") + + data, err := ioutil.ReadFile(fieldsFilePath) + if err != nil { + return nil, errors.Wrapf(err, "reading file failed (path: %s)", fieldsFilePath) + } + + var f fields + err = yaml.Unmarshal(data, &f) + if err != nil { + return nil, errors.Wrapf(err, "unmarshalling fields file failed (path: %s)", fieldsFilePath) + } + return f, nil +} diff --git a/dev/import-beats/packages.go b/dev/import-beats/packages.go index d4579cefc..6d9d4e4d7 100644 --- a/dev/import-beats/packages.go +++ b/dev/import-beats/packages.go @@ -16,13 +16,22 @@ import ( "github.com/elastic/package-registry/util" ) +var ignoredModules = map[string]bool{ "apache2": true } + type packageMap map[string]*util.Package func (p packageMap) loadFromSource(beatsDir, beatName, packageType string) error { - path := filepath.Join(beatsDir, beatName, "module") - moduleDirs, err := ioutil.ReadDir(path) + beatPath := filepath.Join(beatsDir, beatName) + beatModulesPath := filepath.Join(beatPath, "module") + + moduleDirs, err := ioutil.ReadDir(beatModulesPath) + if err != nil { + return errors.Wrapf(err, "cannot read directory '%s'", beatModulesPath) + } + + fieldsFile, err := loadFields(beatPath) if err != nil { - return errors.Wrapf(err, "cannot read directory '%s'", path) + return errors.Wrapf(err, "loading fields failed") } for _, moduleDir := range moduleDirs { @@ -31,6 +40,10 @@ func (p packageMap) loadFromSource(beatsDir, beatName, packageType string) error } log.Printf("Visit '%s:%s'\n", beatName, moduleDir.Name()) + if _, ok := ignoredModules[moduleDir.Name()]; ok { + log.Printf("Ignoring '%s:%s'\n", beatName, moduleDir.Name()) + continue + } _, ok := p[moduleDir.Name()] if !ok { @@ -39,12 +52,18 @@ func (p packageMap) loadFromSource(beatsDir, beatName, packageType string) error Name: moduleDir.Name(), Version: "0.0.1", // TODO Type: "integration", - Categories: []string{}, License: "basic", } } + fieldsEntry, err := fieldsFile.getEntry(moduleDir.Name()) + if err != nil { + return errors.Wrapf(err, "retrieving fields entry failed") + } + p[moduleDir.Name()].Categories = append(p[moduleDir.Name()].Categories, packageType) + p[moduleDir.Name()].Title = fieldsEntry.Title + p[moduleDir.Name()].Description = fieldsEntry.Description } return nil } diff --git a/dev/package-beats/activemq-0.0.1/manifest.yml b/dev/package-beats/activemq-0.0.1/manifest.yml index 3e5839c30..bca3c8427 100644 --- a/dev/package-beats/activemq-0.0.1/manifest.yml +++ b/dev/package-beats/activemq-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: activemq +title: activemq version: 0.0.1 license: basic -description: "" +description: | + activemq module type: integration categories: - logs diff --git a/dev/package-beats/aerospike-0.0.1/manifest.yml b/dev/package-beats/aerospike-0.0.1/manifest.yml index 7cda11aa6..19ca420d6 100644 --- a/dev/package-beats/aerospike-0.0.1/manifest.yml +++ b/dev/package-beats/aerospike-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: aerospike +title: Aerospike version: 0.0.1 license: basic -description: "" +description: | + Aerospike module type: integration categories: - metrics diff --git a/dev/package-beats/apache-0.0.1/manifest.yml b/dev/package-beats/apache-0.0.1/manifest.yml index be7020f1d..c423372ec 100644 --- a/dev/package-beats/apache-0.0.1/manifest.yml +++ b/dev/package-beats/apache-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: apache +title: Apache version: 0.0.1 license: basic -description: "" +description: | + Apache HTTPD server metricsets collected from the Apache web server. type: integration categories: - logs diff --git a/dev/package-beats/appsearch-0.0.1/manifest.yml b/dev/package-beats/appsearch-0.0.1/manifest.yml index ad43abad2..84354c80f 100644 --- a/dev/package-beats/appsearch-0.0.1/manifest.yml +++ b/dev/package-beats/appsearch-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: appsearch +title: App Search version: 0.0.1 license: basic -description: "" +description: | + App Search module type: integration categories: - metrics diff --git a/dev/package-beats/auditd-0.0.1/manifest.yml b/dev/package-beats/auditd-0.0.1/manifest.yml index 5ebece8a9..62cb79572 100644 --- a/dev/package-beats/auditd-0.0.1/manifest.yml +++ b/dev/package-beats/auditd-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: auditd +title: Auditd version: 0.0.1 license: basic -description: "" +description: | + Module for parsing auditd logs. type: integration categories: - logs diff --git a/dev/package-beats/aws-0.0.1/manifest.yml b/dev/package-beats/aws-0.0.1/manifest.yml index 9b4856f11..e312895e0 100644 --- a/dev/package-beats/aws-0.0.1/manifest.yml +++ b/dev/package-beats/aws-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: aws +title: aws version: 0.0.1 license: basic -description: "" +description: | + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. type: integration categories: - logs diff --git a/dev/package-beats/azure-0.0.1/manifest.yml b/dev/package-beats/azure-0.0.1/manifest.yml index 56a0c59ab..ac0a1309c 100644 --- a/dev/package-beats/azure-0.0.1/manifest.yml +++ b/dev/package-beats/azure-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: azure +title: azure version: 0.0.1 license: basic -description: "" +description: | + azure module type: integration categories: - logs diff --git a/dev/package-beats/beat-0.0.1/manifest.yml b/dev/package-beats/beat-0.0.1/manifest.yml index abf1db63f..782a49ee1 100644 --- a/dev/package-beats/beat-0.0.1/manifest.yml +++ b/dev/package-beats/beat-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: beat +title: Beat version: 0.0.1 license: basic -description: "" +description: | + Contains common beat fields available in all event types. type: integration categories: - metrics diff --git a/dev/package-beats/cef-0.0.1/manifest.yml b/dev/package-beats/cef-0.0.1/manifest.yml index e5da3a751..dcb03a3c3 100644 --- a/dev/package-beats/cef-0.0.1/manifest.yml +++ b/dev/package-beats/cef-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: cef +title: Decode CEF processor fields version: 0.0.1 license: basic -description: "" +description: | + Common Event Format (CEF) data. type: integration categories: - logs diff --git a/dev/package-beats/ceph-0.0.1/manifest.yml b/dev/package-beats/ceph-0.0.1/manifest.yml index 8c097989f..ae52affaa 100644 --- a/dev/package-beats/ceph-0.0.1/manifest.yml +++ b/dev/package-beats/ceph-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: ceph +title: Ceph version: 0.0.1 license: basic -description: "" +description: | + Ceph module type: integration categories: - metrics diff --git a/dev/package-beats/cisco-0.0.1/manifest.yml b/dev/package-beats/cisco-0.0.1/manifest.yml index 8bc369597..cbd0930eb 100644 --- a/dev/package-beats/cisco-0.0.1/manifest.yml +++ b/dev/package-beats/cisco-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: cisco +title: Cisco version: 0.0.1 license: basic -description: "" +description: | + Module for handling Cisco network device logs. type: integration categories: - logs diff --git a/dev/package-beats/cloudfoundry-0.0.1/manifest.yml b/dev/package-beats/cloudfoundry-0.0.1/manifest.yml index 17e74ee32..26918b7cf 100644 --- a/dev/package-beats/cloudfoundry-0.0.1/manifest.yml +++ b/dev/package-beats/cloudfoundry-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: cloudfoundry +title: cloudfoundry version: 0.0.1 license: basic -description: "" +description: | + Cloud Foundry module type: integration categories: - metrics diff --git a/dev/package-beats/cockroachdb-0.0.1/manifest.yml b/dev/package-beats/cockroachdb-0.0.1/manifest.yml index 4732459e0..027759721 100644 --- a/dev/package-beats/cockroachdb-0.0.1/manifest.yml +++ b/dev/package-beats/cockroachdb-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: cockroachdb +title: CockroachDB version: 0.0.1 license: basic -description: "" +description: | + CockroachDB module type: integration categories: - metrics diff --git a/dev/package-beats/consul-0.0.1/manifest.yml b/dev/package-beats/consul-0.0.1/manifest.yml index 81d2d1ecf..180dfa115 100644 --- a/dev/package-beats/consul-0.0.1/manifest.yml +++ b/dev/package-beats/consul-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: consul +title: consul version: 0.0.1 license: basic -description: "" +description: | + Consul module type: integration categories: - metrics diff --git a/dev/package-beats/coredns-0.0.1/manifest.yml b/dev/package-beats/coredns-0.0.1/manifest.yml index 417b2551c..a6cb85509 100644 --- a/dev/package-beats/coredns-0.0.1/manifest.yml +++ b/dev/package-beats/coredns-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: coredns +title: coredns version: 0.0.1 license: basic -description: "" +description: | + coredns Module type: integration categories: - logs diff --git a/dev/package-beats/couchbase-0.0.1/manifest.yml b/dev/package-beats/couchbase-0.0.1/manifest.yml index f2ced1ae1..263df3da0 100644 --- a/dev/package-beats/couchbase-0.0.1/manifest.yml +++ b/dev/package-beats/couchbase-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: couchbase +title: Couchbase version: 0.0.1 license: basic -description: "" +description: | + Metrics collected from Couchbase servers. type: integration categories: - metrics diff --git a/dev/package-beats/couchdb-0.0.1/manifest.yml b/dev/package-beats/couchdb-0.0.1/manifest.yml index 2e3add8eb..fba6d69df 100644 --- a/dev/package-beats/couchdb-0.0.1/manifest.yml +++ b/dev/package-beats/couchdb-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: couchdb +title: couchdb version: 0.0.1 license: basic -description: "" +description: | + couchdb module type: integration categories: - metrics diff --git a/dev/package-beats/docker-0.0.1/manifest.yml b/dev/package-beats/docker-0.0.1/manifest.yml index c8a55fb94..3398e04c2 100644 --- a/dev/package-beats/docker-0.0.1/manifest.yml +++ b/dev/package-beats/docker-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: docker +title: Docker version: 0.0.1 license: basic -description: "" +description: | + Docker stats collected from Docker. type: integration categories: - metrics diff --git a/dev/package-beats/dropwizard-0.0.1/manifest.yml b/dev/package-beats/dropwizard-0.0.1/manifest.yml index bd0657839..999abc1ee 100644 --- a/dev/package-beats/dropwizard-0.0.1/manifest.yml +++ b/dev/package-beats/dropwizard-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: dropwizard +title: Dropwizard version: 0.0.1 license: basic -description: "" +description: | + Stats collected from Dropwizard. type: integration categories: - metrics diff --git a/dev/package-beats/elasticsearch-0.0.1/manifest.yml b/dev/package-beats/elasticsearch-0.0.1/manifest.yml index 7cbd168df..f51190490 100644 --- a/dev/package-beats/elasticsearch-0.0.1/manifest.yml +++ b/dev/package-beats/elasticsearch-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: elasticsearch +title: Elasticsearch version: 0.0.1 license: basic -description: "" +description: | + Elasticsearch module type: integration categories: - logs diff --git a/dev/package-beats/envoyproxy-0.0.1/manifest.yml b/dev/package-beats/envoyproxy-0.0.1/manifest.yml index c3eda3442..989ae09e7 100644 --- a/dev/package-beats/envoyproxy-0.0.1/manifest.yml +++ b/dev/package-beats/envoyproxy-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: envoyproxy +title: envoyproxy version: 0.0.1 license: basic -description: "" +description: | + envoyproxy module type: integration categories: - logs diff --git a/dev/package-beats/etcd-0.0.1/manifest.yml b/dev/package-beats/etcd-0.0.1/manifest.yml index 48b461f2b..e02d426ad 100644 --- a/dev/package-beats/etcd-0.0.1/manifest.yml +++ b/dev/package-beats/etcd-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: etcd +title: Etcd version: 0.0.1 license: basic -description: "" +description: | + etcd Module type: integration categories: - metrics diff --git a/dev/package-beats/golang-0.0.1/manifest.yml b/dev/package-beats/golang-0.0.1/manifest.yml index 9314c4ac3..632a6bebf 100644 --- a/dev/package-beats/golang-0.0.1/manifest.yml +++ b/dev/package-beats/golang-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: golang +title: Golang version: 0.0.1 license: basic -description: "" +description: | + Golang module type: integration categories: - metrics diff --git a/dev/package-beats/googlecloud-0.0.1/manifest.yml b/dev/package-beats/googlecloud-0.0.1/manifest.yml index 783563508..2bd740915 100644 --- a/dev/package-beats/googlecloud-0.0.1/manifest.yml +++ b/dev/package-beats/googlecloud-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: googlecloud +title: Google Cloud Platform version: 0.0.1 license: basic -description: "" +description: | + GCP module type: integration categories: - logs diff --git a/dev/package-beats/graphite-0.0.1/manifest.yml b/dev/package-beats/graphite-0.0.1/manifest.yml index 90d863ddd..39fccb12b 100644 --- a/dev/package-beats/graphite-0.0.1/manifest.yml +++ b/dev/package-beats/graphite-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: graphite +title: Graphite version: 0.0.1 license: basic -description: "" +description: | + graphite Module type: integration categories: - metrics diff --git a/dev/package-beats/haproxy-0.0.1/manifest.yml b/dev/package-beats/haproxy-0.0.1/manifest.yml index f93fefaeb..39d324a10 100644 --- a/dev/package-beats/haproxy-0.0.1/manifest.yml +++ b/dev/package-beats/haproxy-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: haproxy +title: HAProxy version: 0.0.1 license: basic -description: "" +description: | + HAProxy Module type: integration categories: - logs diff --git a/dev/package-beats/http-0.0.1/manifest.yml b/dev/package-beats/http-0.0.1/manifest.yml index ae0765836..e36a65641 100644 --- a/dev/package-beats/http-0.0.1/manifest.yml +++ b/dev/package-beats/http-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: http +title: HTTP version: 0.0.1 license: basic -description: "" +description: | + HTTP module type: integration categories: - metrics diff --git a/dev/package-beats/ibmmq-0.0.1/manifest.yml b/dev/package-beats/ibmmq-0.0.1/manifest.yml index c49f73738..e7bde3b1c 100644 --- a/dev/package-beats/ibmmq-0.0.1/manifest.yml +++ b/dev/package-beats/ibmmq-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: ibmmq +title: IBM MQ version: 0.0.1 license: basic -description: "" +description: | + IBM MQ module type: integration categories: - logs diff --git a/dev/package-beats/icinga-0.0.1/manifest.yml b/dev/package-beats/icinga-0.0.1/manifest.yml index 066685997..aafbc0963 100644 --- a/dev/package-beats/icinga-0.0.1/manifest.yml +++ b/dev/package-beats/icinga-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: icinga +title: Icinga version: 0.0.1 license: basic -description: "" +description: | + Icinga Module type: integration categories: - logs diff --git a/dev/package-beats/iis-0.0.1/manifest.yml b/dev/package-beats/iis-0.0.1/manifest.yml index 4347a528c..f61e91abc 100644 --- a/dev/package-beats/iis-0.0.1/manifest.yml +++ b/dev/package-beats/iis-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: iis +title: iis version: 0.0.1 license: basic -description: "" +description: | + iis module type: integration categories: - logs diff --git a/dev/package-beats/iptables-0.0.1/manifest.yml b/dev/package-beats/iptables-0.0.1/manifest.yml index 6553b1a62..5d13d2dd9 100644 --- a/dev/package-beats/iptables-0.0.1/manifest.yml +++ b/dev/package-beats/iptables-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: iptables +title: iptables version: 0.0.1 license: basic -description: "" +description: | + Module for handling the iptables logs. type: integration categories: - logs diff --git a/dev/package-beats/istio-0.0.1/manifest.yml b/dev/package-beats/istio-0.0.1/manifest.yml index 135b6939d..82612f565 100644 --- a/dev/package-beats/istio-0.0.1/manifest.yml +++ b/dev/package-beats/istio-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: istio +title: istio version: 0.0.1 license: basic -description: "" +description: | + istio Module type: integration categories: - metrics diff --git a/dev/package-beats/jolokia-0.0.1/manifest.yml b/dev/package-beats/jolokia-0.0.1/manifest.yml index f423b895e..1be040bef 100644 --- a/dev/package-beats/jolokia-0.0.1/manifest.yml +++ b/dev/package-beats/jolokia-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: jolokia +title: Jolokia version: 0.0.1 license: basic -description: "" +description: | + Jolokia module type: integration categories: - metrics diff --git a/dev/package-beats/kafka-0.0.1/manifest.yml b/dev/package-beats/kafka-0.0.1/manifest.yml index 0fe97ee46..5832fd585 100644 --- a/dev/package-beats/kafka-0.0.1/manifest.yml +++ b/dev/package-beats/kafka-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: kafka +title: Kafka version: 0.0.1 license: basic -description: "" +description: | + Kafka module type: integration categories: - logs diff --git a/dev/package-beats/kibana-0.0.1/manifest.yml b/dev/package-beats/kibana-0.0.1/manifest.yml index 470737912..1bce980ef 100644 --- a/dev/package-beats/kibana-0.0.1/manifest.yml +++ b/dev/package-beats/kibana-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: kibana +title: Kibana version: 0.0.1 license: basic -description: "" +description: | + Kibana module type: integration categories: - logs diff --git a/dev/package-beats/kubernetes-0.0.1/manifest.yml b/dev/package-beats/kubernetes-0.0.1/manifest.yml index 77ee05084..2501c4434 100644 --- a/dev/package-beats/kubernetes-0.0.1/manifest.yml +++ b/dev/package-beats/kubernetes-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: kubernetes +title: Kubernetes version: 0.0.1 license: basic -description: "" +description: | + Kubernetes metadata added by the kubernetes processor type: integration categories: - metrics diff --git a/dev/package-beats/kvm-0.0.1/manifest.yml b/dev/package-beats/kvm-0.0.1/manifest.yml index b46c1c3e7..88331f1e4 100644 --- a/dev/package-beats/kvm-0.0.1/manifest.yml +++ b/dev/package-beats/kvm-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: kvm +title: kvm version: 0.0.1 license: basic -description: "" +description: | + kvm module type: integration categories: - metrics diff --git a/dev/package-beats/logstash-0.0.1/manifest.yml b/dev/package-beats/logstash-0.0.1/manifest.yml index 322debe2d..b416cb9ca 100644 --- a/dev/package-beats/logstash-0.0.1/manifest.yml +++ b/dev/package-beats/logstash-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: logstash +title: Logstash version: 0.0.1 license: basic -description: "" +description: | + Logstash module type: integration categories: - logs diff --git a/dev/package-beats/memcached-0.0.1/manifest.yml b/dev/package-beats/memcached-0.0.1/manifest.yml index c343c7b28..26719e3ce 100644 --- a/dev/package-beats/memcached-0.0.1/manifest.yml +++ b/dev/package-beats/memcached-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: memcached +title: Memcached version: 0.0.1 license: basic -description: "" +description: | + Memcached module type: integration categories: - metrics diff --git a/dev/package-beats/misp-0.0.1/manifest.yml b/dev/package-beats/misp-0.0.1/manifest.yml index cbb9b9587..3e64a0552 100644 --- a/dev/package-beats/misp-0.0.1/manifest.yml +++ b/dev/package-beats/misp-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: misp +title: MISP version: 0.0.1 license: basic -description: "" +description: | + Module for handling threat information from MISP. type: integration categories: - logs diff --git a/dev/package-beats/mongodb-0.0.1/manifest.yml b/dev/package-beats/mongodb-0.0.1/manifest.yml index 4500f0c63..aef337033 100644 --- a/dev/package-beats/mongodb-0.0.1/manifest.yml +++ b/dev/package-beats/mongodb-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: mongodb +title: MongoDB version: 0.0.1 license: basic -description: "" +description: | + Metrics collected from MongoDB servers. type: integration categories: - logs diff --git a/dev/package-beats/mssql-0.0.1/manifest.yml b/dev/package-beats/mssql-0.0.1/manifest.yml index 485b12ac7..be9400826 100644 --- a/dev/package-beats/mssql-0.0.1/manifest.yml +++ b/dev/package-beats/mssql-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: mssql +title: MSSQL version: 0.0.1 license: basic -description: "" +description: MS SQL module type: integration categories: - logs diff --git a/dev/package-beats/munin-0.0.1/manifest.yml b/dev/package-beats/munin-0.0.1/manifest.yml index 569812c1c..a2fd67b85 100644 --- a/dev/package-beats/munin-0.0.1/manifest.yml +++ b/dev/package-beats/munin-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: munin +title: Munin version: 0.0.1 license: basic -description: "" +description: | + Munin node metrics exporter type: integration categories: - metrics diff --git a/dev/package-beats/mysql-0.0.1/manifest.yml b/dev/package-beats/mysql-0.0.1/manifest.yml index dd01251b2..fe8ffcf8e 100644 --- a/dev/package-beats/mysql-0.0.1/manifest.yml +++ b/dev/package-beats/mysql-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: mysql +title: MySQL version: 0.0.1 license: basic -description: "" +description: | + MySQL server status metrics collected from MySQL. type: integration categories: - logs diff --git a/dev/package-beats/nats-0.0.1/manifest.yml b/dev/package-beats/nats-0.0.1/manifest.yml index 13a1fffa4..80f26f22e 100644 --- a/dev/package-beats/nats-0.0.1/manifest.yml +++ b/dev/package-beats/nats-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: nats +title: Nats version: 0.0.1 license: basic -description: "" +description: | + nats Module type: integration categories: - logs diff --git a/dev/package-beats/netflow-0.0.1/manifest.yml b/dev/package-beats/netflow-0.0.1/manifest.yml index 99715d58c..8700fc43e 100644 --- a/dev/package-beats/netflow-0.0.1/manifest.yml +++ b/dev/package-beats/netflow-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: netflow +title: NetFlow version: 0.0.1 license: basic -description: "" +description: | + Fields from NetFlow and IPFIX flows. type: integration categories: - logs diff --git a/dev/package-beats/nginx-0.0.1/manifest.yml b/dev/package-beats/nginx-0.0.1/manifest.yml index 3ad791ff1..8048d27e3 100644 --- a/dev/package-beats/nginx-0.0.1/manifest.yml +++ b/dev/package-beats/nginx-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: nginx +title: Nginx version: 0.0.1 license: basic -description: "" +description: | + Nginx server status metrics collected from various modules. type: integration categories: - logs diff --git a/dev/package-beats/oracle-0.0.1/manifest.yml b/dev/package-beats/oracle-0.0.1/manifest.yml index 3bb1bd9d8..deec28979 100644 --- a/dev/package-beats/oracle-0.0.1/manifest.yml +++ b/dev/package-beats/oracle-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: oracle +title: Oracle version: 0.0.1 license: basic -description: "" +description: Oracle database module type: integration categories: - metrics diff --git a/dev/package-beats/osquery-0.0.1/manifest.yml b/dev/package-beats/osquery-0.0.1/manifest.yml index c71904027..c5b9be9d4 100644 --- a/dev/package-beats/osquery-0.0.1/manifest.yml +++ b/dev/package-beats/osquery-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: osquery +title: Osquery version: 0.0.1 license: basic -description: "" +description: | + Fields exported by the `osquery` module type: integration categories: - logs diff --git a/dev/package-beats/panw-0.0.1/manifest.yml b/dev/package-beats/panw-0.0.1/manifest.yml index 1027ef130..3b0d6ce0a 100644 --- a/dev/package-beats/panw-0.0.1/manifest.yml +++ b/dev/package-beats/panw-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: panw +title: panw version: 0.0.1 license: basic -description: "" +description: | + Module for Palo Alto Networks (PAN-OS) type: integration categories: - logs diff --git a/dev/package-beats/php_fpm-0.0.1/manifest.yml b/dev/package-beats/php_fpm-0.0.1/manifest.yml index 63d00f285..afe2a943b 100644 --- a/dev/package-beats/php_fpm-0.0.1/manifest.yml +++ b/dev/package-beats/php_fpm-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: php_fpm +title: PHP_FPM version: 0.0.1 license: basic -description: "" +description: | + PHP-FPM server status metrics collected from PHP-FPM. type: integration categories: - metrics diff --git a/dev/package-beats/postgresql-0.0.1/manifest.yml b/dev/package-beats/postgresql-0.0.1/manifest.yml index d6b002d73..b301cee72 100644 --- a/dev/package-beats/postgresql-0.0.1/manifest.yml +++ b/dev/package-beats/postgresql-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: postgresql +title: PostgreSQL version: 0.0.1 license: basic -description: "" +description: | + Metrics collected from PostgreSQL servers. type: integration categories: - logs diff --git a/dev/package-beats/prometheus-0.0.1/manifest.yml b/dev/package-beats/prometheus-0.0.1/manifest.yml index 52c8a4c42..f69becc00 100644 --- a/dev/package-beats/prometheus-0.0.1/manifest.yml +++ b/dev/package-beats/prometheus-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: prometheus +title: Prometheus version: 0.0.1 license: basic -description: "" +description: | + Stats scraped from a Prometheus endpoint. type: integration categories: - metrics diff --git a/dev/package-beats/rabbitmq-0.0.1/manifest.yml b/dev/package-beats/rabbitmq-0.0.1/manifest.yml index 38b2aae84..cea23610f 100644 --- a/dev/package-beats/rabbitmq-0.0.1/manifest.yml +++ b/dev/package-beats/rabbitmq-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: rabbitmq +title: RabbitMQ version: 0.0.1 license: basic -description: "" +description: | + RabbitMQ module type: integration categories: - logs diff --git a/dev/package-beats/redis-0.0.1/manifest.yml b/dev/package-beats/redis-0.0.1/manifest.yml index f8c46700c..77d5953c1 100644 --- a/dev/package-beats/redis-0.0.1/manifest.yml +++ b/dev/package-beats/redis-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: redis +title: Redis version: 0.0.1 license: basic -description: "" +description: | + Redis metrics collected from Redis. type: integration categories: - logs diff --git a/dev/package-beats/redisenterprise-0.0.1/manifest.yml b/dev/package-beats/redisenterprise-0.0.1/manifest.yml index 7b52da675..98f00e73f 100644 --- a/dev/package-beats/redisenterprise-0.0.1/manifest.yml +++ b/dev/package-beats/redisenterprise-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: redisenterprise +title: Redis Enterprise version: 0.0.1 license: basic -description: "" +description: | + Redis metrics collected from Redis Enterprise Server. type: integration categories: - metrics diff --git a/dev/package-beats/santa-0.0.1/manifest.yml b/dev/package-beats/santa-0.0.1/manifest.yml index 717560db1..0ed3c7d01 100644 --- a/dev/package-beats/santa-0.0.1/manifest.yml +++ b/dev/package-beats/santa-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: santa +title: Google Santa version: 0.0.1 license: basic -description: "" +description: | + Santa Module type: integration categories: - logs diff --git a/dev/package-beats/sql-0.0.1/manifest.yml b/dev/package-beats/sql-0.0.1/manifest.yml index 508f2ba83..eb083d62f 100644 --- a/dev/package-beats/sql-0.0.1/manifest.yml +++ b/dev/package-beats/sql-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: sql +title: sql version: 0.0.1 license: basic -description: "" +description: | + SQL module fetches metrics from a SQL database type: integration categories: - metrics diff --git a/dev/package-beats/stan-0.0.1/manifest.yml b/dev/package-beats/stan-0.0.1/manifest.yml index 2b8a9e927..3c10e89c8 100644 --- a/dev/package-beats/stan-0.0.1/manifest.yml +++ b/dev/package-beats/stan-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: stan +title: Stan version: 0.0.1 license: basic -description: "" +description: | + stan Module type: integration categories: - metrics diff --git a/dev/package-beats/statsd-0.0.1/manifest.yml b/dev/package-beats/statsd-0.0.1/manifest.yml index 1bb9d0c7f..b9186d3c0 100644 --- a/dev/package-beats/statsd-0.0.1/manifest.yml +++ b/dev/package-beats/statsd-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: statsd +title: Statsd version: 0.0.1 license: basic -description: "" +description: | + Statsd module type: integration categories: - metrics diff --git a/dev/package-beats/suricata-0.0.1/manifest.yml b/dev/package-beats/suricata-0.0.1/manifest.yml index cd6ba835d..9d82d80b2 100644 --- a/dev/package-beats/suricata-0.0.1/manifest.yml +++ b/dev/package-beats/suricata-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: suricata +title: Suricata version: 0.0.1 license: basic -description: "" +description: | + Module for handling the EVE JSON logs produced by Suricata. type: integration categories: - logs diff --git a/dev/package-beats/system-0.0.1/manifest.yml b/dev/package-beats/system-0.0.1/manifest.yml index a91ee0029..066531d91 100644 --- a/dev/package-beats/system-0.0.1/manifest.yml +++ b/dev/package-beats/system-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: system +title: System version: 0.0.1 license: basic -description: "" +description: | + System status metrics, like CPU and memory usage, that are collected from the operating system. type: integration categories: - logs diff --git a/dev/package-beats/tomcat-0.0.1/manifest.yml b/dev/package-beats/tomcat-0.0.1/manifest.yml index 906b6fe5c..1f85bc26f 100644 --- a/dev/package-beats/tomcat-0.0.1/manifest.yml +++ b/dev/package-beats/tomcat-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: tomcat +title: Tomcat version: 0.0.1 license: basic -description: "" +description: | + Tomcat module type: integration categories: - metrics diff --git a/dev/package-beats/traefik-0.0.1/manifest.yml b/dev/package-beats/traefik-0.0.1/manifest.yml index 047f04c5a..c2deb5b0d 100644 --- a/dev/package-beats/traefik-0.0.1/manifest.yml +++ b/dev/package-beats/traefik-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: traefik +title: traefik version: 0.0.1 license: basic -description: "" +description: | + Traefik reverse proxy / load balancer metrics type: integration categories: - logs diff --git a/dev/package-beats/uwsgi-0.0.1/manifest.yml b/dev/package-beats/uwsgi-0.0.1/manifest.yml index 13d1d8fb1..24899ccd8 100644 --- a/dev/package-beats/uwsgi-0.0.1/manifest.yml +++ b/dev/package-beats/uwsgi-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: uwsgi +title: uwsgi version: 0.0.1 license: basic -description: "" +description: | + uwsgi module type: integration categories: - metrics diff --git a/dev/package-beats/vsphere-0.0.1/manifest.yml b/dev/package-beats/vsphere-0.0.1/manifest.yml index 57b75e891..0609d6075 100644 --- a/dev/package-beats/vsphere-0.0.1/manifest.yml +++ b/dev/package-beats/vsphere-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: vsphere +title: vSphere version: 0.0.1 license: basic -description: "" +description: | + vSphere module type: integration categories: - metrics diff --git a/dev/package-beats/windows-0.0.1/manifest.yml b/dev/package-beats/windows-0.0.1/manifest.yml index bad330ef9..1dce0f5a6 100644 --- a/dev/package-beats/windows-0.0.1/manifest.yml +++ b/dev/package-beats/windows-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: windows +title: Windows version: 0.0.1 license: basic -description: "" +description: | + Module for Windows type: integration categories: - metrics diff --git a/dev/package-beats/zeek-0.0.1/manifest.yml b/dev/package-beats/zeek-0.0.1/manifest.yml index b9d8955bd..68a79afed 100644 --- a/dev/package-beats/zeek-0.0.1/manifest.yml +++ b/dev/package-beats/zeek-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: zeek +title: Zeek version: 0.0.1 license: basic -description: "" +description: | + Module for handling logs produced by Zeek/Bro type: integration categories: - logs diff --git a/dev/package-beats/zookeeper-0.0.1/manifest.yml b/dev/package-beats/zookeeper-0.0.1/manifest.yml index ce21c8475..8fc9d9c2f 100644 --- a/dev/package-beats/zookeeper-0.0.1/manifest.yml +++ b/dev/package-beats/zookeeper-0.0.1/manifest.yml @@ -1,8 +1,10 @@ format_version: 1.0.0 name: zookeeper +title: ZooKeeper version: 0.0.1 license: basic -description: "" +description: | + ZooKeeper metrics collected by the four-letter monitoring commands. type: integration categories: - metrics From fb5287d35151f60cbda59ce45644599ca73c8e31 Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 5 Mar 2020 15:02:34 +0100 Subject: [PATCH 2/6] Delete apache2 --- dev/packages/beats/apache2-0.0.1/manifest.yml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 dev/packages/beats/apache2-0.0.1/manifest.yml diff --git a/dev/packages/beats/apache2-0.0.1/manifest.yml b/dev/packages/beats/apache2-0.0.1/manifest.yml deleted file mode 100644 index f842113c7..000000000 --- a/dev/packages/beats/apache2-0.0.1/manifest.yml +++ /dev/null @@ -1,11 +0,0 @@ -format_version: 1.0.0 -name: apache2 -version: 0.0.1 -license: oss -description: "" -type: integration -categories: -- logs -requirement: - kibana: - versions: "" From 9edd31e80f0039fd19d36dfc6cdd45c70188a1f1 Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 5 Mar 2020 15:40:39 +0100 Subject: [PATCH 3/6] Regenerate packages --- dev/import-beats/fields.go | 8 +- dev/import-beats/main.go | 8 +- dev/import-beats/packages.go | 84 ++++++++++++------- dev/package-beats/activemq-0.0.1/manifest.yml | 14 ---- .../aerospike-0.0.1/manifest.yml | 13 --- dev/package-beats/apache-0.0.1/manifest.yml | 14 ---- dev/package-beats/apache2-0.0.1/manifest.yml | 11 --- .../appsearch-0.0.1/manifest.yml | 13 --- dev/package-beats/auditd-0.0.1/manifest.yml | 13 --- dev/package-beats/aws-0.0.1/manifest.yml | 14 ---- dev/package-beats/azure-0.0.1/manifest.yml | 14 ---- dev/package-beats/beat-0.0.1/manifest.yml | 13 --- dev/package-beats/cef-0.0.1/manifest.yml | 13 --- dev/package-beats/ceph-0.0.1/manifest.yml | 13 --- dev/package-beats/cisco-0.0.1/manifest.yml | 13 --- .../cloudfoundry-0.0.1/manifest.yml | 13 --- .../cockroachdb-0.0.1/manifest.yml | 13 --- dev/package-beats/consul-0.0.1/manifest.yml | 13 --- dev/package-beats/coredns-0.0.1/manifest.yml | 14 ---- .../couchbase-0.0.1/manifest.yml | 13 --- dev/package-beats/couchdb-0.0.1/manifest.yml | 13 --- dev/package-beats/docker-0.0.1/manifest.yml | 13 --- .../dropwizard-0.0.1/manifest.yml | 13 --- .../elasticsearch-0.0.1/manifest.yml | 14 ---- .../envoyproxy-0.0.1/manifest.yml | 14 ---- dev/package-beats/etcd-0.0.1/manifest.yml | 13 --- dev/package-beats/golang-0.0.1/manifest.yml | 13 --- .../googlecloud-0.0.1/manifest.yml | 14 ---- dev/package-beats/graphite-0.0.1/manifest.yml | 13 --- dev/package-beats/haproxy-0.0.1/manifest.yml | 14 ---- dev/package-beats/http-0.0.1/manifest.yml | 13 --- dev/package-beats/ibmmq-0.0.1/manifest.yml | 14 ---- dev/package-beats/icinga-0.0.1/manifest.yml | 13 --- dev/package-beats/iis-0.0.1/manifest.yml | 14 ---- dev/package-beats/iptables-0.0.1/manifest.yml | 13 --- dev/package-beats/istio-0.0.1/manifest.yml | 13 --- dev/package-beats/jolokia-0.0.1/manifest.yml | 13 --- dev/package-beats/kafka-0.0.1/manifest.yml | 14 ---- dev/package-beats/kibana-0.0.1/manifest.yml | 14 ---- .../kubernetes-0.0.1/manifest.yml | 13 --- dev/package-beats/kvm-0.0.1/manifest.yml | 13 --- dev/package-beats/logstash-0.0.1/manifest.yml | 14 ---- .../memcached-0.0.1/manifest.yml | 13 --- dev/package-beats/misp-0.0.1/manifest.yml | 13 --- dev/package-beats/mongodb-0.0.1/manifest.yml | 14 ---- dev/package-beats/mssql-0.0.1/manifest.yml | 13 --- dev/package-beats/munin-0.0.1/manifest.yml | 13 --- dev/package-beats/mysql-0.0.1/manifest.yml | 14 ---- dev/package-beats/nats-0.0.1/manifest.yml | 14 ---- dev/package-beats/netflow-0.0.1/manifest.yml | 13 --- dev/package-beats/nginx-0.0.1/manifest.yml | 14 ---- dev/package-beats/oracle-0.0.1/manifest.yml | 12 --- dev/package-beats/osquery-0.0.1/manifest.yml | 13 --- dev/package-beats/panw-0.0.1/manifest.yml | 13 --- dev/package-beats/php_fpm-0.0.1/manifest.yml | 13 --- .../postgresql-0.0.1/manifest.yml | 14 ---- .../prometheus-0.0.1/manifest.yml | 13 --- dev/package-beats/rabbitmq-0.0.1/manifest.yml | 14 ---- dev/package-beats/redis-0.0.1/manifest.yml | 14 ---- .../redisenterprise-0.0.1/manifest.yml | 13 --- dev/package-beats/santa-0.0.1/manifest.yml | 13 --- dev/package-beats/sql-0.0.1/manifest.yml | 13 --- dev/package-beats/stan-0.0.1/manifest.yml | 13 --- dev/package-beats/statsd-0.0.1/manifest.yml | 13 --- dev/package-beats/suricata-0.0.1/manifest.yml | 13 --- dev/package-beats/system-0.0.1/manifest.yml | 14 ---- dev/package-beats/tomcat-0.0.1/manifest.yml | 13 --- dev/package-beats/traefik-0.0.1/manifest.yml | 14 ---- dev/package-beats/uwsgi-0.0.1/manifest.yml | 13 --- dev/package-beats/vsphere-0.0.1/manifest.yml | 13 --- dev/package-beats/windows-0.0.1/manifest.yml | 13 --- dev/package-beats/zeek-0.0.1/manifest.yml | 13 --- .../zookeeper-0.0.1/manifest.yml | 13 --- .../beats/activemq-0.0.1/manifest.yml | 3 +- .../beats/aerospike-0.0.1/manifest.yml | 5 +- dev/packages/beats/apache-0.0.1/manifest.yml | 5 +- .../beats/appsearch-0.0.1/manifest.yml | 3 +- dev/packages/beats/auditd-0.0.1/manifest.yml | 5 +- dev/packages/beats/aws-0.0.1/manifest.yml | 3 +- dev/packages/beats/azure-0.0.1/manifest.yml | 3 +- dev/packages/beats/beat-0.0.1/manifest.yml | 5 +- dev/packages/beats/cef-0.0.1/manifest.yml | 3 +- dev/packages/beats/ceph-0.0.1/manifest.yml | 5 +- dev/packages/beats/cisco-0.0.1/manifest.yml | 3 +- .../beats/cloudfoundry-0.0.1/manifest.yml | 3 +- .../beats/cockroachdb-0.0.1/manifest.yml | 3 +- dev/packages/beats/consul-0.0.1/manifest.yml | 5 +- dev/packages/beats/coredns-0.0.1/manifest.yml | 3 +- .../beats/couchbase-0.0.1/manifest.yml | 5 +- dev/packages/beats/couchdb-0.0.1/manifest.yml | 5 +- dev/packages/beats/docker-0.0.1/manifest.yml | 5 +- .../beats/dropwizard-0.0.1/manifest.yml | 5 +- .../beats/elasticsearch-0.0.1/manifest.yml | 5 +- .../beats/envoyproxy-0.0.1/manifest.yml | 3 +- dev/packages/beats/etcd-0.0.1/manifest.yml | 5 +- dev/packages/beats/golang-0.0.1/manifest.yml | 5 +- .../beats/googlecloud-0.0.1/manifest.yml | 3 +- .../beats/graphite-0.0.1/manifest.yml | 5 +- dev/packages/beats/haproxy-0.0.1/manifest.yml | 5 +- dev/packages/beats/http-0.0.1/manifest.yml | 5 +- dev/packages/beats/ibmmq-0.0.1/manifest.yml | 3 +- dev/packages/beats/icinga-0.0.1/manifest.yml | 5 +- dev/packages/beats/iis-0.0.1/manifest.yml | 5 +- .../beats/iptables-0.0.1/manifest.yml | 3 +- dev/packages/beats/istio-0.0.1/manifest.yml | 3 +- dev/packages/beats/jolokia-0.0.1/manifest.yml | 5 +- dev/packages/beats/kafka-0.0.1/manifest.yml | 5 +- dev/packages/beats/kibana-0.0.1/manifest.yml | 5 +- .../beats/kubernetes-0.0.1/manifest.yml | 5 +- dev/packages/beats/kvm-0.0.1/manifest.yml | 5 +- .../beats/logstash-0.0.1/manifest.yml | 5 +- .../beats/memcached-0.0.1/manifest.yml | 5 +- dev/packages/beats/misp-0.0.1/manifest.yml | 3 +- dev/packages/beats/mongodb-0.0.1/manifest.yml | 5 +- dev/packages/beats/mssql-0.0.1/manifest.yml | 3 +- dev/packages/beats/munin-0.0.1/manifest.yml | 5 +- dev/packages/beats/mysql-0.0.1/manifest.yml | 5 +- dev/packages/beats/nats-0.0.1/manifest.yml | 5 +- dev/packages/beats/netflow-0.0.1/manifest.yml | 3 +- dev/packages/beats/nginx-0.0.1/manifest.yml | 5 +- dev/packages/beats/oracle-0.0.1/manifest.yml | 3 +- dev/packages/beats/osquery-0.0.1/manifest.yml | 5 +- dev/packages/beats/panw-0.0.1/manifest.yml | 3 +- dev/packages/beats/php_fpm-0.0.1/manifest.yml | 5 +- .../beats/postgresql-0.0.1/manifest.yml | 5 +- .../beats/prometheus-0.0.1/manifest.yml | 5 +- .../beats/rabbitmq-0.0.1/manifest.yml | 3 +- dev/packages/beats/redis-0.0.1/manifest.yml | 5 +- .../beats/redisenterprise-0.0.1/manifest.yml | 3 +- dev/packages/beats/santa-0.0.1/manifest.yml | 5 +- dev/packages/beats/sql-0.0.1/manifest.yml | 3 +- dev/packages/beats/stan-0.0.1/manifest.yml | 3 +- dev/packages/beats/statsd-0.0.1/manifest.yml | 3 +- .../beats/suricata-0.0.1/manifest.yml | 3 +- dev/packages/beats/system-0.0.1/manifest.yml | 5 +- dev/packages/beats/tomcat-0.0.1/manifest.yml | 3 +- dev/packages/beats/traefik-0.0.1/manifest.yml | 5 +- dev/packages/beats/uwsgi-0.0.1/manifest.yml | 5 +- dev/packages/beats/vsphere-0.0.1/manifest.yml | 5 +- dev/packages/beats/windows-0.0.1/manifest.yml | 5 +- dev/packages/beats/zeek-0.0.1/manifest.yml | 3 +- .../beats/zookeeper-0.0.1/manifest.yml | 5 +- 142 files changed, 245 insertions(+), 1076 deletions(-) delete mode 100644 dev/package-beats/activemq-0.0.1/manifest.yml delete mode 100644 dev/package-beats/aerospike-0.0.1/manifest.yml delete mode 100644 dev/package-beats/apache-0.0.1/manifest.yml delete mode 100644 dev/package-beats/apache2-0.0.1/manifest.yml delete mode 100644 dev/package-beats/appsearch-0.0.1/manifest.yml delete mode 100644 dev/package-beats/auditd-0.0.1/manifest.yml delete mode 100644 dev/package-beats/aws-0.0.1/manifest.yml delete mode 100644 dev/package-beats/azure-0.0.1/manifest.yml delete mode 100644 dev/package-beats/beat-0.0.1/manifest.yml delete mode 100644 dev/package-beats/cef-0.0.1/manifest.yml delete mode 100644 dev/package-beats/ceph-0.0.1/manifest.yml delete mode 100644 dev/package-beats/cisco-0.0.1/manifest.yml delete mode 100644 dev/package-beats/cloudfoundry-0.0.1/manifest.yml delete mode 100644 dev/package-beats/cockroachdb-0.0.1/manifest.yml delete mode 100644 dev/package-beats/consul-0.0.1/manifest.yml delete mode 100644 dev/package-beats/coredns-0.0.1/manifest.yml delete mode 100644 dev/package-beats/couchbase-0.0.1/manifest.yml delete mode 100644 dev/package-beats/couchdb-0.0.1/manifest.yml delete mode 100644 dev/package-beats/docker-0.0.1/manifest.yml delete mode 100644 dev/package-beats/dropwizard-0.0.1/manifest.yml delete mode 100644 dev/package-beats/elasticsearch-0.0.1/manifest.yml delete mode 100644 dev/package-beats/envoyproxy-0.0.1/manifest.yml delete mode 100644 dev/package-beats/etcd-0.0.1/manifest.yml delete mode 100644 dev/package-beats/golang-0.0.1/manifest.yml delete mode 100644 dev/package-beats/googlecloud-0.0.1/manifest.yml delete mode 100644 dev/package-beats/graphite-0.0.1/manifest.yml delete mode 100644 dev/package-beats/haproxy-0.0.1/manifest.yml delete mode 100644 dev/package-beats/http-0.0.1/manifest.yml delete mode 100644 dev/package-beats/ibmmq-0.0.1/manifest.yml delete mode 100644 dev/package-beats/icinga-0.0.1/manifest.yml delete mode 100644 dev/package-beats/iis-0.0.1/manifest.yml delete mode 100644 dev/package-beats/iptables-0.0.1/manifest.yml delete mode 100644 dev/package-beats/istio-0.0.1/manifest.yml delete mode 100644 dev/package-beats/jolokia-0.0.1/manifest.yml delete mode 100644 dev/package-beats/kafka-0.0.1/manifest.yml delete mode 100644 dev/package-beats/kibana-0.0.1/manifest.yml delete mode 100644 dev/package-beats/kubernetes-0.0.1/manifest.yml delete mode 100644 dev/package-beats/kvm-0.0.1/manifest.yml delete mode 100644 dev/package-beats/logstash-0.0.1/manifest.yml delete mode 100644 dev/package-beats/memcached-0.0.1/manifest.yml delete mode 100644 dev/package-beats/misp-0.0.1/manifest.yml delete mode 100644 dev/package-beats/mongodb-0.0.1/manifest.yml delete mode 100644 dev/package-beats/mssql-0.0.1/manifest.yml delete mode 100644 dev/package-beats/munin-0.0.1/manifest.yml delete mode 100644 dev/package-beats/mysql-0.0.1/manifest.yml delete mode 100644 dev/package-beats/nats-0.0.1/manifest.yml delete mode 100644 dev/package-beats/netflow-0.0.1/manifest.yml delete mode 100644 dev/package-beats/nginx-0.0.1/manifest.yml delete mode 100644 dev/package-beats/oracle-0.0.1/manifest.yml delete mode 100644 dev/package-beats/osquery-0.0.1/manifest.yml delete mode 100644 dev/package-beats/panw-0.0.1/manifest.yml delete mode 100644 dev/package-beats/php_fpm-0.0.1/manifest.yml delete mode 100644 dev/package-beats/postgresql-0.0.1/manifest.yml delete mode 100644 dev/package-beats/prometheus-0.0.1/manifest.yml delete mode 100644 dev/package-beats/rabbitmq-0.0.1/manifest.yml delete mode 100644 dev/package-beats/redis-0.0.1/manifest.yml delete mode 100644 dev/package-beats/redisenterprise-0.0.1/manifest.yml delete mode 100644 dev/package-beats/santa-0.0.1/manifest.yml delete mode 100644 dev/package-beats/sql-0.0.1/manifest.yml delete mode 100644 dev/package-beats/stan-0.0.1/manifest.yml delete mode 100644 dev/package-beats/statsd-0.0.1/manifest.yml delete mode 100644 dev/package-beats/suricata-0.0.1/manifest.yml delete mode 100644 dev/package-beats/system-0.0.1/manifest.yml delete mode 100644 dev/package-beats/tomcat-0.0.1/manifest.yml delete mode 100644 dev/package-beats/traefik-0.0.1/manifest.yml delete mode 100644 dev/package-beats/uwsgi-0.0.1/manifest.yml delete mode 100644 dev/package-beats/vsphere-0.0.1/manifest.yml delete mode 100644 dev/package-beats/windows-0.0.1/manifest.yml delete mode 100644 dev/package-beats/zeek-0.0.1/manifest.yml delete mode 100644 dev/package-beats/zookeeper-0.0.1/manifest.yml diff --git a/dev/import-beats/fields.go b/dev/import-beats/fields.go index b63f3d3af..76a311926 100644 --- a/dev/import-beats/fields.go +++ b/dev/import-beats/fields.go @@ -1,3 +1,7 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + package main import ( @@ -12,8 +16,8 @@ import ( type fields []fieldsEntry type fieldsEntry struct { - Key string - Title *string + Key string + Title *string Description string } diff --git a/dev/import-beats/main.go b/dev/import-beats/main.go index 7fa7a96ac..e886e3556 100644 --- a/dev/import-beats/main.go +++ b/dev/import-beats/main.go @@ -35,21 +35,21 @@ func main() { // where logs and metrics are distributed with different beats (oriented either on logs or metrics - metricbeat, // filebeat, etc.). func build(beatsDir, outputDir string) error { - packages := packageMap{} + repository := newPackageRepository() for _, beatName := range logSources { - err := packages.loadFromSource(beatsDir, beatName, "logs") + err := repository.loadFromSource(beatsDir, beatName, "logs") if err != nil { return errors.Wrap(err, "loading logs source failed") } } for _, beatName := range metricSources { - err := packages.loadFromSource(beatsDir, beatName, "metrics") + err := repository.loadFromSource(beatsDir, beatName, "metrics") if err != nil { return errors.Wrap(err, "loading metrics source failed") } } - return packages.writePackages(outputDir) + return repository.save(outputDir) } diff --git a/dev/import-beats/packages.go b/dev/import-beats/packages.go index 6d9d4e4d7..067818ef8 100644 --- a/dev/import-beats/packages.go +++ b/dev/import-beats/packages.go @@ -9,6 +9,7 @@ import ( "log" "os" "path/filepath" + "strings" "github.com/pkg/errors" "gopkg.in/yaml.v2" @@ -16,11 +17,48 @@ import ( "github.com/elastic/package-registry/util" ) -var ignoredModules = map[string]bool{ "apache2": true } +var ignoredModules = map[string]bool{"apache2": true} -type packageMap map[string]*util.Package +type packageContent struct { + manifest util.Package + datasets map[string]datasetContent +} + +func newPackageContent(name string) packageContent { + title := strings.Title(name) + return packageContent{ + manifest: util.Package{ + FormatVersion: "1.0.0", + Name: name, + Description: strings.Title(name + " integration"), + Title: &title, + Version: "0.0.1", // TODO + Type: "integration", + License: "basic", + }, + datasets: map[string]datasetContent{}, + } +} + +type datasetContent struct { + fields fieldsContent +} + +type fieldsContent struct { + files map[string]fields +} + +type packageRepository struct { + packages map[string]packageContent +} -func (p packageMap) loadFromSource(beatsDir, beatName, packageType string) error { +func newPackageRepository() *packageRepository { + return &packageRepository{ + packages: map[string]packageContent{}, + } +} + +func (r *packageRepository) loadFromSource(beatsDir, beatName, packageType string) error { beatPath := filepath.Join(beatsDir, beatName) beatModulesPath := filepath.Join(beatPath, "module") @@ -29,11 +67,6 @@ func (p packageMap) loadFromSource(beatsDir, beatName, packageType string) error return errors.Wrapf(err, "cannot read directory '%s'", beatModulesPath) } - fieldsFile, err := loadFields(beatPath) - if err != nil { - return errors.Wrapf(err, "loading fields failed") - } - for _, moduleDir := range moduleDirs { if !moduleDir.IsDir() { continue @@ -45,40 +78,33 @@ func (p packageMap) loadFromSource(beatsDir, beatName, packageType string) error continue } - _, ok := p[moduleDir.Name()] + _, ok := r.packages[moduleDir.Name()] if !ok { - p[moduleDir.Name()] = &util.Package{ - FormatVersion: "1.0.0", - Name: moduleDir.Name(), - Version: "0.0.1", // TODO - Type: "integration", - License: "basic", - } + r.packages[moduleDir.Name()] = newPackageContent(moduleDir.Name()) } - fieldsEntry, err := fieldsFile.getEntry(moduleDir.Name()) - if err != nil { - return errors.Wrapf(err, "retrieving fields entry failed") - } - - p[moduleDir.Name()].Categories = append(p[moduleDir.Name()].Categories, packageType) - p[moduleDir.Name()].Title = fieldsEntry.Title - p[moduleDir.Name()].Description = fieldsEntry.Description + aPackage := r.packages[moduleDir.Name()] + manifest := aPackage.manifest + manifest.Categories = append(manifest.Categories, packageType) + aPackage.manifest = manifest + r.packages[moduleDir.Name()] = aPackage } return nil } -func (p packageMap) writePackages(outputDir string) error { - for name, content := range p { - log.Printf("Writing package '%s' (version: %s)\n", name, content.Version) +func (r *packageRepository) save(outputDir string) error { + for name, content := range r.packages { + manifest := content.manifest + + log.Printf("Writing package '%s' (version: %s)\n", name, manifest.Version) - path := filepath.Join(outputDir, name+"-"+content.Version) + path := filepath.Join(outputDir, name+"-"+manifest.Version) err := os.MkdirAll(path, 0755) if err != nil { return errors.Wrapf(err, "cannot make directory '%s'", path) } - m, err := yaml.Marshal(content) + m, err := yaml.Marshal(content.manifest) if err != nil { return errors.Wrapf(err, "marshaling package content failed (package name: %s)", name) } diff --git a/dev/package-beats/activemq-0.0.1/manifest.yml b/dev/package-beats/activemq-0.0.1/manifest.yml deleted file mode 100644 index bca3c8427..000000000 --- a/dev/package-beats/activemq-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: activemq -title: activemq -version: 0.0.1 -license: basic -description: | - activemq module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/aerospike-0.0.1/manifest.yml b/dev/package-beats/aerospike-0.0.1/manifest.yml deleted file mode 100644 index 19ca420d6..000000000 --- a/dev/package-beats/aerospike-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: aerospike -title: Aerospike -version: 0.0.1 -license: basic -description: | - Aerospike module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/apache-0.0.1/manifest.yml b/dev/package-beats/apache-0.0.1/manifest.yml deleted file mode 100644 index c423372ec..000000000 --- a/dev/package-beats/apache-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: apache -title: Apache -version: 0.0.1 -license: basic -description: | - Apache HTTPD server metricsets collected from the Apache web server. -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/apache2-0.0.1/manifest.yml b/dev/package-beats/apache2-0.0.1/manifest.yml deleted file mode 100644 index 1e255afe6..000000000 --- a/dev/package-beats/apache2-0.0.1/manifest.yml +++ /dev/null @@ -1,11 +0,0 @@ -format_version: 1.0.0 -name: apache2 -version: 0.0.1 -license: basic -description: "" -type: integration -categories: -- logs -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/appsearch-0.0.1/manifest.yml b/dev/package-beats/appsearch-0.0.1/manifest.yml deleted file mode 100644 index 84354c80f..000000000 --- a/dev/package-beats/appsearch-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: appsearch -title: App Search -version: 0.0.1 -license: basic -description: | - App Search module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/auditd-0.0.1/manifest.yml b/dev/package-beats/auditd-0.0.1/manifest.yml deleted file mode 100644 index 62cb79572..000000000 --- a/dev/package-beats/auditd-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: auditd -title: Auditd -version: 0.0.1 -license: basic -description: | - Module for parsing auditd logs. -type: integration -categories: -- logs -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/aws-0.0.1/manifest.yml b/dev/package-beats/aws-0.0.1/manifest.yml deleted file mode 100644 index e312895e0..000000000 --- a/dev/package-beats/aws-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: aws -title: aws -version: 0.0.1 -license: basic -description: | - `aws` module collects AWS monitoring metrics from AWS Cloudwatch. -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/azure-0.0.1/manifest.yml b/dev/package-beats/azure-0.0.1/manifest.yml deleted file mode 100644 index ac0a1309c..000000000 --- a/dev/package-beats/azure-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: azure -title: azure -version: 0.0.1 -license: basic -description: | - azure module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/beat-0.0.1/manifest.yml b/dev/package-beats/beat-0.0.1/manifest.yml deleted file mode 100644 index 782a49ee1..000000000 --- a/dev/package-beats/beat-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: beat -title: Beat -version: 0.0.1 -license: basic -description: | - Contains common beat fields available in all event types. -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/cef-0.0.1/manifest.yml b/dev/package-beats/cef-0.0.1/manifest.yml deleted file mode 100644 index dcb03a3c3..000000000 --- a/dev/package-beats/cef-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: cef -title: Decode CEF processor fields -version: 0.0.1 -license: basic -description: | - Common Event Format (CEF) data. -type: integration -categories: -- logs -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/ceph-0.0.1/manifest.yml b/dev/package-beats/ceph-0.0.1/manifest.yml deleted file mode 100644 index ae52affaa..000000000 --- a/dev/package-beats/ceph-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: ceph -title: Ceph -version: 0.0.1 -license: basic -description: | - Ceph module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/cisco-0.0.1/manifest.yml b/dev/package-beats/cisco-0.0.1/manifest.yml deleted file mode 100644 index cbd0930eb..000000000 --- a/dev/package-beats/cisco-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: cisco -title: Cisco -version: 0.0.1 -license: basic -description: | - Module for handling Cisco network device logs. -type: integration -categories: -- logs -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/cloudfoundry-0.0.1/manifest.yml b/dev/package-beats/cloudfoundry-0.0.1/manifest.yml deleted file mode 100644 index 26918b7cf..000000000 --- a/dev/package-beats/cloudfoundry-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: cloudfoundry -title: cloudfoundry -version: 0.0.1 -license: basic -description: | - Cloud Foundry module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/cockroachdb-0.0.1/manifest.yml b/dev/package-beats/cockroachdb-0.0.1/manifest.yml deleted file mode 100644 index 027759721..000000000 --- a/dev/package-beats/cockroachdb-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: cockroachdb -title: CockroachDB -version: 0.0.1 -license: basic -description: | - CockroachDB module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/consul-0.0.1/manifest.yml b/dev/package-beats/consul-0.0.1/manifest.yml deleted file mode 100644 index 180dfa115..000000000 --- a/dev/package-beats/consul-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: consul -title: consul -version: 0.0.1 -license: basic -description: | - Consul module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/coredns-0.0.1/manifest.yml b/dev/package-beats/coredns-0.0.1/manifest.yml deleted file mode 100644 index a6cb85509..000000000 --- a/dev/package-beats/coredns-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: coredns -title: coredns -version: 0.0.1 -license: basic -description: | - coredns Module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/couchbase-0.0.1/manifest.yml b/dev/package-beats/couchbase-0.0.1/manifest.yml deleted file mode 100644 index 263df3da0..000000000 --- a/dev/package-beats/couchbase-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: couchbase -title: Couchbase -version: 0.0.1 -license: basic -description: | - Metrics collected from Couchbase servers. -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/couchdb-0.0.1/manifest.yml b/dev/package-beats/couchdb-0.0.1/manifest.yml deleted file mode 100644 index fba6d69df..000000000 --- a/dev/package-beats/couchdb-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: couchdb -title: couchdb -version: 0.0.1 -license: basic -description: | - couchdb module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/docker-0.0.1/manifest.yml b/dev/package-beats/docker-0.0.1/manifest.yml deleted file mode 100644 index 3398e04c2..000000000 --- a/dev/package-beats/docker-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: docker -title: Docker -version: 0.0.1 -license: basic -description: | - Docker stats collected from Docker. -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/dropwizard-0.0.1/manifest.yml b/dev/package-beats/dropwizard-0.0.1/manifest.yml deleted file mode 100644 index 999abc1ee..000000000 --- a/dev/package-beats/dropwizard-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: dropwizard -title: Dropwizard -version: 0.0.1 -license: basic -description: | - Stats collected from Dropwizard. -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/elasticsearch-0.0.1/manifest.yml b/dev/package-beats/elasticsearch-0.0.1/manifest.yml deleted file mode 100644 index f51190490..000000000 --- a/dev/package-beats/elasticsearch-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: elasticsearch -title: Elasticsearch -version: 0.0.1 -license: basic -description: | - Elasticsearch module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/envoyproxy-0.0.1/manifest.yml b/dev/package-beats/envoyproxy-0.0.1/manifest.yml deleted file mode 100644 index 989ae09e7..000000000 --- a/dev/package-beats/envoyproxy-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: envoyproxy -title: envoyproxy -version: 0.0.1 -license: basic -description: | - envoyproxy module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/etcd-0.0.1/manifest.yml b/dev/package-beats/etcd-0.0.1/manifest.yml deleted file mode 100644 index e02d426ad..000000000 --- a/dev/package-beats/etcd-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: etcd -title: Etcd -version: 0.0.1 -license: basic -description: | - etcd Module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/golang-0.0.1/manifest.yml b/dev/package-beats/golang-0.0.1/manifest.yml deleted file mode 100644 index 632a6bebf..000000000 --- a/dev/package-beats/golang-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: golang -title: Golang -version: 0.0.1 -license: basic -description: | - Golang module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/googlecloud-0.0.1/manifest.yml b/dev/package-beats/googlecloud-0.0.1/manifest.yml deleted file mode 100644 index 2bd740915..000000000 --- a/dev/package-beats/googlecloud-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: googlecloud -title: Google Cloud Platform -version: 0.0.1 -license: basic -description: | - GCP module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/graphite-0.0.1/manifest.yml b/dev/package-beats/graphite-0.0.1/manifest.yml deleted file mode 100644 index 39fccb12b..000000000 --- a/dev/package-beats/graphite-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: graphite -title: Graphite -version: 0.0.1 -license: basic -description: | - graphite Module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/haproxy-0.0.1/manifest.yml b/dev/package-beats/haproxy-0.0.1/manifest.yml deleted file mode 100644 index 39d324a10..000000000 --- a/dev/package-beats/haproxy-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: haproxy -title: HAProxy -version: 0.0.1 -license: basic -description: | - HAProxy Module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/http-0.0.1/manifest.yml b/dev/package-beats/http-0.0.1/manifest.yml deleted file mode 100644 index e36a65641..000000000 --- a/dev/package-beats/http-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: http -title: HTTP -version: 0.0.1 -license: basic -description: | - HTTP module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/ibmmq-0.0.1/manifest.yml b/dev/package-beats/ibmmq-0.0.1/manifest.yml deleted file mode 100644 index e7bde3b1c..000000000 --- a/dev/package-beats/ibmmq-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: ibmmq -title: IBM MQ -version: 0.0.1 -license: basic -description: | - IBM MQ module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/icinga-0.0.1/manifest.yml b/dev/package-beats/icinga-0.0.1/manifest.yml deleted file mode 100644 index aafbc0963..000000000 --- a/dev/package-beats/icinga-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: icinga -title: Icinga -version: 0.0.1 -license: basic -description: | - Icinga Module -type: integration -categories: -- logs -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/iis-0.0.1/manifest.yml b/dev/package-beats/iis-0.0.1/manifest.yml deleted file mode 100644 index f61e91abc..000000000 --- a/dev/package-beats/iis-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: iis -title: iis -version: 0.0.1 -license: basic -description: | - iis module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/iptables-0.0.1/manifest.yml b/dev/package-beats/iptables-0.0.1/manifest.yml deleted file mode 100644 index 5d13d2dd9..000000000 --- a/dev/package-beats/iptables-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: iptables -title: iptables -version: 0.0.1 -license: basic -description: | - Module for handling the iptables logs. -type: integration -categories: -- logs -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/istio-0.0.1/manifest.yml b/dev/package-beats/istio-0.0.1/manifest.yml deleted file mode 100644 index 82612f565..000000000 --- a/dev/package-beats/istio-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: istio -title: istio -version: 0.0.1 -license: basic -description: | - istio Module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/jolokia-0.0.1/manifest.yml b/dev/package-beats/jolokia-0.0.1/manifest.yml deleted file mode 100644 index 1be040bef..000000000 --- a/dev/package-beats/jolokia-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: jolokia -title: Jolokia -version: 0.0.1 -license: basic -description: | - Jolokia module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/kafka-0.0.1/manifest.yml b/dev/package-beats/kafka-0.0.1/manifest.yml deleted file mode 100644 index 5832fd585..000000000 --- a/dev/package-beats/kafka-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: kafka -title: Kafka -version: 0.0.1 -license: basic -description: | - Kafka module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/kibana-0.0.1/manifest.yml b/dev/package-beats/kibana-0.0.1/manifest.yml deleted file mode 100644 index 1bce980ef..000000000 --- a/dev/package-beats/kibana-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: kibana -title: Kibana -version: 0.0.1 -license: basic -description: | - Kibana module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/kubernetes-0.0.1/manifest.yml b/dev/package-beats/kubernetes-0.0.1/manifest.yml deleted file mode 100644 index 2501c4434..000000000 --- a/dev/package-beats/kubernetes-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: kubernetes -title: Kubernetes -version: 0.0.1 -license: basic -description: | - Kubernetes metadata added by the kubernetes processor -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/kvm-0.0.1/manifest.yml b/dev/package-beats/kvm-0.0.1/manifest.yml deleted file mode 100644 index 88331f1e4..000000000 --- a/dev/package-beats/kvm-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: kvm -title: kvm -version: 0.0.1 -license: basic -description: | - kvm module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/logstash-0.0.1/manifest.yml b/dev/package-beats/logstash-0.0.1/manifest.yml deleted file mode 100644 index b416cb9ca..000000000 --- a/dev/package-beats/logstash-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: logstash -title: Logstash -version: 0.0.1 -license: basic -description: | - Logstash module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/memcached-0.0.1/manifest.yml b/dev/package-beats/memcached-0.0.1/manifest.yml deleted file mode 100644 index 26719e3ce..000000000 --- a/dev/package-beats/memcached-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: memcached -title: Memcached -version: 0.0.1 -license: basic -description: | - Memcached module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/misp-0.0.1/manifest.yml b/dev/package-beats/misp-0.0.1/manifest.yml deleted file mode 100644 index 3e64a0552..000000000 --- a/dev/package-beats/misp-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: misp -title: MISP -version: 0.0.1 -license: basic -description: | - Module for handling threat information from MISP. -type: integration -categories: -- logs -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/mongodb-0.0.1/manifest.yml b/dev/package-beats/mongodb-0.0.1/manifest.yml deleted file mode 100644 index aef337033..000000000 --- a/dev/package-beats/mongodb-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: mongodb -title: MongoDB -version: 0.0.1 -license: basic -description: | - Metrics collected from MongoDB servers. -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/mssql-0.0.1/manifest.yml b/dev/package-beats/mssql-0.0.1/manifest.yml deleted file mode 100644 index be9400826..000000000 --- a/dev/package-beats/mssql-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: mssql -title: MSSQL -version: 0.0.1 -license: basic -description: MS SQL module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/munin-0.0.1/manifest.yml b/dev/package-beats/munin-0.0.1/manifest.yml deleted file mode 100644 index a2fd67b85..000000000 --- a/dev/package-beats/munin-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: munin -title: Munin -version: 0.0.1 -license: basic -description: | - Munin node metrics exporter -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/mysql-0.0.1/manifest.yml b/dev/package-beats/mysql-0.0.1/manifest.yml deleted file mode 100644 index fe8ffcf8e..000000000 --- a/dev/package-beats/mysql-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: mysql -title: MySQL -version: 0.0.1 -license: basic -description: | - MySQL server status metrics collected from MySQL. -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/nats-0.0.1/manifest.yml b/dev/package-beats/nats-0.0.1/manifest.yml deleted file mode 100644 index 80f26f22e..000000000 --- a/dev/package-beats/nats-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: nats -title: Nats -version: 0.0.1 -license: basic -description: | - nats Module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/netflow-0.0.1/manifest.yml b/dev/package-beats/netflow-0.0.1/manifest.yml deleted file mode 100644 index 8700fc43e..000000000 --- a/dev/package-beats/netflow-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: netflow -title: NetFlow -version: 0.0.1 -license: basic -description: | - Fields from NetFlow and IPFIX flows. -type: integration -categories: -- logs -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/nginx-0.0.1/manifest.yml b/dev/package-beats/nginx-0.0.1/manifest.yml deleted file mode 100644 index 8048d27e3..000000000 --- a/dev/package-beats/nginx-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: nginx -title: Nginx -version: 0.0.1 -license: basic -description: | - Nginx server status metrics collected from various modules. -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/oracle-0.0.1/manifest.yml b/dev/package-beats/oracle-0.0.1/manifest.yml deleted file mode 100644 index deec28979..000000000 --- a/dev/package-beats/oracle-0.0.1/manifest.yml +++ /dev/null @@ -1,12 +0,0 @@ -format_version: 1.0.0 -name: oracle -title: Oracle -version: 0.0.1 -license: basic -description: Oracle database module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/osquery-0.0.1/manifest.yml b/dev/package-beats/osquery-0.0.1/manifest.yml deleted file mode 100644 index c5b9be9d4..000000000 --- a/dev/package-beats/osquery-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: osquery -title: Osquery -version: 0.0.1 -license: basic -description: | - Fields exported by the `osquery` module -type: integration -categories: -- logs -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/panw-0.0.1/manifest.yml b/dev/package-beats/panw-0.0.1/manifest.yml deleted file mode 100644 index 3b0d6ce0a..000000000 --- a/dev/package-beats/panw-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: panw -title: panw -version: 0.0.1 -license: basic -description: | - Module for Palo Alto Networks (PAN-OS) -type: integration -categories: -- logs -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/php_fpm-0.0.1/manifest.yml b/dev/package-beats/php_fpm-0.0.1/manifest.yml deleted file mode 100644 index afe2a943b..000000000 --- a/dev/package-beats/php_fpm-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: php_fpm -title: PHP_FPM -version: 0.0.1 -license: basic -description: | - PHP-FPM server status metrics collected from PHP-FPM. -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/postgresql-0.0.1/manifest.yml b/dev/package-beats/postgresql-0.0.1/manifest.yml deleted file mode 100644 index b301cee72..000000000 --- a/dev/package-beats/postgresql-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: postgresql -title: PostgreSQL -version: 0.0.1 -license: basic -description: | - Metrics collected from PostgreSQL servers. -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/prometheus-0.0.1/manifest.yml b/dev/package-beats/prometheus-0.0.1/manifest.yml deleted file mode 100644 index f69becc00..000000000 --- a/dev/package-beats/prometheus-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: prometheus -title: Prometheus -version: 0.0.1 -license: basic -description: | - Stats scraped from a Prometheus endpoint. -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/rabbitmq-0.0.1/manifest.yml b/dev/package-beats/rabbitmq-0.0.1/manifest.yml deleted file mode 100644 index cea23610f..000000000 --- a/dev/package-beats/rabbitmq-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: rabbitmq -title: RabbitMQ -version: 0.0.1 -license: basic -description: | - RabbitMQ module -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/redis-0.0.1/manifest.yml b/dev/package-beats/redis-0.0.1/manifest.yml deleted file mode 100644 index 77d5953c1..000000000 --- a/dev/package-beats/redis-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: redis -title: Redis -version: 0.0.1 -license: basic -description: | - Redis metrics collected from Redis. -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/redisenterprise-0.0.1/manifest.yml b/dev/package-beats/redisenterprise-0.0.1/manifest.yml deleted file mode 100644 index 98f00e73f..000000000 --- a/dev/package-beats/redisenterprise-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: redisenterprise -title: Redis Enterprise -version: 0.0.1 -license: basic -description: | - Redis metrics collected from Redis Enterprise Server. -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/santa-0.0.1/manifest.yml b/dev/package-beats/santa-0.0.1/manifest.yml deleted file mode 100644 index 0ed3c7d01..000000000 --- a/dev/package-beats/santa-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: santa -title: Google Santa -version: 0.0.1 -license: basic -description: | - Santa Module -type: integration -categories: -- logs -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/sql-0.0.1/manifest.yml b/dev/package-beats/sql-0.0.1/manifest.yml deleted file mode 100644 index eb083d62f..000000000 --- a/dev/package-beats/sql-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: sql -title: sql -version: 0.0.1 -license: basic -description: | - SQL module fetches metrics from a SQL database -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/stan-0.0.1/manifest.yml b/dev/package-beats/stan-0.0.1/manifest.yml deleted file mode 100644 index 3c10e89c8..000000000 --- a/dev/package-beats/stan-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: stan -title: Stan -version: 0.0.1 -license: basic -description: | - stan Module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/statsd-0.0.1/manifest.yml b/dev/package-beats/statsd-0.0.1/manifest.yml deleted file mode 100644 index b9186d3c0..000000000 --- a/dev/package-beats/statsd-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: statsd -title: Statsd -version: 0.0.1 -license: basic -description: | - Statsd module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/suricata-0.0.1/manifest.yml b/dev/package-beats/suricata-0.0.1/manifest.yml deleted file mode 100644 index 9d82d80b2..000000000 --- a/dev/package-beats/suricata-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: suricata -title: Suricata -version: 0.0.1 -license: basic -description: | - Module for handling the EVE JSON logs produced by Suricata. -type: integration -categories: -- logs -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/system-0.0.1/manifest.yml b/dev/package-beats/system-0.0.1/manifest.yml deleted file mode 100644 index 066531d91..000000000 --- a/dev/package-beats/system-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: system -title: System -version: 0.0.1 -license: basic -description: | - System status metrics, like CPU and memory usage, that are collected from the operating system. -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/tomcat-0.0.1/manifest.yml b/dev/package-beats/tomcat-0.0.1/manifest.yml deleted file mode 100644 index 1f85bc26f..000000000 --- a/dev/package-beats/tomcat-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: tomcat -title: Tomcat -version: 0.0.1 -license: basic -description: | - Tomcat module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/traefik-0.0.1/manifest.yml b/dev/package-beats/traefik-0.0.1/manifest.yml deleted file mode 100644 index c2deb5b0d..000000000 --- a/dev/package-beats/traefik-0.0.1/manifest.yml +++ /dev/null @@ -1,14 +0,0 @@ -format_version: 1.0.0 -name: traefik -title: traefik -version: 0.0.1 -license: basic -description: | - Traefik reverse proxy / load balancer metrics -type: integration -categories: -- logs -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/uwsgi-0.0.1/manifest.yml b/dev/package-beats/uwsgi-0.0.1/manifest.yml deleted file mode 100644 index 24899ccd8..000000000 --- a/dev/package-beats/uwsgi-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: uwsgi -title: uwsgi -version: 0.0.1 -license: basic -description: | - uwsgi module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/vsphere-0.0.1/manifest.yml b/dev/package-beats/vsphere-0.0.1/manifest.yml deleted file mode 100644 index 0609d6075..000000000 --- a/dev/package-beats/vsphere-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: vsphere -title: vSphere -version: 0.0.1 -license: basic -description: | - vSphere module -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/windows-0.0.1/manifest.yml b/dev/package-beats/windows-0.0.1/manifest.yml deleted file mode 100644 index 1dce0f5a6..000000000 --- a/dev/package-beats/windows-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: windows -title: Windows -version: 0.0.1 -license: basic -description: | - Module for Windows -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/zeek-0.0.1/manifest.yml b/dev/package-beats/zeek-0.0.1/manifest.yml deleted file mode 100644 index 68a79afed..000000000 --- a/dev/package-beats/zeek-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: zeek -title: Zeek -version: 0.0.1 -license: basic -description: | - Module for handling logs produced by Zeek/Bro -type: integration -categories: -- logs -requirement: - kibana: - versions: "" diff --git a/dev/package-beats/zookeeper-0.0.1/manifest.yml b/dev/package-beats/zookeeper-0.0.1/manifest.yml deleted file mode 100644 index 8fc9d9c2f..000000000 --- a/dev/package-beats/zookeeper-0.0.1/manifest.yml +++ /dev/null @@ -1,13 +0,0 @@ -format_version: 1.0.0 -name: zookeeper -title: ZooKeeper -version: 0.0.1 -license: basic -description: | - ZooKeeper metrics collected by the four-letter monitoring commands. -type: integration -categories: -- metrics -requirement: - kibana: - versions: "" diff --git a/dev/packages/beats/activemq-0.0.1/manifest.yml b/dev/packages/beats/activemq-0.0.1/manifest.yml index 3e5839c30..542be5388 100644 --- a/dev/packages/beats/activemq-0.0.1/manifest.yml +++ b/dev/packages/beats/activemq-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: activemq +title: Activemq version: 0.0.1 license: basic -description: "" +description: Activemq Integration type: integration categories: - logs diff --git a/dev/packages/beats/aerospike-0.0.1/manifest.yml b/dev/packages/beats/aerospike-0.0.1/manifest.yml index 4960c7167..f6c8eade5 100644 --- a/dev/packages/beats/aerospike-0.0.1/manifest.yml +++ b/dev/packages/beats/aerospike-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: aerospike +title: Aerospike version: 0.0.1 -license: oss -description: "" +license: basic +description: Aerospike Integration type: integration categories: - metrics diff --git a/dev/packages/beats/apache-0.0.1/manifest.yml b/dev/packages/beats/apache-0.0.1/manifest.yml index a321f4f28..8a9081136 100644 --- a/dev/packages/beats/apache-0.0.1/manifest.yml +++ b/dev/packages/beats/apache-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: apache +title: Apache version: 0.0.1 -license: oss -description: "" +license: basic +description: Apache Integration type: integration categories: - logs diff --git a/dev/packages/beats/appsearch-0.0.1/manifest.yml b/dev/packages/beats/appsearch-0.0.1/manifest.yml index ad43abad2..76b242719 100644 --- a/dev/packages/beats/appsearch-0.0.1/manifest.yml +++ b/dev/packages/beats/appsearch-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: appsearch +title: Appsearch version: 0.0.1 license: basic -description: "" +description: Appsearch Integration type: integration categories: - metrics diff --git a/dev/packages/beats/auditd-0.0.1/manifest.yml b/dev/packages/beats/auditd-0.0.1/manifest.yml index 27b408b78..147b99043 100644 --- a/dev/packages/beats/auditd-0.0.1/manifest.yml +++ b/dev/packages/beats/auditd-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: auditd +title: Auditd version: 0.0.1 -license: oss -description: "" +license: basic +description: Auditd Integration type: integration categories: - logs diff --git a/dev/packages/beats/aws-0.0.1/manifest.yml b/dev/packages/beats/aws-0.0.1/manifest.yml index 9b4856f11..a7ca213b8 100644 --- a/dev/packages/beats/aws-0.0.1/manifest.yml +++ b/dev/packages/beats/aws-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: aws +title: Aws version: 0.0.1 license: basic -description: "" +description: Aws Integration type: integration categories: - logs diff --git a/dev/packages/beats/azure-0.0.1/manifest.yml b/dev/packages/beats/azure-0.0.1/manifest.yml index 56a0c59ab..b522c8ba1 100644 --- a/dev/packages/beats/azure-0.0.1/manifest.yml +++ b/dev/packages/beats/azure-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: azure +title: Azure version: 0.0.1 license: basic -description: "" +description: Azure Integration type: integration categories: - logs diff --git a/dev/packages/beats/beat-0.0.1/manifest.yml b/dev/packages/beats/beat-0.0.1/manifest.yml index f0c0941b6..d5a21dd88 100644 --- a/dev/packages/beats/beat-0.0.1/manifest.yml +++ b/dev/packages/beats/beat-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: beat +title: Beat version: 0.0.1 -license: oss -description: "" +license: basic +description: Beat Integration type: integration categories: - metrics diff --git a/dev/packages/beats/cef-0.0.1/manifest.yml b/dev/packages/beats/cef-0.0.1/manifest.yml index e5da3a751..3f1e29a92 100644 --- a/dev/packages/beats/cef-0.0.1/manifest.yml +++ b/dev/packages/beats/cef-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: cef +title: Cef version: 0.0.1 license: basic -description: "" +description: Cef Integration type: integration categories: - logs diff --git a/dev/packages/beats/ceph-0.0.1/manifest.yml b/dev/packages/beats/ceph-0.0.1/manifest.yml index b9db614ae..5b1227542 100644 --- a/dev/packages/beats/ceph-0.0.1/manifest.yml +++ b/dev/packages/beats/ceph-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: ceph +title: Ceph version: 0.0.1 -license: oss -description: "" +license: basic +description: Ceph Integration type: integration categories: - metrics diff --git a/dev/packages/beats/cisco-0.0.1/manifest.yml b/dev/packages/beats/cisco-0.0.1/manifest.yml index 8bc369597..b811b504f 100644 --- a/dev/packages/beats/cisco-0.0.1/manifest.yml +++ b/dev/packages/beats/cisco-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: cisco +title: Cisco version: 0.0.1 license: basic -description: "" +description: Cisco Integration type: integration categories: - logs diff --git a/dev/packages/beats/cloudfoundry-0.0.1/manifest.yml b/dev/packages/beats/cloudfoundry-0.0.1/manifest.yml index 17e74ee32..1f1a4159f 100644 --- a/dev/packages/beats/cloudfoundry-0.0.1/manifest.yml +++ b/dev/packages/beats/cloudfoundry-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: cloudfoundry +title: Cloudfoundry version: 0.0.1 license: basic -description: "" +description: Cloudfoundry Integration type: integration categories: - metrics diff --git a/dev/packages/beats/cockroachdb-0.0.1/manifest.yml b/dev/packages/beats/cockroachdb-0.0.1/manifest.yml index 4732459e0..88e218fe0 100644 --- a/dev/packages/beats/cockroachdb-0.0.1/manifest.yml +++ b/dev/packages/beats/cockroachdb-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: cockroachdb +title: Cockroachdb version: 0.0.1 license: basic -description: "" +description: Cockroachdb Integration type: integration categories: - metrics diff --git a/dev/packages/beats/consul-0.0.1/manifest.yml b/dev/packages/beats/consul-0.0.1/manifest.yml index c55a35e6c..410b2c633 100644 --- a/dev/packages/beats/consul-0.0.1/manifest.yml +++ b/dev/packages/beats/consul-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: consul +title: Consul version: 0.0.1 -license: oss -description: "" +license: basic +description: Consul Integration type: integration categories: - metrics diff --git a/dev/packages/beats/coredns-0.0.1/manifest.yml b/dev/packages/beats/coredns-0.0.1/manifest.yml index 417b2551c..0ff075180 100644 --- a/dev/packages/beats/coredns-0.0.1/manifest.yml +++ b/dev/packages/beats/coredns-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: coredns +title: Coredns version: 0.0.1 license: basic -description: "" +description: Coredns Integration type: integration categories: - logs diff --git a/dev/packages/beats/couchbase-0.0.1/manifest.yml b/dev/packages/beats/couchbase-0.0.1/manifest.yml index 7dad2c0d7..2c41c3cdd 100644 --- a/dev/packages/beats/couchbase-0.0.1/manifest.yml +++ b/dev/packages/beats/couchbase-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: couchbase +title: Couchbase version: 0.0.1 -license: oss -description: "" +license: basic +description: Couchbase Integration type: integration categories: - metrics diff --git a/dev/packages/beats/couchdb-0.0.1/manifest.yml b/dev/packages/beats/couchdb-0.0.1/manifest.yml index ac2b33867..3172939f1 100644 --- a/dev/packages/beats/couchdb-0.0.1/manifest.yml +++ b/dev/packages/beats/couchdb-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: couchdb +title: Couchdb version: 0.0.1 -license: oss -description: "" +license: basic +description: Couchdb Integration type: integration categories: - metrics diff --git a/dev/packages/beats/docker-0.0.1/manifest.yml b/dev/packages/beats/docker-0.0.1/manifest.yml index c93a00ca6..93ae75723 100644 --- a/dev/packages/beats/docker-0.0.1/manifest.yml +++ b/dev/packages/beats/docker-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: docker +title: Docker version: 0.0.1 -license: oss -description: "" +license: basic +description: Docker Integration type: integration categories: - metrics diff --git a/dev/packages/beats/dropwizard-0.0.1/manifest.yml b/dev/packages/beats/dropwizard-0.0.1/manifest.yml index 44fe431b6..cc51879be 100644 --- a/dev/packages/beats/dropwizard-0.0.1/manifest.yml +++ b/dev/packages/beats/dropwizard-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: dropwizard +title: Dropwizard version: 0.0.1 -license: oss -description: "" +license: basic +description: Dropwizard Integration type: integration categories: - metrics diff --git a/dev/packages/beats/elasticsearch-0.0.1/manifest.yml b/dev/packages/beats/elasticsearch-0.0.1/manifest.yml index ada922758..4ea8739ba 100644 --- a/dev/packages/beats/elasticsearch-0.0.1/manifest.yml +++ b/dev/packages/beats/elasticsearch-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: elasticsearch +title: Elasticsearch version: 0.0.1 -license: oss -description: "" +license: basic +description: Elasticsearch Integration type: integration categories: - logs diff --git a/dev/packages/beats/envoyproxy-0.0.1/manifest.yml b/dev/packages/beats/envoyproxy-0.0.1/manifest.yml index c3eda3442..43b3a5207 100644 --- a/dev/packages/beats/envoyproxy-0.0.1/manifest.yml +++ b/dev/packages/beats/envoyproxy-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: envoyproxy +title: Envoyproxy version: 0.0.1 license: basic -description: "" +description: Envoyproxy Integration type: integration categories: - logs diff --git a/dev/packages/beats/etcd-0.0.1/manifest.yml b/dev/packages/beats/etcd-0.0.1/manifest.yml index 245ce730b..4ab976580 100644 --- a/dev/packages/beats/etcd-0.0.1/manifest.yml +++ b/dev/packages/beats/etcd-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: etcd +title: Etcd version: 0.0.1 -license: oss -description: "" +license: basic +description: Etcd Integration type: integration categories: - metrics diff --git a/dev/packages/beats/golang-0.0.1/manifest.yml b/dev/packages/beats/golang-0.0.1/manifest.yml index 19560490e..f181b83d5 100644 --- a/dev/packages/beats/golang-0.0.1/manifest.yml +++ b/dev/packages/beats/golang-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: golang +title: Golang version: 0.0.1 -license: oss -description: "" +license: basic +description: Golang Integration type: integration categories: - metrics diff --git a/dev/packages/beats/googlecloud-0.0.1/manifest.yml b/dev/packages/beats/googlecloud-0.0.1/manifest.yml index 783563508..4d97ab98b 100644 --- a/dev/packages/beats/googlecloud-0.0.1/manifest.yml +++ b/dev/packages/beats/googlecloud-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: googlecloud +title: Googlecloud version: 0.0.1 license: basic -description: "" +description: Googlecloud Integration type: integration categories: - logs diff --git a/dev/packages/beats/graphite-0.0.1/manifest.yml b/dev/packages/beats/graphite-0.0.1/manifest.yml index fac601782..e04ff1d89 100644 --- a/dev/packages/beats/graphite-0.0.1/manifest.yml +++ b/dev/packages/beats/graphite-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: graphite +title: Graphite version: 0.0.1 -license: oss -description: "" +license: basic +description: Graphite Integration type: integration categories: - metrics diff --git a/dev/packages/beats/haproxy-0.0.1/manifest.yml b/dev/packages/beats/haproxy-0.0.1/manifest.yml index a49ef6665..8fa549c09 100644 --- a/dev/packages/beats/haproxy-0.0.1/manifest.yml +++ b/dev/packages/beats/haproxy-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: haproxy +title: Haproxy version: 0.0.1 -license: oss -description: "" +license: basic +description: Haproxy Integration type: integration categories: - logs diff --git a/dev/packages/beats/http-0.0.1/manifest.yml b/dev/packages/beats/http-0.0.1/manifest.yml index eabcbc463..af006c358 100644 --- a/dev/packages/beats/http-0.0.1/manifest.yml +++ b/dev/packages/beats/http-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: http +title: Http version: 0.0.1 -license: oss -description: "" +license: basic +description: Http Integration type: integration categories: - metrics diff --git a/dev/packages/beats/ibmmq-0.0.1/manifest.yml b/dev/packages/beats/ibmmq-0.0.1/manifest.yml index c49f73738..3542f06dc 100644 --- a/dev/packages/beats/ibmmq-0.0.1/manifest.yml +++ b/dev/packages/beats/ibmmq-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: ibmmq +title: Ibmmq version: 0.0.1 license: basic -description: "" +description: Ibmmq Integration type: integration categories: - logs diff --git a/dev/packages/beats/icinga-0.0.1/manifest.yml b/dev/packages/beats/icinga-0.0.1/manifest.yml index 93e981857..a87c00671 100644 --- a/dev/packages/beats/icinga-0.0.1/manifest.yml +++ b/dev/packages/beats/icinga-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: icinga +title: Icinga version: 0.0.1 -license: oss -description: "" +license: basic +description: Icinga Integration type: integration categories: - logs diff --git a/dev/packages/beats/iis-0.0.1/manifest.yml b/dev/packages/beats/iis-0.0.1/manifest.yml index e98a57992..d3b3ff3f0 100644 --- a/dev/packages/beats/iis-0.0.1/manifest.yml +++ b/dev/packages/beats/iis-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: iis +title: Iis version: 0.0.1 -license: oss -description: "" +license: basic +description: Iis Integration type: integration categories: - logs diff --git a/dev/packages/beats/iptables-0.0.1/manifest.yml b/dev/packages/beats/iptables-0.0.1/manifest.yml index 6553b1a62..995db107a 100644 --- a/dev/packages/beats/iptables-0.0.1/manifest.yml +++ b/dev/packages/beats/iptables-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: iptables +title: Iptables version: 0.0.1 license: basic -description: "" +description: Iptables Integration type: integration categories: - logs diff --git a/dev/packages/beats/istio-0.0.1/manifest.yml b/dev/packages/beats/istio-0.0.1/manifest.yml index 135b6939d..a7368191b 100644 --- a/dev/packages/beats/istio-0.0.1/manifest.yml +++ b/dev/packages/beats/istio-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: istio +title: Istio version: 0.0.1 license: basic -description: "" +description: Istio Integration type: integration categories: - metrics diff --git a/dev/packages/beats/jolokia-0.0.1/manifest.yml b/dev/packages/beats/jolokia-0.0.1/manifest.yml index 31dc61d03..4a06fb618 100644 --- a/dev/packages/beats/jolokia-0.0.1/manifest.yml +++ b/dev/packages/beats/jolokia-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: jolokia +title: Jolokia version: 0.0.1 -license: oss -description: "" +license: basic +description: Jolokia Integration type: integration categories: - metrics diff --git a/dev/packages/beats/kafka-0.0.1/manifest.yml b/dev/packages/beats/kafka-0.0.1/manifest.yml index 762800873..4429289aa 100644 --- a/dev/packages/beats/kafka-0.0.1/manifest.yml +++ b/dev/packages/beats/kafka-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: kafka +title: Kafka version: 0.0.1 -license: oss -description: "" +license: basic +description: Kafka Integration type: integration categories: - logs diff --git a/dev/packages/beats/kibana-0.0.1/manifest.yml b/dev/packages/beats/kibana-0.0.1/manifest.yml index 7922b7aa2..6bcf4dcb7 100644 --- a/dev/packages/beats/kibana-0.0.1/manifest.yml +++ b/dev/packages/beats/kibana-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: kibana +title: Kibana version: 0.0.1 -license: oss -description: "" +license: basic +description: Kibana Integration type: integration categories: - logs diff --git a/dev/packages/beats/kubernetes-0.0.1/manifest.yml b/dev/packages/beats/kubernetes-0.0.1/manifest.yml index 6b58d1c35..76783ee52 100644 --- a/dev/packages/beats/kubernetes-0.0.1/manifest.yml +++ b/dev/packages/beats/kubernetes-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: kubernetes +title: Kubernetes version: 0.0.1 -license: oss -description: "" +license: basic +description: Kubernetes Integration type: integration categories: - metrics diff --git a/dev/packages/beats/kvm-0.0.1/manifest.yml b/dev/packages/beats/kvm-0.0.1/manifest.yml index e8d4488e2..26c466153 100644 --- a/dev/packages/beats/kvm-0.0.1/manifest.yml +++ b/dev/packages/beats/kvm-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: kvm +title: Kvm version: 0.0.1 -license: oss -description: "" +license: basic +description: Kvm Integration type: integration categories: - metrics diff --git a/dev/packages/beats/logstash-0.0.1/manifest.yml b/dev/packages/beats/logstash-0.0.1/manifest.yml index b5d6fddf0..f3a13c397 100644 --- a/dev/packages/beats/logstash-0.0.1/manifest.yml +++ b/dev/packages/beats/logstash-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: logstash +title: Logstash version: 0.0.1 -license: oss -description: "" +license: basic +description: Logstash Integration type: integration categories: - logs diff --git a/dev/packages/beats/memcached-0.0.1/manifest.yml b/dev/packages/beats/memcached-0.0.1/manifest.yml index 2fec3e280..6f3e96156 100644 --- a/dev/packages/beats/memcached-0.0.1/manifest.yml +++ b/dev/packages/beats/memcached-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: memcached +title: Memcached version: 0.0.1 -license: oss -description: "" +license: basic +description: Memcached Integration type: integration categories: - metrics diff --git a/dev/packages/beats/misp-0.0.1/manifest.yml b/dev/packages/beats/misp-0.0.1/manifest.yml index cbb9b9587..4ed4dd461 100644 --- a/dev/packages/beats/misp-0.0.1/manifest.yml +++ b/dev/packages/beats/misp-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: misp +title: Misp version: 0.0.1 license: basic -description: "" +description: Misp Integration type: integration categories: - logs diff --git a/dev/packages/beats/mongodb-0.0.1/manifest.yml b/dev/packages/beats/mongodb-0.0.1/manifest.yml index f31607f15..0d3e5391d 100644 --- a/dev/packages/beats/mongodb-0.0.1/manifest.yml +++ b/dev/packages/beats/mongodb-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: mongodb +title: Mongodb version: 0.0.1 -license: oss -description: "" +license: basic +description: Mongodb Integration type: integration categories: - logs diff --git a/dev/packages/beats/mssql-0.0.1/manifest.yml b/dev/packages/beats/mssql-0.0.1/manifest.yml index 485b12ac7..3cad1446d 100644 --- a/dev/packages/beats/mssql-0.0.1/manifest.yml +++ b/dev/packages/beats/mssql-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: mssql +title: Mssql version: 0.0.1 license: basic -description: "" +description: Mssql Integration type: integration categories: - logs diff --git a/dev/packages/beats/munin-0.0.1/manifest.yml b/dev/packages/beats/munin-0.0.1/manifest.yml index b2ef6391d..ffa1c1c6e 100644 --- a/dev/packages/beats/munin-0.0.1/manifest.yml +++ b/dev/packages/beats/munin-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: munin +title: Munin version: 0.0.1 -license: oss -description: "" +license: basic +description: Munin Integration type: integration categories: - metrics diff --git a/dev/packages/beats/mysql-0.0.1/manifest.yml b/dev/packages/beats/mysql-0.0.1/manifest.yml index 5f090cf04..8535b93a7 100644 --- a/dev/packages/beats/mysql-0.0.1/manifest.yml +++ b/dev/packages/beats/mysql-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: mysql +title: Mysql version: 0.0.1 -license: oss -description: "" +license: basic +description: Mysql Integration type: integration categories: - logs diff --git a/dev/packages/beats/nats-0.0.1/manifest.yml b/dev/packages/beats/nats-0.0.1/manifest.yml index d6c0d770e..962e0b740 100644 --- a/dev/packages/beats/nats-0.0.1/manifest.yml +++ b/dev/packages/beats/nats-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: nats +title: Nats version: 0.0.1 -license: oss -description: "" +license: basic +description: Nats Integration type: integration categories: - logs diff --git a/dev/packages/beats/netflow-0.0.1/manifest.yml b/dev/packages/beats/netflow-0.0.1/manifest.yml index 99715d58c..726260a23 100644 --- a/dev/packages/beats/netflow-0.0.1/manifest.yml +++ b/dev/packages/beats/netflow-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: netflow +title: Netflow version: 0.0.1 license: basic -description: "" +description: Netflow Integration type: integration categories: - logs diff --git a/dev/packages/beats/nginx-0.0.1/manifest.yml b/dev/packages/beats/nginx-0.0.1/manifest.yml index d6e0d69cc..d60bc2bc3 100644 --- a/dev/packages/beats/nginx-0.0.1/manifest.yml +++ b/dev/packages/beats/nginx-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: nginx +title: Nginx version: 0.0.1 -license: oss -description: "" +license: basic +description: Nginx Integration type: integration categories: - logs diff --git a/dev/packages/beats/oracle-0.0.1/manifest.yml b/dev/packages/beats/oracle-0.0.1/manifest.yml index 3bb1bd9d8..4a9c590f3 100644 --- a/dev/packages/beats/oracle-0.0.1/manifest.yml +++ b/dev/packages/beats/oracle-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: oracle +title: Oracle version: 0.0.1 license: basic -description: "" +description: Oracle Integration type: integration categories: - metrics diff --git a/dev/packages/beats/osquery-0.0.1/manifest.yml b/dev/packages/beats/osquery-0.0.1/manifest.yml index 394031971..277709143 100644 --- a/dev/packages/beats/osquery-0.0.1/manifest.yml +++ b/dev/packages/beats/osquery-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: osquery +title: Osquery version: 0.0.1 -license: oss -description: "" +license: basic +description: Osquery Integration type: integration categories: - logs diff --git a/dev/packages/beats/panw-0.0.1/manifest.yml b/dev/packages/beats/panw-0.0.1/manifest.yml index 1027ef130..48eadfc09 100644 --- a/dev/packages/beats/panw-0.0.1/manifest.yml +++ b/dev/packages/beats/panw-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: panw +title: Panw version: 0.0.1 license: basic -description: "" +description: Panw Integration type: integration categories: - logs diff --git a/dev/packages/beats/php_fpm-0.0.1/manifest.yml b/dev/packages/beats/php_fpm-0.0.1/manifest.yml index d4872c911..f4b6afd7c 100644 --- a/dev/packages/beats/php_fpm-0.0.1/manifest.yml +++ b/dev/packages/beats/php_fpm-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: php_fpm +title: Php_fpm version: 0.0.1 -license: oss -description: "" +license: basic +description: Php_fpm Integration type: integration categories: - metrics diff --git a/dev/packages/beats/postgresql-0.0.1/manifest.yml b/dev/packages/beats/postgresql-0.0.1/manifest.yml index fcc401280..92b5361d1 100644 --- a/dev/packages/beats/postgresql-0.0.1/manifest.yml +++ b/dev/packages/beats/postgresql-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: postgresql +title: Postgresql version: 0.0.1 -license: oss -description: "" +license: basic +description: Postgresql Integration type: integration categories: - logs diff --git a/dev/packages/beats/prometheus-0.0.1/manifest.yml b/dev/packages/beats/prometheus-0.0.1/manifest.yml index b311d48b7..4ac88d429 100644 --- a/dev/packages/beats/prometheus-0.0.1/manifest.yml +++ b/dev/packages/beats/prometheus-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: prometheus +title: Prometheus version: 0.0.1 -license: oss -description: "" +license: basic +description: Prometheus Integration type: integration categories: - metrics diff --git a/dev/packages/beats/rabbitmq-0.0.1/manifest.yml b/dev/packages/beats/rabbitmq-0.0.1/manifest.yml index 38b2aae84..14a2b2fe9 100644 --- a/dev/packages/beats/rabbitmq-0.0.1/manifest.yml +++ b/dev/packages/beats/rabbitmq-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: rabbitmq +title: Rabbitmq version: 0.0.1 license: basic -description: "" +description: Rabbitmq Integration type: integration categories: - logs diff --git a/dev/packages/beats/redis-0.0.1/manifest.yml b/dev/packages/beats/redis-0.0.1/manifest.yml index e47119e3c..db439fd87 100644 --- a/dev/packages/beats/redis-0.0.1/manifest.yml +++ b/dev/packages/beats/redis-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: redis +title: Redis version: 0.0.1 -license: oss -description: "" +license: basic +description: Redis Integration type: integration categories: - logs diff --git a/dev/packages/beats/redisenterprise-0.0.1/manifest.yml b/dev/packages/beats/redisenterprise-0.0.1/manifest.yml index 7b52da675..60ff78906 100644 --- a/dev/packages/beats/redisenterprise-0.0.1/manifest.yml +++ b/dev/packages/beats/redisenterprise-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: redisenterprise +title: Redisenterprise version: 0.0.1 license: basic -description: "" +description: Redisenterprise Integration type: integration categories: - metrics diff --git a/dev/packages/beats/santa-0.0.1/manifest.yml b/dev/packages/beats/santa-0.0.1/manifest.yml index 164525fdc..61dc52eb5 100644 --- a/dev/packages/beats/santa-0.0.1/manifest.yml +++ b/dev/packages/beats/santa-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: santa +title: Santa version: 0.0.1 -license: oss -description: "" +license: basic +description: Santa Integration type: integration categories: - logs diff --git a/dev/packages/beats/sql-0.0.1/manifest.yml b/dev/packages/beats/sql-0.0.1/manifest.yml index 508f2ba83..c5a5d4103 100644 --- a/dev/packages/beats/sql-0.0.1/manifest.yml +++ b/dev/packages/beats/sql-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: sql +title: Sql version: 0.0.1 license: basic -description: "" +description: Sql Integration type: integration categories: - metrics diff --git a/dev/packages/beats/stan-0.0.1/manifest.yml b/dev/packages/beats/stan-0.0.1/manifest.yml index 2b8a9e927..a9635fbba 100644 --- a/dev/packages/beats/stan-0.0.1/manifest.yml +++ b/dev/packages/beats/stan-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: stan +title: Stan version: 0.0.1 license: basic -description: "" +description: Stan Integration type: integration categories: - metrics diff --git a/dev/packages/beats/statsd-0.0.1/manifest.yml b/dev/packages/beats/statsd-0.0.1/manifest.yml index 1bb9d0c7f..2ddc5e1e9 100644 --- a/dev/packages/beats/statsd-0.0.1/manifest.yml +++ b/dev/packages/beats/statsd-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: statsd +title: Statsd version: 0.0.1 license: basic -description: "" +description: Statsd Integration type: integration categories: - metrics diff --git a/dev/packages/beats/suricata-0.0.1/manifest.yml b/dev/packages/beats/suricata-0.0.1/manifest.yml index cd6ba835d..0bcbbba2b 100644 --- a/dev/packages/beats/suricata-0.0.1/manifest.yml +++ b/dev/packages/beats/suricata-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: suricata +title: Suricata version: 0.0.1 license: basic -description: "" +description: Suricata Integration type: integration categories: - logs diff --git a/dev/packages/beats/system-0.0.1/manifest.yml b/dev/packages/beats/system-0.0.1/manifest.yml index c80e200aa..62603b5d3 100644 --- a/dev/packages/beats/system-0.0.1/manifest.yml +++ b/dev/packages/beats/system-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: system +title: System version: 0.0.1 -license: oss -description: "" +license: basic +description: System Integration type: integration categories: - logs diff --git a/dev/packages/beats/tomcat-0.0.1/manifest.yml b/dev/packages/beats/tomcat-0.0.1/manifest.yml index 906b6fe5c..f4aced420 100644 --- a/dev/packages/beats/tomcat-0.0.1/manifest.yml +++ b/dev/packages/beats/tomcat-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: tomcat +title: Tomcat version: 0.0.1 license: basic -description: "" +description: Tomcat Integration type: integration categories: - metrics diff --git a/dev/packages/beats/traefik-0.0.1/manifest.yml b/dev/packages/beats/traefik-0.0.1/manifest.yml index 0c09d328b..986542ec9 100644 --- a/dev/packages/beats/traefik-0.0.1/manifest.yml +++ b/dev/packages/beats/traefik-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: traefik +title: Traefik version: 0.0.1 -license: oss -description: "" +license: basic +description: Traefik Integration type: integration categories: - logs diff --git a/dev/packages/beats/uwsgi-0.0.1/manifest.yml b/dev/packages/beats/uwsgi-0.0.1/manifest.yml index 900bc1aac..4fafd2218 100644 --- a/dev/packages/beats/uwsgi-0.0.1/manifest.yml +++ b/dev/packages/beats/uwsgi-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: uwsgi +title: Uwsgi version: 0.0.1 -license: oss -description: "" +license: basic +description: Uwsgi Integration type: integration categories: - metrics diff --git a/dev/packages/beats/vsphere-0.0.1/manifest.yml b/dev/packages/beats/vsphere-0.0.1/manifest.yml index 32d960ebe..a4df44c63 100644 --- a/dev/packages/beats/vsphere-0.0.1/manifest.yml +++ b/dev/packages/beats/vsphere-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: vsphere +title: Vsphere version: 0.0.1 -license: oss -description: "" +license: basic +description: Vsphere Integration type: integration categories: - metrics diff --git a/dev/packages/beats/windows-0.0.1/manifest.yml b/dev/packages/beats/windows-0.0.1/manifest.yml index b4384e50d..767c409ad 100644 --- a/dev/packages/beats/windows-0.0.1/manifest.yml +++ b/dev/packages/beats/windows-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: windows +title: Windows version: 0.0.1 -license: oss -description: "" +license: basic +description: Windows Integration type: integration categories: - metrics diff --git a/dev/packages/beats/zeek-0.0.1/manifest.yml b/dev/packages/beats/zeek-0.0.1/manifest.yml index b9d8955bd..d236d7f31 100644 --- a/dev/packages/beats/zeek-0.0.1/manifest.yml +++ b/dev/packages/beats/zeek-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: zeek +title: Zeek version: 0.0.1 license: basic -description: "" +description: Zeek Integration type: integration categories: - logs diff --git a/dev/packages/beats/zookeeper-0.0.1/manifest.yml b/dev/packages/beats/zookeeper-0.0.1/manifest.yml index a66dddf40..e1b632480 100644 --- a/dev/packages/beats/zookeeper-0.0.1/manifest.yml +++ b/dev/packages/beats/zookeeper-0.0.1/manifest.yml @@ -1,8 +1,9 @@ format_version: 1.0.0 name: zookeeper +title: Zookeeper version: 0.0.1 -license: oss -description: "" +license: basic +description: Zookeeper Integration type: integration categories: - metrics From db7981746dac3522373bbf80e2a451bc9bc7103b Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 5 Mar 2020 18:13:05 +0100 Subject: [PATCH 4/6] Write fields.yml files --- dev/import-beats/datasets.go | 64 ++ dev/import-beats/fields.go | 55 +- dev/import-beats/main.go | 8 +- dev/import-beats/packages.go | 72 +- .../dataset/broker/fields/fields.yml | 51 ++ .../dataset/queue/fields/fields.yml | 61 ++ .../dataset/topic/fields/fields.yml | 58 ++ .../dataset/namespace/fields/fields.yml | 168 ++++ .../dataset/status/fields/fields.yml | 183 +++++ .../dataset/stats/fields/fields.yml | 130 +++ .../dataset/log/fields/fields.yml | 310 ++++++++ .../dataset/billing/fields/fields.yml | 42 + .../dataset/cloudwatch/fields/fields.yml | 46 ++ .../dataset/dynamodb/fields/fields.yml | 42 + .../aws-0.0.1/dataset/ebs/fields/fields.yml | 42 + .../aws-0.0.1/dataset/ec2/fields/fields.yml | 182 +++++ .../aws-0.0.1/dataset/elb/fields/fields.yml | 42 + .../dataset/lambda/fields/fields.yml | 42 + .../aws-0.0.1/dataset/rds/fields/fields.yml | 357 +++++++++ .../s3_daily_storage/fields/fields.yml | 51 ++ .../dataset/s3_request/fields/fields.yml | 112 +++ .../aws-0.0.1/dataset/sns/fields/fields.yml | 42 + .../aws-0.0.1/dataset/sqs/fields/fields.yml | 84 ++ .../aws-0.0.1/dataset/usage/fields/fields.yml | 42 + .../aws-0.0.1/dataset/vpc/fields/fields.yml | 42 + .../dataset/compute_vm/fields/fields.yml | 58 ++ .../compute_vm_scaleset/fields/fields.yml | 59 ++ .../container_instance/fields/fields.yml | 58 ++ .../container_registry/fields/fields.yml | 58 ++ .../container_service/fields/fields.yml | 58 ++ .../database_account/fields/fields.yml | 58 ++ .../dataset/monitor/fields/fields.yml | 64 ++ .../dataset/storage/fields/fields.yml | 58 ++ .../dataset/state/fields/fields.yml | 42 + .../dataset/stats/fields/fields.yml | 115 +++ .../dataset/cluster_disk/fields/fields.yml | 34 + .../dataset/cluster_health/fields/fields.yml | 35 + .../dataset/cluster_status/fields/fields.yml | 127 +++ .../mgr_cluster_disk/fields/fields.yml | 19 + .../mgr_cluster_health/fields/fields.yml | 19 + .../dataset/mgr_osd_perf/fields/fields.yml | 34 + .../mgr_osd_pool_stats/fields/fields.yml | 41 + .../dataset/mgr_osd_tree/fields/fields.yml | 19 + .../dataset/mgr_pool_disk/fields/fields.yml | 19 + .../dataset/monitor_health/fields/fields.yml | 71 ++ .../dataset/osd_df/fields/fields.yml | 55 ++ .../dataset/osd_tree/fields/fields.yml | 71 ++ .../dataset/pool_disk/fields/fields.yml | 45 ++ .../cisco-0.0.1/dataset/asa/fields/fields.yml | 97 +++ .../cisco-0.0.1/dataset/ftd/fields/fields.yml | 102 +++ .../cisco-0.0.1/dataset/ios/fields/fields.yml | 28 + .../dataset/container/fields/fields.yml | 49 ++ .../dataset/counter/fields/fields.yml | 37 + .../dataset/value/fields/fields.yml | 37 + .../dataset/status/fields/fields.yml | 11 + .../dataset/agent/fields/fields.yml | 69 ++ .../dataset/stats/fields/fields.yml | 111 +++ .../dataset/bucket/fields/fields.yml | 64 ++ .../dataset/cluster/fields/fields.yml | 91 +++ .../dataset/node/fields/fields.yml | 114 +++ .../dataset/server/fields/fields.yml | 190 +++++ .../dataset/container/fields/fields.yml | 51 ++ .../dataset/cpu/fields/fields.yml | 87 ++ .../dataset/diskio/fields/fields.yml | 87 ++ .../dataset/event/fields/fields.yml | 52 ++ .../dataset/healthcheck/fields/fields.yml | 50 ++ .../dataset/image/fields/fields.yml | 59 ++ .../dataset/info/fields/fields.yml | 48 ++ .../dataset/memory/fields/fields.yml | 89 +++ .../dataset/network/fields/fields.yml | 113 +++ .../dataset/collector/fields/fields.yml | 13 + .../dataset/ccr/fields/fields.yml | 76 ++ .../dataset/cluster_stats/fields/fields.yml | 89 +++ .../dataset/enrich/fields/fields.yml | 61 ++ .../dataset/index/fields/fields.yml | 72 ++ .../dataset/index_recovery/fields/fields.yml | 84 ++ .../dataset/index_summary/fields/fields.yml | 92 +++ .../dataset/ml_job/fields/fields.yml | 60 ++ .../dataset/node/fields/fields.yml | 79 ++ .../dataset/node_stats/fields/fields.yml | 194 +++++ .../dataset/pending_tasks/fields/fields.yml | 58 ++ .../dataset/shard/fields/fields.yml | 58 ++ .../dataset/server/fields/fields.yml | 263 ++++++ .../dataset/leader/fields/fields.yml | 56 ++ .../dataset/metrics/fields/fields.yml | 132 ++++ .../etcd-0.0.1/dataset/self/fields/fields.yml | 82 ++ .../dataset/store/fields/fields.yml | 65 ++ .../dataset/expvar/fields/fields.yml | 22 + .../dataset/heap/fields/fields.yml | 150 ++++ .../dataset/compute/fields/fields.yml | 79 ++ .../dataset/loadbalancing/fields/fields.yml | 266 +++++++ .../dataset/stackdriver/fields/fields.yml | 22 + .../dataset/server/fields/fields.yml | 20 + .../dataset/info/fields/fields.yml | 252 ++++++ .../dataset/stat/fields/fields.yml | 439 +++++++++++ .../http-0.0.1/dataset/json/fields/fields.yml | 45 ++ .../dataset/server/fields/fields.yml | 45 ++ .../dataset/qmgr/fields/fields.yml | 11 + .../dataset/debug/fields/fields.yml | 27 + .../dataset/main/fields/fields.yml | 27 + .../dataset/startup/fields/fields.yml | 27 + .../application_pool/fields/fields.yml | 21 + .../dataset/webserver/fields/fields.yml | 19 + .../dataset/website/fields/fields.yml | 21 + .../dataset/log/fields/fields.yml | 173 ++++ .../dataset/citadel/fields/fields.yml | 70 ++ .../dataset/galley/fields/fields.yml | 156 ++++ .../dataset/mesh/fields/fields.yml | 142 ++++ .../dataset/mixer/fields/fields.yml | 109 +++ .../dataset/pilot/fields/fields.yml | 95 +++ .../dataset/jmx/fields/fields.yml | 19 + .../dataset/broker/fields/fields.yml | 119 +++ .../dataset/consumer/fields/fields.yml | 83 ++ .../dataset/consumergroup/fields/fields.yml | 121 +++ .../dataset/partition/fields/fields.yml | 133 ++++ .../dataset/producer/fields/fields.yml | 101 +++ .../dataset/stats/fields/fields.yml | 119 +++ .../dataset/status/fields/fields.yml | 60 ++ .../dataset/apiserver/fields/fields.yml | 181 +++++ .../dataset/container/fields/fields.yml | 183 +++++ .../controllermanager/fields/fields.yml | 143 ++++ .../dataset/event/fields/fields.yml | 105 +++ .../dataset/node/fields/fields.yml | 184 +++++ .../dataset/pod/fields/fields.yml | 125 +++ .../dataset/proxy/fields/fields.yml | 123 +++ .../dataset/scheduler/fields/fields.yml | 144 ++++ .../dataset/state_container/fields/fields.yml | 77 ++ .../dataset/state_cronjob/fields/fields.yml | 54 ++ .../state_deployment/fields/fields.yml | 44 ++ .../dataset/state_node/fields/fields.yml | 65 ++ .../state_persistentvolume/fields/fields.yml | 34 + .../fields/fields.yml | 38 + .../dataset/state_pod/fields/fields.yml | 44 ++ .../state_replicaset/fields/fields.yml | 44 ++ .../state_resourcequota/fields/fields.yml | 39 + .../dataset/state_service/fields/fields.yml | 50 ++ .../state_statefulset/fields/fields.yml | 49 ++ .../state_storageclass/fields/fields.yml | 34 + .../dataset/system/fields/fields.yml | 81 ++ .../dataset/volume/fields/fields.yml | 65 ++ .../dataset/dommemstat/fields/fields.yml | 37 + .../dataset/node/fields/fields.yml | 44 ++ .../dataset/node_stats/fields/fields.yml | 34 + .../dataset/stats/fields/fields.yml | 108 +++ .../dataset/threat/fields/fields.yml | 720 +++++++++++++++++ .../dataset/collstats/fields/fields.yml | 117 +++ .../dataset/dbstats/fields/fields.yml | 76 ++ .../dataset/metrics/fields/fields.yml | 545 +++++++++++++ .../dataset/replstatus/fields/fields.yml | 189 +++++ .../dataset/status/fields/fields.yml | 711 +++++++++++++++++ .../dataset/performance/fields/fields.yml | 100 +++ .../dataset/transaction_log/fields/fields.yml | 87 ++ .../dataset/node/fields/fields.yml | 20 + .../dataset/galera_status/fields/fields.yml | 287 +++++++ .../dataset/status/fields/fields.yml | 397 ++++++++++ .../dataset/connections/fields/fields.yml | 29 + .../dataset/routes/fields/fields.yml | 29 + .../dataset/stats/fields/fields.yml | 119 +++ .../dataset/subscriptions/fields/fields.yml | 58 ++ .../dataset/stubstatus/fields/fields.yml | 59 ++ .../dataset/performance/fields/fields.yml | 92 +++ .../dataset/tablespace/fields/fields.yml | 71 ++ .../dataset/result/fields/fields.yml | 36 + .../dataset/panos/fields/fields.yml | 139 ++++ .../dataset/pool/fields/fields.yml | 108 +++ .../dataset/process/fields/fields.yml | 91 +++ .../dataset/activity/fields/fields.yml | 94 +++ .../dataset/bgwriter/fields/fields.yml | 68 ++ .../dataset/database/fields/fields.yml | 107 +++ .../dataset/statement/fields/fields.yml | 103 +++ .../dataset/collector/fields/fields.yml | 24 + .../dataset/connection/fields/fields.yml | 100 +++ .../dataset/exchange/fields/fields.yml | 66 ++ .../dataset/node/fields/fields.yml | 175 ++++ .../dataset/queue/fields/fields.yml | 107 +++ .../dataset/info/fields/fields.yml | 581 ++++++++++++++ .../redis-0.0.1/dataset/key/fields/fields.yml | 41 + .../dataset/keyspace/fields/fields.yml | 35 + .../dataset/node/fields/fields.yml | 15 + .../dataset/proxy/fields/fields.yml | 15 + .../santa-0.0.1/dataset/log/fields/fields.yml | 65 ++ .../sql-0.0.1/dataset/query/fields/fields.yml | 28 + .../dataset/channels/fields/fields.yml | 49 ++ .../dataset/stats/fields/fields.yml | 54 ++ .../dataset/subscriptions/fields/fields.yml | 55 ++ .../dataset/server/fields/fields.yml | 22 + .../dataset/eve/fields/fields.yml | 746 ++++++++++++++++++ .../dataset/core/fields/fields.yml | 115 +++ .../dataset/cpu/fields/fields.yml | 185 +++++ .../dataset/diskio/fields/fields.yml | 136 ++++ .../dataset/entropy/fields/fields.yml | 27 + .../dataset/filesystem/fields/fields.yml | 65 ++ .../dataset/fsstat/fields/fields.yml | 45 ++ .../dataset/load/fields/fields.yml | 56 ++ .../dataset/memory/fields/fields.yml | 206 +++++ .../dataset/network/fields/fields.yml | 66 ++ .../dataset/network_summary/fields/fields.yml | 38 + .../dataset/process/fields/fields.yml | 510 ++++++++++++ .../dataset/process_summary/fields/fields.yml | 51 ++ .../dataset/raid/fields/fields.yml | 63 ++ .../dataset/service/fields/fields.yml | 68 ++ .../dataset/socket/fields/fields.yml | 102 +++ .../dataset/socket_summary/fields/fields.yml | 93 +++ .../dataset/uptime/fields/fields.yml | 24 + .../dataset/cache/fields/fields.yml | 32 + .../dataset/memory/fields/fields.yml | 41 + .../dataset/requests/fields/fields.yml | 32 + .../dataset/threading/fields/fields.yml | 44 ++ .../dataset/health/fields/fields.yml | 39 + .../dataset/status/fields/fields.yml | 132 ++++ .../dataset/datastore/fields/fields.yml | 45 ++ .../dataset/host/fields/fields.yml | 51 ++ .../dataset/virtualmachine/fields/fields.yml | 65 ++ .../dataset/perfmon/fields/fields.yml | 12 + .../dataset/service/fields/fields.yml | 80 ++ .../dataset/capture_loss/fields/fields.yml | 43 + .../dataset/connection/fields/fields.yml | 73 ++ .../dataset/dce_rpc/fields/fields.yml | 39 + .../zeek-0.0.1/dataset/dhcp/fields/fields.yml | 147 ++++ .../zeek-0.0.1/dataset/dnp3/fields/fields.yml | 38 + .../zeek-0.0.1/dataset/dns/fields/fields.yml | 121 +++ .../zeek-0.0.1/dataset/dpd/fields/fields.yml | 35 + .../dataset/files/fields/fields.yml | 152 ++++ .../zeek-0.0.1/dataset/ftp/fields/fields.yml | 142 ++++ .../zeek-0.0.1/dataset/http/fields/fields.yml | 116 +++ .../dataset/intel/fields/fields.yml | 94 +++ .../zeek-0.0.1/dataset/irc/fields/fields.yml | 74 ++ .../dataset/kerberos/fields/fields.yml | 137 ++++ .../dataset/modbus/fields/fields.yml | 35 + .../dataset/mysql/fields/fields.yml | 44 ++ .../dataset/notice/fields/fields.yml | 147 ++++ .../zeek-0.0.1/dataset/ntlm/fields/fields.yml | 60 ++ .../zeek-0.0.1/dataset/ocsp/fields/fields.yml | 82 ++ .../zeek-0.0.1/dataset/pe/fields/fields.yml | 105 +++ .../dataset/radius/fields/fields.yml | 64 ++ .../zeek-0.0.1/dataset/rdp/fields/fields.yml | 117 +++ .../zeek-0.0.1/dataset/rfb/fields/fields.yml | 81 ++ .../zeek-0.0.1/dataset/sip/fields/fields.yml | 136 ++++ .../dataset/smb_cmd/fields/fields.yml | 109 +++ .../dataset/smb_files/fields/fields.yml | 79 ++ .../dataset/smb_mapping/fields/fields.yml | 40 + .../zeek-0.0.1/dataset/smtp/fields/fields.yml | 135 ++++ .../zeek-0.0.1/dataset/snmp/fields/fields.yml | 70 ++ .../dataset/socks/fields/fields.yml | 70 ++ .../zeek-0.0.1/dataset/ssh/fields/fields.yml | 92 +++ .../zeek-0.0.1/dataset/ssl/fields/fields.yml | 240 ++++++ .../dataset/stats/fields/fields.yml | 177 +++++ .../dataset/syslog/fields/fields.yml | 34 + .../dataset/tunnel/fields/fields.yml | 29 + .../dataset/weird/fields/fields.yml | 44 ++ .../zeek-0.0.1/dataset/x509/fields/fields.yml | 213 +++++ .../dataset/connection/fields/fields.yml | 35 + .../dataset/mntr/fields/fields.yml | 97 +++ .../dataset/server/fields/fields.yml | 60 ++ 254 files changed, 24442 insertions(+), 54 deletions(-) create mode 100644 dev/import-beats/datasets.go create mode 100644 dev/packages/beats/activemq-0.0.1/dataset/broker/fields/fields.yml create mode 100644 dev/packages/beats/activemq-0.0.1/dataset/queue/fields/fields.yml create mode 100644 dev/packages/beats/activemq-0.0.1/dataset/topic/fields/fields.yml create mode 100644 dev/packages/beats/aerospike-0.0.1/dataset/namespace/fields/fields.yml create mode 100644 dev/packages/beats/apache-0.0.1/dataset/status/fields/fields.yml create mode 100644 dev/packages/beats/appsearch-0.0.1/dataset/stats/fields/fields.yml create mode 100644 dev/packages/beats/auditd-0.0.1/dataset/log/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/billing/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/cloudwatch/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/dynamodb/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/ebs/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/ec2/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/elb/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/lambda/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/rds/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/s3_daily_storage/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/s3_request/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/sns/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/sqs/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/usage/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/vpc/fields/fields.yml create mode 100644 dev/packages/beats/azure-0.0.1/dataset/compute_vm/fields/fields.yml create mode 100644 dev/packages/beats/azure-0.0.1/dataset/compute_vm_scaleset/fields/fields.yml create mode 100644 dev/packages/beats/azure-0.0.1/dataset/container_instance/fields/fields.yml create mode 100644 dev/packages/beats/azure-0.0.1/dataset/container_registry/fields/fields.yml create mode 100644 dev/packages/beats/azure-0.0.1/dataset/container_service/fields/fields.yml create mode 100644 dev/packages/beats/azure-0.0.1/dataset/database_account/fields/fields.yml create mode 100644 dev/packages/beats/azure-0.0.1/dataset/monitor/fields/fields.yml create mode 100644 dev/packages/beats/azure-0.0.1/dataset/storage/fields/fields.yml create mode 100644 dev/packages/beats/beat-0.0.1/dataset/state/fields/fields.yml create mode 100644 dev/packages/beats/beat-0.0.1/dataset/stats/fields/fields.yml create mode 100644 dev/packages/beats/ceph-0.0.1/dataset/cluster_disk/fields/fields.yml create mode 100644 dev/packages/beats/ceph-0.0.1/dataset/cluster_health/fields/fields.yml create mode 100644 dev/packages/beats/ceph-0.0.1/dataset/cluster_status/fields/fields.yml create mode 100644 dev/packages/beats/ceph-0.0.1/dataset/mgr_cluster_disk/fields/fields.yml create mode 100644 dev/packages/beats/ceph-0.0.1/dataset/mgr_cluster_health/fields/fields.yml create mode 100644 dev/packages/beats/ceph-0.0.1/dataset/mgr_osd_perf/fields/fields.yml create mode 100644 dev/packages/beats/ceph-0.0.1/dataset/mgr_osd_pool_stats/fields/fields.yml create mode 100644 dev/packages/beats/ceph-0.0.1/dataset/mgr_osd_tree/fields/fields.yml create mode 100644 dev/packages/beats/ceph-0.0.1/dataset/mgr_pool_disk/fields/fields.yml create mode 100644 dev/packages/beats/ceph-0.0.1/dataset/monitor_health/fields/fields.yml create mode 100644 dev/packages/beats/ceph-0.0.1/dataset/osd_df/fields/fields.yml create mode 100644 dev/packages/beats/ceph-0.0.1/dataset/osd_tree/fields/fields.yml create mode 100644 dev/packages/beats/ceph-0.0.1/dataset/pool_disk/fields/fields.yml create mode 100644 dev/packages/beats/cisco-0.0.1/dataset/asa/fields/fields.yml create mode 100644 dev/packages/beats/cisco-0.0.1/dataset/ftd/fields/fields.yml create mode 100644 dev/packages/beats/cisco-0.0.1/dataset/ios/fields/fields.yml create mode 100644 dev/packages/beats/cloudfoundry-0.0.1/dataset/container/fields/fields.yml create mode 100644 dev/packages/beats/cloudfoundry-0.0.1/dataset/counter/fields/fields.yml create mode 100644 dev/packages/beats/cloudfoundry-0.0.1/dataset/value/fields/fields.yml create mode 100644 dev/packages/beats/cockroachdb-0.0.1/dataset/status/fields/fields.yml create mode 100644 dev/packages/beats/consul-0.0.1/dataset/agent/fields/fields.yml create mode 100644 dev/packages/beats/coredns-0.0.1/dataset/stats/fields/fields.yml create mode 100644 dev/packages/beats/couchbase-0.0.1/dataset/bucket/fields/fields.yml create mode 100644 dev/packages/beats/couchbase-0.0.1/dataset/cluster/fields/fields.yml create mode 100644 dev/packages/beats/couchbase-0.0.1/dataset/node/fields/fields.yml create mode 100644 dev/packages/beats/couchdb-0.0.1/dataset/server/fields/fields.yml create mode 100644 dev/packages/beats/docker-0.0.1/dataset/container/fields/fields.yml create mode 100644 dev/packages/beats/docker-0.0.1/dataset/cpu/fields/fields.yml create mode 100644 dev/packages/beats/docker-0.0.1/dataset/diskio/fields/fields.yml create mode 100644 dev/packages/beats/docker-0.0.1/dataset/event/fields/fields.yml create mode 100644 dev/packages/beats/docker-0.0.1/dataset/healthcheck/fields/fields.yml create mode 100644 dev/packages/beats/docker-0.0.1/dataset/image/fields/fields.yml create mode 100644 dev/packages/beats/docker-0.0.1/dataset/info/fields/fields.yml create mode 100644 dev/packages/beats/docker-0.0.1/dataset/memory/fields/fields.yml create mode 100644 dev/packages/beats/docker-0.0.1/dataset/network/fields/fields.yml create mode 100644 dev/packages/beats/dropwizard-0.0.1/dataset/collector/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/ccr/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/cluster_stats/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/enrich/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/index/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/index_recovery/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/index_summary/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/ml_job/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/node/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/node_stats/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/pending_tasks/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/shard/fields/fields.yml create mode 100644 dev/packages/beats/envoyproxy-0.0.1/dataset/server/fields/fields.yml create mode 100644 dev/packages/beats/etcd-0.0.1/dataset/leader/fields/fields.yml create mode 100644 dev/packages/beats/etcd-0.0.1/dataset/metrics/fields/fields.yml create mode 100644 dev/packages/beats/etcd-0.0.1/dataset/self/fields/fields.yml create mode 100644 dev/packages/beats/etcd-0.0.1/dataset/store/fields/fields.yml create mode 100644 dev/packages/beats/golang-0.0.1/dataset/expvar/fields/fields.yml create mode 100644 dev/packages/beats/golang-0.0.1/dataset/heap/fields/fields.yml create mode 100644 dev/packages/beats/googlecloud-0.0.1/dataset/compute/fields/fields.yml create mode 100644 dev/packages/beats/googlecloud-0.0.1/dataset/loadbalancing/fields/fields.yml create mode 100644 dev/packages/beats/googlecloud-0.0.1/dataset/stackdriver/fields/fields.yml create mode 100644 dev/packages/beats/graphite-0.0.1/dataset/server/fields/fields.yml create mode 100644 dev/packages/beats/haproxy-0.0.1/dataset/info/fields/fields.yml create mode 100644 dev/packages/beats/haproxy-0.0.1/dataset/stat/fields/fields.yml create mode 100644 dev/packages/beats/http-0.0.1/dataset/json/fields/fields.yml create mode 100644 dev/packages/beats/http-0.0.1/dataset/server/fields/fields.yml create mode 100644 dev/packages/beats/ibmmq-0.0.1/dataset/qmgr/fields/fields.yml create mode 100644 dev/packages/beats/icinga-0.0.1/dataset/debug/fields/fields.yml create mode 100644 dev/packages/beats/icinga-0.0.1/dataset/main/fields/fields.yml create mode 100644 dev/packages/beats/icinga-0.0.1/dataset/startup/fields/fields.yml create mode 100644 dev/packages/beats/iis-0.0.1/dataset/application_pool/fields/fields.yml create mode 100644 dev/packages/beats/iis-0.0.1/dataset/webserver/fields/fields.yml create mode 100644 dev/packages/beats/iis-0.0.1/dataset/website/fields/fields.yml create mode 100644 dev/packages/beats/iptables-0.0.1/dataset/log/fields/fields.yml create mode 100644 dev/packages/beats/istio-0.0.1/dataset/citadel/fields/fields.yml create mode 100644 dev/packages/beats/istio-0.0.1/dataset/galley/fields/fields.yml create mode 100644 dev/packages/beats/istio-0.0.1/dataset/mesh/fields/fields.yml create mode 100644 dev/packages/beats/istio-0.0.1/dataset/mixer/fields/fields.yml create mode 100644 dev/packages/beats/istio-0.0.1/dataset/pilot/fields/fields.yml create mode 100644 dev/packages/beats/jolokia-0.0.1/dataset/jmx/fields/fields.yml create mode 100644 dev/packages/beats/kafka-0.0.1/dataset/broker/fields/fields.yml create mode 100644 dev/packages/beats/kafka-0.0.1/dataset/consumer/fields/fields.yml create mode 100644 dev/packages/beats/kafka-0.0.1/dataset/consumergroup/fields/fields.yml create mode 100644 dev/packages/beats/kafka-0.0.1/dataset/partition/fields/fields.yml create mode 100644 dev/packages/beats/kafka-0.0.1/dataset/producer/fields/fields.yml create mode 100644 dev/packages/beats/kibana-0.0.1/dataset/stats/fields/fields.yml create mode 100644 dev/packages/beats/kibana-0.0.1/dataset/status/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/apiserver/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/container/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/controllermanager/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/event/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/node/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/pod/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/proxy/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/scheduler/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/state_container/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/state_cronjob/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/state_deployment/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/state_node/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/state_persistentvolume/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/state_persistentvolumeclaim/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/state_pod/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/state_replicaset/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/state_resourcequota/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/state_service/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/state_statefulset/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/state_storageclass/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/system/fields/fields.yml create mode 100644 dev/packages/beats/kubernetes-0.0.1/dataset/volume/fields/fields.yml create mode 100644 dev/packages/beats/kvm-0.0.1/dataset/dommemstat/fields/fields.yml create mode 100644 dev/packages/beats/logstash-0.0.1/dataset/node/fields/fields.yml create mode 100644 dev/packages/beats/logstash-0.0.1/dataset/node_stats/fields/fields.yml create mode 100644 dev/packages/beats/memcached-0.0.1/dataset/stats/fields/fields.yml create mode 100644 dev/packages/beats/misp-0.0.1/dataset/threat/fields/fields.yml create mode 100644 dev/packages/beats/mongodb-0.0.1/dataset/collstats/fields/fields.yml create mode 100644 dev/packages/beats/mongodb-0.0.1/dataset/dbstats/fields/fields.yml create mode 100644 dev/packages/beats/mongodb-0.0.1/dataset/metrics/fields/fields.yml create mode 100644 dev/packages/beats/mongodb-0.0.1/dataset/replstatus/fields/fields.yml create mode 100644 dev/packages/beats/mongodb-0.0.1/dataset/status/fields/fields.yml create mode 100644 dev/packages/beats/mssql-0.0.1/dataset/performance/fields/fields.yml create mode 100644 dev/packages/beats/mssql-0.0.1/dataset/transaction_log/fields/fields.yml create mode 100644 dev/packages/beats/munin-0.0.1/dataset/node/fields/fields.yml create mode 100644 dev/packages/beats/mysql-0.0.1/dataset/galera_status/fields/fields.yml create mode 100644 dev/packages/beats/mysql-0.0.1/dataset/status/fields/fields.yml create mode 100644 dev/packages/beats/nats-0.0.1/dataset/connections/fields/fields.yml create mode 100644 dev/packages/beats/nats-0.0.1/dataset/routes/fields/fields.yml create mode 100644 dev/packages/beats/nats-0.0.1/dataset/stats/fields/fields.yml create mode 100644 dev/packages/beats/nats-0.0.1/dataset/subscriptions/fields/fields.yml create mode 100644 dev/packages/beats/nginx-0.0.1/dataset/stubstatus/fields/fields.yml create mode 100644 dev/packages/beats/oracle-0.0.1/dataset/performance/fields/fields.yml create mode 100644 dev/packages/beats/oracle-0.0.1/dataset/tablespace/fields/fields.yml create mode 100644 dev/packages/beats/osquery-0.0.1/dataset/result/fields/fields.yml create mode 100644 dev/packages/beats/panw-0.0.1/dataset/panos/fields/fields.yml create mode 100644 dev/packages/beats/php_fpm-0.0.1/dataset/pool/fields/fields.yml create mode 100644 dev/packages/beats/php_fpm-0.0.1/dataset/process/fields/fields.yml create mode 100644 dev/packages/beats/postgresql-0.0.1/dataset/activity/fields/fields.yml create mode 100644 dev/packages/beats/postgresql-0.0.1/dataset/bgwriter/fields/fields.yml create mode 100644 dev/packages/beats/postgresql-0.0.1/dataset/database/fields/fields.yml create mode 100644 dev/packages/beats/postgresql-0.0.1/dataset/statement/fields/fields.yml create mode 100644 dev/packages/beats/prometheus-0.0.1/dataset/collector/fields/fields.yml create mode 100644 dev/packages/beats/rabbitmq-0.0.1/dataset/connection/fields/fields.yml create mode 100644 dev/packages/beats/rabbitmq-0.0.1/dataset/exchange/fields/fields.yml create mode 100644 dev/packages/beats/rabbitmq-0.0.1/dataset/node/fields/fields.yml create mode 100644 dev/packages/beats/rabbitmq-0.0.1/dataset/queue/fields/fields.yml create mode 100644 dev/packages/beats/redis-0.0.1/dataset/info/fields/fields.yml create mode 100644 dev/packages/beats/redis-0.0.1/dataset/key/fields/fields.yml create mode 100644 dev/packages/beats/redis-0.0.1/dataset/keyspace/fields/fields.yml create mode 100644 dev/packages/beats/redisenterprise-0.0.1/dataset/node/fields/fields.yml create mode 100644 dev/packages/beats/redisenterprise-0.0.1/dataset/proxy/fields/fields.yml create mode 100644 dev/packages/beats/santa-0.0.1/dataset/log/fields/fields.yml create mode 100644 dev/packages/beats/sql-0.0.1/dataset/query/fields/fields.yml create mode 100644 dev/packages/beats/stan-0.0.1/dataset/channels/fields/fields.yml create mode 100644 dev/packages/beats/stan-0.0.1/dataset/stats/fields/fields.yml create mode 100644 dev/packages/beats/stan-0.0.1/dataset/subscriptions/fields/fields.yml create mode 100644 dev/packages/beats/statsd-0.0.1/dataset/server/fields/fields.yml create mode 100644 dev/packages/beats/suricata-0.0.1/dataset/eve/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/core/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/cpu/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/diskio/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/entropy/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/filesystem/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/fsstat/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/load/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/memory/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/network/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/network_summary/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/process/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/process_summary/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/raid/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/service/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/socket/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/socket_summary/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/uptime/fields/fields.yml create mode 100644 dev/packages/beats/tomcat-0.0.1/dataset/cache/fields/fields.yml create mode 100644 dev/packages/beats/tomcat-0.0.1/dataset/memory/fields/fields.yml create mode 100644 dev/packages/beats/tomcat-0.0.1/dataset/requests/fields/fields.yml create mode 100644 dev/packages/beats/tomcat-0.0.1/dataset/threading/fields/fields.yml create mode 100644 dev/packages/beats/traefik-0.0.1/dataset/health/fields/fields.yml create mode 100644 dev/packages/beats/uwsgi-0.0.1/dataset/status/fields/fields.yml create mode 100644 dev/packages/beats/vsphere-0.0.1/dataset/datastore/fields/fields.yml create mode 100644 dev/packages/beats/vsphere-0.0.1/dataset/host/fields/fields.yml create mode 100644 dev/packages/beats/vsphere-0.0.1/dataset/virtualmachine/fields/fields.yml create mode 100644 dev/packages/beats/windows-0.0.1/dataset/perfmon/fields/fields.yml create mode 100644 dev/packages/beats/windows-0.0.1/dataset/service/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/capture_loss/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/connection/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/dce_rpc/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/dhcp/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/dnp3/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/dns/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/dpd/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/files/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/ftp/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/http/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/intel/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/irc/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/kerberos/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/modbus/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/mysql/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/notice/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/ntlm/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/ocsp/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/pe/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/radius/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/rdp/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/rfb/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/sip/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/smb_cmd/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/smb_files/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/smb_mapping/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/smtp/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/snmp/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/socks/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/ssh/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/ssl/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/stats/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/syslog/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/tunnel/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/weird/fields/fields.yml create mode 100644 dev/packages/beats/zeek-0.0.1/dataset/x509/fields/fields.yml create mode 100644 dev/packages/beats/zookeeper-0.0.1/dataset/connection/fields/fields.yml create mode 100644 dev/packages/beats/zookeeper-0.0.1/dataset/mntr/fields/fields.yml create mode 100644 dev/packages/beats/zookeeper-0.0.1/dataset/server/fields/fields.yml diff --git a/dev/import-beats/datasets.go b/dev/import-beats/datasets.go new file mode 100644 index 000000000..0c3066752 --- /dev/null +++ b/dev/import-beats/datasets.go @@ -0,0 +1,64 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "io/ioutil" + "log" + "os" + "path" + + "github.com/pkg/errors" +) + +type datasetContent struct { + fields fieldsContent +} + +type fieldsContent struct { + files map[string][]byte +} + +func createDatasets(modulePath string) (map[string]datasetContent, error) { + datasetDirs, err := ioutil.ReadDir(modulePath) + if err != nil { + return nil, errors.Wrapf(err, "cannot module directory %s", modulePath) + } + + contents := map[string]datasetContent{} + for _, datasetDir := range datasetDirs { + if !datasetDir.IsDir() { + continue + } + datasetName := datasetDir.Name() + + if datasetName == "_meta" { + continue + } + + _, err := os.Stat(path.Join(modulePath, datasetName, "_meta")) + if os.IsNotExist(err) { + log.Printf("\tSkipped '%s' - not a valid dataset\n", datasetName) + continue + } + + log.Printf("\tFound dataset '%s'\n", datasetName) + content := datasetContent{} + + fieldsFiles, err := loadDatasetFields(modulePath, datasetName) + if err != nil { + return nil, errors.Wrapf(err, "loading dataset fields failed (modulePath: %s, datasetName: %s)", + modulePath, datasetName) + } + + content.fields = fieldsContent{ + files: map[string][]byte{ + "fields.yml": fieldsFiles, + }, + } + contents[datasetName] = content + } + return contents, nil +} diff --git a/dev/import-beats/fields.go b/dev/import-beats/fields.go index 76a311926..6ede21baf 100644 --- a/dev/import-beats/fields.go +++ b/dev/import-beats/fields.go @@ -5,43 +5,42 @@ package main import ( - "fmt" + "bufio" + "bytes" "io/ioutil" + "log" + "os" "path/filepath" "github.com/pkg/errors" - "gopkg.in/yaml.v2" ) -type fields []fieldsEntry - -type fieldsEntry struct { - Key string - Title *string - Description string -} - -func (f fields) getEntry(key string) (*fieldsEntry, error) { - for _, entry := range f { - if entry.Key == key { - return &entry, nil - } +func loadDatasetFields(modulePath, datasetName string) ([]byte, error) { + moduleFieldsPath := filepath.Join(modulePath, "_meta", "fields.yml") + moduleFields, err := ioutil.ReadFile(moduleFieldsPath) + if err != nil { + return nil, errors.Wrapf(err, "reading module fields file failed (path: %s)", moduleFieldsPath) } - return nil, fmt.Errorf("missing entry for key '%s'", key) -} -func loadFields(modulePath string) (fields, error) { - fieldsFilePath := filepath.Join(modulePath, "fields.yml") + var buffer bytes.Buffer + buffer.Write(moduleFields) - data, err := ioutil.ReadFile(fieldsFilePath) - if err != nil { - return nil, errors.Wrapf(err, "reading file failed (path: %s)", fieldsFilePath) + datasetFieldsPath := filepath.Join(modulePath, datasetName, "_meta", "fields.yml") + datasetFieldsFile, err := os.Open(datasetFieldsPath) + if os.IsNotExist(err) { + log.Printf("Missing fields.yml file. Skipping. (path: %s)\n", datasetFieldsPath) + return buffer.Bytes(), nil + } else if err != nil { + return nil, errors.Wrapf(err, "reading dataset fields file failed (path: %s)", moduleFieldsPath) } - - var f fields - err = yaml.Unmarshal(data, &f) - if err != nil { - return nil, errors.Wrapf(err, "unmarshalling fields file failed (path: %s)", fieldsFilePath) + defer datasetFieldsFile.Close() + + scanner := bufio.NewScanner(datasetFieldsFile) + for scanner.Scan() { + line := scanner.Text() + buffer.Write([]byte(" ")) + buffer.WriteString(line) + buffer.WriteString("\n") } - return f, nil + return buffer.Bytes(), nil } diff --git a/dev/import-beats/main.go b/dev/import-beats/main.go index e886e3556..3e5842cb9 100644 --- a/dev/import-beats/main.go +++ b/dev/import-beats/main.go @@ -38,16 +38,16 @@ func build(beatsDir, outputDir string) error { repository := newPackageRepository() for _, beatName := range logSources { - err := repository.loadFromSource(beatsDir, beatName, "logs") + err := repository.createPackagesFromSource(beatsDir, beatName, "logs") if err != nil { - return errors.Wrap(err, "loading logs source failed") + return errors.Wrap(err, "creating form logs source failed") } } for _, beatName := range metricSources { - err := repository.loadFromSource(beatsDir, beatName, "metrics") + err := repository.createPackagesFromSource(beatsDir, beatName, "metrics") if err != nil { - return errors.Wrap(err, "loading metrics source failed") + return errors.Wrap(err, "creating from metrics source failed") } } diff --git a/dev/import-beats/packages.go b/dev/import-beats/packages.go index 067818ef8..275e4d16c 100644 --- a/dev/import-beats/packages.go +++ b/dev/import-beats/packages.go @@ -8,6 +8,7 @@ import ( "io/ioutil" "log" "os" + "path" "path/filepath" "strings" @@ -40,14 +41,6 @@ func newPackageContent(name string) packageContent { } } -type datasetContent struct { - fields fieldsContent -} - -type fieldsContent struct { - files map[string]fields -} - type packageRepository struct { packages map[string]packageContent } @@ -58,7 +51,7 @@ func newPackageRepository() *packageRepository { } } -func (r *packageRepository) loadFromSource(beatsDir, beatName, packageType string) error { +func (r *packageRepository) createPackagesFromSource(beatsDir, beatName, packageType string) error { beatPath := filepath.Join(beatsDir, beatName) beatModulesPath := filepath.Join(beatPath, "module") @@ -71,49 +64,84 @@ func (r *packageRepository) loadFromSource(beatsDir, beatName, packageType strin if !moduleDir.IsDir() { continue } + moduleName := moduleDir.Name() - log.Printf("Visit '%s:%s'\n", beatName, moduleDir.Name()) - if _, ok := ignoredModules[moduleDir.Name()]; ok { - log.Printf("Ignoring '%s:%s'\n", beatName, moduleDir.Name()) + log.Printf("Found module '%s:%s'\n", beatName, moduleName) + if _, ok := ignoredModules[moduleName]; ok { + log.Printf("Ignoring '%s:%s'\n", beatName, moduleName) continue } - _, ok := r.packages[moduleDir.Name()] + _, ok := r.packages[moduleName] if !ok { - r.packages[moduleDir.Name()] = newPackageContent(moduleDir.Name()) + r.packages[moduleName] = newPackageContent(moduleName) } - aPackage := r.packages[moduleDir.Name()] + aPackage := r.packages[moduleName] manifest := aPackage.manifest manifest.Categories = append(manifest.Categories, packageType) aPackage.manifest = manifest + + modulePath := path.Join(beatModulesPath, moduleName) + datasets, err := createDatasets(modulePath) + if err != nil { + return err + } + + aPackage.datasets = datasets r.packages[moduleDir.Name()] = aPackage } return nil } func (r *packageRepository) save(outputDir string) error { - for name, content := range r.packages { + for packageName, content := range r.packages { manifest := content.manifest - log.Printf("Writing package '%s' (version: %s)\n", name, manifest.Version) + log.Printf("Writing package data '%s' (version: %s)\n", packageName, manifest.Version) - path := filepath.Join(outputDir, name+"-"+manifest.Version) - err := os.MkdirAll(path, 0755) + packagePath := filepath.Join(outputDir, packageName+"-"+manifest.Version) + err := os.MkdirAll(packagePath, 0755) if err != nil { - return errors.Wrapf(err, "cannot make directory '%s'", path) + return errors.Wrapf(err, "cannot make directory for module: '%s'", packagePath) } m, err := yaml.Marshal(content.manifest) if err != nil { - return errors.Wrapf(err, "marshaling package content failed (package name: %s)", name) + return errors.Wrapf(err, "marshaling package content failed (package packageName: %s)", packageName) } - manifestFilePath := filepath.Join(path, "manifest.yml") + manifestFilePath := filepath.Join(packagePath, "manifest.yml") err = ioutil.WriteFile(manifestFilePath, m, 0644) if err != nil { return errors.Wrapf(err, "writing manifest file failed (path: %s)", manifestFilePath) } + + for datasetName, dataset := range content.datasets { + datasetPath := filepath.Join(packagePath, "dataset", datasetName) + err := os.MkdirAll(datasetPath, 0755) + if err != nil { + return errors.Wrapf(err, "cannot make directory for dataset: '%s'", datasetPath) + } + + if len(dataset.fields.files) > 0 { + datasetFieldsPath := filepath.Join(datasetPath, "fields") + err := os.MkdirAll(datasetFieldsPath, 0755) + if err != nil { + return errors.Wrapf(err, "cannot make directory for dataset fields: '%s'", datasetPath) + } + + for fieldsFileName, fieldsFile := range dataset.fields.files { + log.Printf("\tWriting file '%s' for dataset '%s'\n", fieldsFileName, datasetName) + + fieldsFilePath := filepath.Join(datasetFieldsPath, fieldsFileName) + err = ioutil.WriteFile(fieldsFilePath, fieldsFile, 0644) + if err != nil { + return errors.Wrapf(err, "writing fields file failed (path: %s)", fieldsFilePath) + } + } + } + } } return nil } diff --git a/dev/packages/beats/activemq-0.0.1/dataset/broker/fields/fields.yml b/dev/packages/beats/activemq-0.0.1/dataset/broker/fields/fields.yml new file mode 100644 index 000000000..889c380e3 --- /dev/null +++ b/dev/packages/beats/activemq-0.0.1/dataset/broker/fields/fields.yml @@ -0,0 +1,51 @@ +- key: activemq + title: "activemq" + release: beta + description: > + activemq module + fields: + - name: activemq + type: group + description: > + fields: + - name: broker + type: group + description: Broker metrics from org.apache.activemq:brokerName=*,type=Broker + release: beta + fields: + - name: mbean + description: Mbean that this event is related to + type: keyword + - name: name + description: Broker name + type: keyword + - name: memory.broker.pct + description: The percentage of the memory limit used. + type: scaled_float + format: percent + - name: memory.store.pct + description: Percent of store limit used. + type: scaled_float + format: percent + - name: memory.temp.pct + description: The percentage of the temp usage limit used. + type: scaled_float + format: percent + - name: connections.count + description: Total number of connections. + type: long + - name: consumers.count + description: Number of message consumers. + type: long + - name: messages.dequeue.count + description: Number of messages that have been acknowledged on the broker. + type: long + - name: messages.enqueue.count + description: Number of messages that have been sent to the destination. + type: long + - name: messages.count + description: Number of unacknowledged messages on the broker. + type: long + - name: producers.count + description: Number of message producers active on destinations on the broker. + type: long diff --git a/dev/packages/beats/activemq-0.0.1/dataset/queue/fields/fields.yml b/dev/packages/beats/activemq-0.0.1/dataset/queue/fields/fields.yml new file mode 100644 index 000000000..c9e24c75f --- /dev/null +++ b/dev/packages/beats/activemq-0.0.1/dataset/queue/fields/fields.yml @@ -0,0 +1,61 @@ +- key: activemq + title: "activemq" + release: beta + description: > + activemq module + fields: + - name: activemq + type: group + description: > + fields: + - name: queue + type: group + description: Queue metrics from org.apache.activemq:brokerName=*,destinationName=*,destinationType=Queue,type=Broker + release: beta + fields: + - name: mbean + description: Mbean that this event is related to + type: keyword + - name: name + description: Queue name + type: keyword + - name: size + description: Queue size + type: long + - name: messages.enqueue.time.avg + description: Average time a message was held on this destination. + type: double + - name: messages.size.avg + description: Average message size on this destination. + type: long + - name: consumers.count + description: Number of consumers subscribed to this destination. + type: long + - name: messages.dequeue.count + description: Number of messages that has been acknowledged (and removed) from the destination. + type: long + - name: messages.dispatch.count + description: Number of messages that has been delivered to consumers, including those not acknowledged. + type: long + - name: messages.enqueue.count + description: Number of messages that have been sent to the destination. + type: long + - name: messages.expired.count + description: Number of messages that have been expired. + type: long + - name: messages.inflight.count + description: Number of messages that have been dispatched to, but not acknowledged by, consumers. + type: long + - name: messages.enqueue.time.max + description: The longest time a message was held on this destination. + type: long + - name: memory.broker.pct + description: Percent of memory limit used. + type: scaled_float + format: percent + - name: messages.enqueue.time.min + description: The shortest time a message was held on this destination. + type: long + - name: producers.count + description: Number of producers attached to this destination. + type: long diff --git a/dev/packages/beats/activemq-0.0.1/dataset/topic/fields/fields.yml b/dev/packages/beats/activemq-0.0.1/dataset/topic/fields/fields.yml new file mode 100644 index 000000000..f4e0e70fe --- /dev/null +++ b/dev/packages/beats/activemq-0.0.1/dataset/topic/fields/fields.yml @@ -0,0 +1,58 @@ +- key: activemq + title: "activemq" + release: beta + description: > + activemq module + fields: + - name: activemq + type: group + description: > + fields: + - name: topic + type: group + description: Topic metrics from org.apache.activemq:brokerName=*,destinationName=*,destinationType=Topic,type=Broker + release: beta + fields: + - name: mbean + description: Mbean that this event is related to + type: keyword + - name: name + description: Topic name + type: keyword + - name: messages.enqueue.time.avg + description: Average time a message was held on this destination. + type: double + - name: messages.size.avg + description: Average message size on this destination. + type: long + - name: consumers.count + description: Number of consumers subscribed to this destination. + type: long + - name: messages.dequeue.count + description: Number of messages that has been acknowledged (and removed) from the destination. + type: long + - name: messages.dispatch.count + description: Number of messages that has been delivered to consumers, including those not acknowledged. + type: long + - name: messages.enqueue.count + description: Number of messages that have been sent to the destination. + type: long + - name: messages.expired.count + description: Number of messages that have been expired. + type: long + - name: messages.inflight.count + description: Number of messages that have been dispatched to, but not acknowledged by, consumers. + type: long + - name: messages.enqueue.time.max + description: The longest time a message was held on this destination. + type: long + - name: memory.broker.pct + description: Percent of memory limit used. + type: scaled_float + format: percent + - name: messages.enqueue.time.min + description: The shortest time a message was held on this destination. + type: long + - name: producers.count + description: Number of producers attached to this destination. + type: long diff --git a/dev/packages/beats/aerospike-0.0.1/dataset/namespace/fields/fields.yml b/dev/packages/beats/aerospike-0.0.1/dataset/namespace/fields/fields.yml new file mode 100644 index 000000000..16e4260d6 --- /dev/null +++ b/dev/packages/beats/aerospike-0.0.1/dataset/namespace/fields/fields.yml @@ -0,0 +1,168 @@ +- key: aerospike + title: "Aerospike" + description: > + Aerospike module + release: ga + fields: + - name: aerospike + type: group + description: > + fields: + - name: namespace + type: group + description: > + namespace + release: ga + fields: + - name: client + type: group + description: > + Client stats. + fields: + - name: delete + type: group + description: > + Client delete transactions stats. + fields: + - name: error + type: long + description: > + Number of client delete transactions that failed with an error. + - name: not_found + type: long + description: > + Number of client delete transactions that resulted in a not found. + - name: success + type: long + description: > + Number of successful client delete transactions. + - name: timeout + type: long + description: > + Number of client delete transactions that timed out. + - name: read + type: group + description: > + Client read transactions stats. + fields: + - name: error + type: long + description: > + Number of client read transaction errors. + - name: not_found + type: long + description: > + Number of client read transaction that resulted in not found. + - name: success + type: long + description: > + Number of successful client read transactions. + - name: timeout + type: long + description: > + Number of client read transaction that timed out. + - name: write + type: group + description: > + Client write transactions stats. + fields: + - name: error + type: long + description: > + Number of client write transactions that failed with an error. + - name: success + type: long + description: > + Number of successful client write transactions. + - name: timeout + type: long + description: > + Number of client write transactions that timed out. + - name: device + type: group + description: > + Disk storage stats + fields: + - name: available.pct + type: scaled_float + format: percent + description: > + Measures the minimum contiguous disk space across all disks in a namespace. + - name: free.pct + type: scaled_float + format: percent + description: > + Percentage of disk capacity free for this namespace. + - name: total.bytes + type: long + format: bytes + description: > + Total bytes of disk space allocated to this namespace on this node. + - name: used.bytes + type: long + format: bytes + description: > + Total bytes of disk space used by this namespace on this node. + - name: hwm_breached + type: boolean + description: > + If true, Aerospike has breached 'high-water-[disk|memory]-pct' for this namespace. + - name: memory + type: group + description: > + Memory storage stats. + fields: + - name: free.pct + type: scaled_float + format: percent + description: > + Percentage of memory capacity free for this namespace on this node. + - name: used.data.bytes + type: long + format: bytes + description: > + Amount of memory occupied by data for this namespace on this node. + - name: used.index.bytes + type: long + format: bytes + description: > + Amount of memory occupied by the index for this namespace on this node. + - name: used.sindex.bytes + type: long + format: bytes + description: > + Amount of memory occupied by secondary indexes for this namespace on this node. + - name: used.total.bytes + type: long + format: bytes + description: > + Total bytes of memory used by this namespace on this node. + - name: name + type: keyword + description: > + Namespace name + - name: node.host + type: keyword + description: > + Node host + - name: node.name + type: keyword + description: > + Node name + - name: objects + type: group + description: > + Records stats. + fields: + - name: master + type: long + description: > + Number of records on this node which are active masters. + - name: total + type: long + description: > + Number of records in this namespace for this node. + - name: stop_writes + type: boolean + description: > + If true this namespace is currently not allowing writes. diff --git a/dev/packages/beats/apache-0.0.1/dataset/status/fields/fields.yml b/dev/packages/beats/apache-0.0.1/dataset/status/fields/fields.yml new file mode 100644 index 000000000..40f5b12bd --- /dev/null +++ b/dev/packages/beats/apache-0.0.1/dataset/status/fields/fields.yml @@ -0,0 +1,183 @@ +- key: apache + title: "Apache" + description: > + Apache HTTPD server metricsets collected from the Apache web server. + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: apache + type: group + description: > + `apache` contains the metrics that were scraped from Apache. + fields: + - name: status + type: group + release: ga + description: > + `status` contains the metrics that were scraped from the Apache status page. + fields: + - name: hostname + type: keyword + description: > + Apache hostname. + - name: total_accesses + type: long + description: > + Total number of access requests. + - name: total_kbytes + type: long + description: > + Total number of kilobytes served. + - name: requests_per_sec + type: scaled_float + description: > + Requests per second. + - name: bytes_per_sec + type: scaled_float + description: > + Bytes per second. + - name: bytes_per_request + type: scaled_float + description: > + Bytes per request. + - name: workers.busy + type: long + description: > + Number of busy workers. + - name: workers.idle + type: long + description: > + Number of idle workers. + - name: uptime + type: group + description: > + Uptime stats. + fields: + - name: server_uptime + type: long + description: > + Server uptime in seconds. + - name: uptime + type: long + description: > + Server uptime. + - name: cpu + type: group + description: > + CPU stats. + fields: + - name: load + type: scaled_float + description: > + CPU Load. + - name: user + type: scaled_float + description: > + CPU user load. + - name: system + type: scaled_float + description: > + System cpu. + - name: children_user + type: scaled_float + description: > + CPU of children user. + - name: children_system + type: scaled_float + description: > + CPU of children system. + - name: connections + type: group + description: > + Connection stats. + fields: + - name: total + type: long + description: > + Total connections. + - name: async.writing + type: long + description: > + Async connection writing. + - name: async.keep_alive + type: long + description: > + Async keeped alive connections. + - name: async.closing + type: long + description: > + Async closed connections. + - name: load + type: group + description: > + Load averages. + fields: + - name: "1" + type: scaled_float + scaling_factor: 100 + description: > + Load average for the last minute. + - name: "5" + type: scaled_float + scaling_factor: 100 + description: > + Load average for the last 5 minutes. + - name: "15" + type: scaled_float + scaling_factor: 100 + description: > + Load average for the last 15 minutes. + - name: scoreboard + type: group + description: > + Scoreboard metrics. + fields: + - name: starting_up + type: long + description: > + Starting up. + - name: reading_request + type: long + description: > + Reading requests. + - name: sending_reply + type: long + description: > + Sending Reply. + - name: keepalive + type: long + description: > + Keep alive. + - name: dns_lookup + type: long + description: > + Dns Lookups. + - name: closing_connection + type: long + description: > + Closing connections. + - name: logging + type: long + description: > + Logging + - name: gracefully_finishing + type: long + description: > + Gracefully finishing. + - name: idle_cleanup + type: long + description: > + Idle cleanups. + - name: open_slot + type: long + description: > + Open slots. + - name: waiting_for_connection + type: long + description: > + Waiting for connections. + - name: total + type: long + description: > + Total. diff --git a/dev/packages/beats/appsearch-0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/appsearch-0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 000000000..2a2fb59dd --- /dev/null +++ b/dev/packages/beats/appsearch-0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,130 @@ +- key: appsearch + title: "App Search" + release: beta + description: > + App Search module + fields: + - name: appsearch + type: group + description: > + fields: + - name: stats + type: group + release: beta + description: > + App Search stats + fields: + - name: jvm + type: group + description: > + JVM stats + fields: + - name: memory_usage + type: group + description: > + Memory usage + fields: + - name: heap_init.bytes + type: long + description: > + Heap init used by the JVM in bytes. + - name: heap_used.bytes + type: long + description: > + Heap used by the JVM in bytes. + - name: heap_committed.bytes + type: long + description: > + Committed heap to the JVM in bytes. + - name: heap_max.bytes + type: long + description: > + Max heap used by the JVM in bytes + - name: non_heap_init.bytes + type: long + description: > + Non-Heap initial memory used by the JVM in bytes. + - name: non_heap_committed.bytes + type: long + description: > + Non-Heap committed memory used by the JVM in bytes. + - name: queues + type: group + description: > + Worker queues + fields: + - name: analytics_events.count + type: long + description: > + Number of pending jobs in the `analytics_events` queue. + - name: document_destroyer.count + type: long + description: > + Number of pending jobs in the `document_destroyer` queue. + - name: engine_destroyer.count + type: long + description: > + Number of pending jobs in the `engine_destroyer` queue. + - name: index_adder.count + type: long + description: > + Number of pending jobs in the `index_adder` queue. + - name: indexed_doc_remover.count + type: long + description: > + Number of pending jobs in the `indexed_doc_remover` queue. + - name: mailer.count + type: long + description: > + Number of pending jobs in the `mailer` queue. + - name: refresh_document_counts.count + type: long + description: > + Number of pending jobs in the `refresh_document_counts` queue. + - name: reindexer.count + type: long + description: > + Number of pending jobs in the `reindexer` queue. + - name: schema_updater.count + type: long + description: > + Number of pending jobs in the `schema_updater` queue. + - name: failed.count + type: long + description: > + Number of failed jobs waiting to be retried. + - name: requests + type: group + description: > + Request metrics + fields: + - name: count + type: long + description: > + Number of recently completed requests + - name: api.duration + type: group + description: > + API response time metrics + fields: + - name: avg.ms + type: long + description: > + Average response time in milliseconds + - name: max.ms + type: long + description: > + Max response time in milliseconds + - name: web.response_time + type: group + description: > + Dashboard response time metrics + fields: + - name: avg.ms + type: long + description: > + Average response time in milliseconds + - name: max.ms + type: long + description: > + Max response time in milliseconds diff --git a/dev/packages/beats/auditd-0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/auditd-0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 000000000..520ec3692 --- /dev/null +++ b/dev/packages/beats/auditd-0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,310 @@ +- key: auditd + title: "Auditd" + description: > + Module for parsing auditd logs. + short_config: true + fields: + + - name: user + type: group + fields: + + - name: terminal + type: keyword + description: > + Terminal or tty device on which the user is performing the observed activity. + + - name: audit + type: group + fields: + - name: id + type: keyword + description: > + One or multiple unique identifiers of the user. + - name: name + type: keyword + example: albert + description: > + Short name or login of the user. + + - name: group.id + type: keyword + description: > + Unique identifier for the group on the system/platform. + - name: group.name + type: keyword + description: > + Name of the group. + + - name: effective + type: group + fields: + - name: id + type: keyword + description: > + One or multiple unique identifiers of the user. + - name: name + type: keyword + example: albert + description: > + Short name or login of the user. + - name: group.id + type: keyword + description: > + Unique identifier for the group on the system/platform. + - name: group.name + type: keyword + description: > + Name of the group. + + - name: filesystem + type: group + fields: + - name: id + type: keyword + description: > + One or multiple unique identifiers of the user. + - name: name + type: keyword + example: albert + description: > + Short name or login of the user. + - name: group.id + type: keyword + description: > + Unique identifier for the group on the system/platform. + - name: group.name + type: keyword + description: > + Name of the group. + + - name: owner + type: group + fields: + - name: id + type: keyword + description: > + One or multiple unique identifiers of the user. + - name: name + type: keyword + example: albert + description: > + Short name or login of the user. + - name: group.id + type: keyword + description: > + Unique identifier for the group on the system/platform. + - name: group.name + type: keyword + description: > + Name of the group. + + - name: saved + type: group + fields: + - name: id + type: keyword + description: > + One or multiple unique identifiers of the user. + - name: name + type: keyword + example: albert + description: > + Short name or login of the user. + - name: group.id + type: keyword + description: > + Unique identifier for the group on the system/platform. + - name: group.name + type: keyword + description: > + Name of the group. + + - name: auditd + type: group + description: > + Fields from the auditd logs. + fields: + - name: log + type: group + description: > + Fields from the Linux audit log. Not all fields are documented here because + they are dynamic and vary by audit event type. + fields: + - name: old_auid + description: > + For login events this is the old audit ID used for the user prior to + this login. + - name: new_auid + description: > + For login events this is the new audit ID. The audit ID can be used to + trace future events to the user even if their identity changes (like + becoming root). + - name: old_ses + description: > + For login events this is the old session ID used for the user prior to + this login. + - name: new_ses + description: > + For login events this is the new session ID. It can be used to tie a + user to future events by session ID. + - name: sequence + type: long + description: > + The audit event sequence number. + - name: items + description: > + The number of items in an event. + - name: item + description: > + The item field indicates which item out of the total number of items. + This number is zero-based; a value of 0 means it is the first item. + - name: tty + type: keyword + definition: > + TTY udevice the user is running programs on. + - name: a0 + description: > + The first argument to the system call. + - name: addr + type: ip + definition: > + Remote address that the user is connecting from. + - name: rport + type: long + definition: > + Remote port number. + - name: laddr + type: ip + definition: > + Local network address. + - name: lport + type: long + definition: > + Local port number. + + - name: acct + type: alias + path: user.name + migration: true + - name: pid + type: alias + path: process.pid + migration: true + - name: ppid + type: alias + path: process.ppid + migration: true + - name: res + type: alias + path: event.outcome + migration: true + - name: record_type + type: alias + path: event.action + migration: true + - name: geoip + type: group + fields: + - name: continent_name + type: alias + path: source.geo.continent_name + migration: true + - name: country_iso_code + type: alias + path: source.geo.country_iso_code + migration: true + - name: location + type: alias + path: source.geo.location + migration: true + - name: region_name + type: alias + path: source.geo.region_name + migration: true + - name: city_name + type: alias + path: source.geo.city_name + migration: true + - name: region_iso_code + type: alias + path: source.geo.region_iso_code + migration: true + + # Fields below were not defined in 6.x but were still being populated. + - name: arch + type: alias + path: host.architecture + migration: true + - name: gid + type: alias + path: user.group.id + migration: true + - name: uid + type: alias + path: user.id + migration: true + - name: agid + type: alias + path: user.audit.group.id + migration: true + - name: auid + type: alias + path: user.audit.id + migration: true + - name: fsgid + type: alias + path: user.filesystem.group.id + migration: true + - name: fsuid + type: alias + path: user.filesystem.id + migration: true + - name: egid + type: alias + path: user.effective.group.id + migration: true + - name: euid + type: alias + path: user.effective.id + migration: true + - name: sgid + type: alias + path: user.saved.group.id + migration: true + - name: suid + type: alias + path: user.saved.id + migration: true + - name: ogid + type: alias + path: user.owner.group.id + migration: true + - name: ouid + type: alias + path: user.owner.id + migration: true + - name: comm + type: alias + path: process.name + migration: true + - name: exe + type: alias + path: process.executable + migration: true + - name: terminal + type: alias + path: user.terminal + migration: true + - name: msg + type: alias + path: message + migration: true + - name: src + type: alias + path: source.address + migration: true + - name: dst + type: alias + path: destination.address + migration: true diff --git a/dev/packages/beats/aws-0.0.1/dataset/billing/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/billing/fields/fields.yml new file mode 100644 index 000000000..55e5b0814 --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/billing/fields/fields.yml @@ -0,0 +1,42 @@ +- key: aws + title: "aws" + description: > + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. + release: ga + fields: + - name: cloud.account.name + type: keyword + description: > + The cloud account name or alias used to identify different entities in a multi-tenant environment. + - name: aws + type: group + description: > + fields: + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: > + Name of a S3 bucket. + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Metric dimensions. + - name: '*.metrics.*.*' + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Metrics that returned from Cloudwatch API query. + - name: billing + type: group + description: > + `billing` contains the estimated charges for your AWS account in Cloudwatch. + release: beta + fields: diff --git a/dev/packages/beats/aws-0.0.1/dataset/cloudwatch/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/cloudwatch/fields/fields.yml new file mode 100644 index 000000000..225b3296d --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/cloudwatch/fields/fields.yml @@ -0,0 +1,46 @@ +- key: aws + title: "aws" + description: > + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. + release: ga + fields: + - name: cloud.account.name + type: keyword + description: > + The cloud account name or alias used to identify different entities in a multi-tenant environment. + - name: aws + type: group + description: > + fields: + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: > + Name of a S3 bucket. + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Metric dimensions. + - name: '*.metrics.*.*' + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Metrics that returned from Cloudwatch API query. + - name: cloudwatch + type: group + description: > + `cloudwatch` contains the metrics that were scraped from AWS CloudWatch which contains monitoring metrics sent by different namespaces. + release: ga + fields: + - name: namespace + type: keyword + description: > + The namespace specified when query cloudwatch api. diff --git a/dev/packages/beats/aws-0.0.1/dataset/dynamodb/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/dynamodb/fields/fields.yml new file mode 100644 index 000000000..c6ccfb77d --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/dynamodb/fields/fields.yml @@ -0,0 +1,42 @@ +- key: aws + title: "aws" + description: > + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. + release: ga + fields: + - name: cloud.account.name + type: keyword + description: > + The cloud account name or alias used to identify different entities in a multi-tenant environment. + - name: aws + type: group + description: > + fields: + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: > + Name of a S3 bucket. + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Metric dimensions. + - name: '*.metrics.*.*' + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Metrics that returned from Cloudwatch API query. + - name: dynamodb + type: group + description: > + `dynamodb` contains the metrics that were scraped from AWS CloudWatch which contains monitoring metrics sent by AWS DynamoDB. + release: beta + fields: diff --git a/dev/packages/beats/aws-0.0.1/dataset/ebs/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/ebs/fields/fields.yml new file mode 100644 index 000000000..55ed30e11 --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/ebs/fields/fields.yml @@ -0,0 +1,42 @@ +- key: aws + title: "aws" + description: > + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. + release: ga + fields: + - name: cloud.account.name + type: keyword + description: > + The cloud account name or alias used to identify different entities in a multi-tenant environment. + - name: aws + type: group + description: > + fields: + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: > + Name of a S3 bucket. + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Metric dimensions. + - name: '*.metrics.*.*' + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Metrics that returned from Cloudwatch API query. + - name: ebs + type: group + description: > + `ebs` contains the metrics that were scraped from AWS CloudWatch which contains monitoring metrics sent by AWS EBS. + release: ga + fields: diff --git a/dev/packages/beats/aws-0.0.1/dataset/ec2/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/ec2/fields/fields.yml new file mode 100644 index 000000000..ebe4f3836 --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/ec2/fields/fields.yml @@ -0,0 +1,182 @@ +- key: aws + title: "aws" + description: > + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. + release: ga + fields: + - name: cloud.account.name + type: keyword + description: > + The cloud account name or alias used to identify different entities in a multi-tenant environment. + - name: aws + type: group + description: > + fields: + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: > + Name of a S3 bucket. + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Metric dimensions. + - name: '*.metrics.*.*' + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Metrics that returned from Cloudwatch API query. + - name: ec2 + type: group + description: > + `ec2` contains the metrics that were scraped from AWS CloudWatch which contains monitoring metrics sent by AWS EC2. + release: ga + fields: + - name: cpu.total.pct + type: scaled_float + description: > + The percentage of allocated EC2 compute units that are currently in use on the instance. + - name: cpu.credit_usage + type: long + description: > + The number of CPU credits spent by the instance for CPU utilization. + - name: cpu.credit_balance + type: long + description: > + The number of earned CPU credits that an instance has accrued since it was launched or started. + - name: cpu.surplus_credit_balance + type: long + description: > + The number of surplus credits that have been spent by an unlimited instance when its CPUCreditBalance value is zero. + - name: cpu.surplus_credits_charged + type: long + description: > + The number of spent surplus credits that are not paid down by earned CPU credits, and which thus incur an additional charge. + - name: network.in.packets + type: long + description: > + The number of packets received on all network interfaces by the instance. + - name: network.in.packets_per_sec + type: long + description: > + The number of packets per second sent out on all network interfaces by the instance. + - name: network.out.packets + type: long + description: > + The number of packets sent out on all network interfaces by the instance. + - name: network.out.packets_per_sec + type: long + description: > + The number of packets per second sent out on all network interfaces by the instance. + - name: network.in.bytes + type: long + format: bytes + description: > + The number of bytes received on all network interfaces by the instance. + - name: network.in.bytes_per_sec + type: long + description: > + The number of bytes per second received on all network interfaces by the instance. + - name: network.out.bytes + type: long + format: bytes + description: > + The number of bytes sent out on all network interfaces by the instance. + - name: network.out.bytes_per_sec + type: long + description: > + The number of bytes per second sent out on all network interfaces by the instance. + - name: diskio.read.bytes + type: long + format: bytes + description: > + Bytes read from all instance store volumes available to the instance. + - name: diskio.read.bytes_per_sec + type: long + description: > + Bytes read per second from all instance store volumes available to the instance. + - name: diskio.write.bytes + type: long + format: bytes + description: > + Bytes written to all instance store volumes available to the instance. + - name: diskio.write.bytes_per_sec + type: long + description: > + Bytes written per second to all instance store volumes available to the instance. + - name: diskio.read.ops + type: long + description: > + Completed read operations from all instance store volumes available to the instance in a specified period of time. + - name: diskio.read.ops_per_sec + type: long + description: > + Completed read operations per second from all instance store volumes available to the instance in a specified period of time. + - name: diskio.write.ops + type: long + description: > + Completed write operations to all instance store volumes available to the instance in a specified period of time. + - name: diskio.write.ops_per_sec + type: long + description: > + Completed write operations per second to all instance store volumes available to the instance in a specified period of time. + - name: status.check_failed + type: long + description: > + Reports whether the instance has passed both the instance status check and the system status check in the last minute. + - name: status.check_failed_system + type: long + description: > + Reports whether the instance has passed the system status check in the last minute. + - name: status.check_failed_instance + type: long + description: > + Reports whether the instance has passed the instance status check in the last minute. + - name: instance.core.count + type: integer + description: > + The number of CPU cores for the instance. + - name: instance.image.id + type: keyword + description: > + The ID of the image used to launch the instance. + - name: instance.monitoring.state + type: keyword + description: > + Indicates whether detailed monitoring is enabled. + - name: instance.private.dns_name + type: keyword + description: > + The private DNS name of the network interface. + - name: instance.private.ip + type: ip + description: > + The private IPv4 address associated with the network interface. + - name: instance.public.dns_name + type: keyword + description: > + The public DNS name of the instance. + - name: instance.public.ip + type: ip + description: > + The address of the Elastic IP address (IPv4) bound to the network interface. + - name: instance.state.code + type: integer + description: > + The state of the instance, as a 16-bit unsigned integer. + - name: instance.state.name + type: keyword + description: > + The state of the instance (pending | running | shutting-down | terminated | stopping | stopped). + - name: instance.threads_per_core + type: integer + description: > + The number of threads per CPU core. diff --git a/dev/packages/beats/aws-0.0.1/dataset/elb/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/elb/fields/fields.yml new file mode 100644 index 000000000..2ee47b3cd --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/elb/fields/fields.yml @@ -0,0 +1,42 @@ +- key: aws + title: "aws" + description: > + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. + release: ga + fields: + - name: cloud.account.name + type: keyword + description: > + The cloud account name or alias used to identify different entities in a multi-tenant environment. + - name: aws + type: group + description: > + fields: + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: > + Name of a S3 bucket. + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Metric dimensions. + - name: '*.metrics.*.*' + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Metrics that returned from Cloudwatch API query. + - name: elb + type: group + description: > + `elb` contains the metrics that were scraped from AWS CloudWatch which contains monitoring metrics sent by AWS ELB. + release: ga + fields: diff --git a/dev/packages/beats/aws-0.0.1/dataset/lambda/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/lambda/fields/fields.yml new file mode 100644 index 000000000..3374c59cf --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/lambda/fields/fields.yml @@ -0,0 +1,42 @@ +- key: aws + title: "aws" + description: > + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. + release: ga + fields: + - name: cloud.account.name + type: keyword + description: > + The cloud account name or alias used to identify different entities in a multi-tenant environment. + - name: aws + type: group + description: > + fields: + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: > + Name of a S3 bucket. + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Metric dimensions. + - name: '*.metrics.*.*' + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Metrics that returned from Cloudwatch API query. + - name: lambda + type: group + description: > + `lambda` contains the metrics that were scraped from AWS CloudWatch which contains monitoring metrics sent by AWS Lambda. + release: beta + fields: diff --git a/dev/packages/beats/aws-0.0.1/dataset/rds/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/rds/fields/fields.yml new file mode 100644 index 000000000..b4e0b74b3 --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/rds/fields/fields.yml @@ -0,0 +1,357 @@ +- key: aws + title: "aws" + description: > + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. + release: ga + fields: + - name: cloud.account.name + type: keyword + description: > + The cloud account name or alias used to identify different entities in a multi-tenant environment. + - name: aws + type: group + description: > + fields: + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: > + Name of a S3 bucket. + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Metric dimensions. + - name: '*.metrics.*.*' + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Metrics that returned from Cloudwatch API query. + - name: rds + type: group + description: > + `rds` contains the metrics that were scraped from AWS CloudWatch which contains monitoring metrics sent by AWS RDS. + release: ga + fields: + - name: cpu.total.pct + type: scaled_float + format: percent + description: > + The percentage of CPU utilization. + - name: cpu.credit_usage + type: long + description: > + The number of CPU credits spent by the instance for CPU utilization. + - name: cpu.credit_balance + type: long + description: > + The number of earned CPU credits that an instance has accrued since it was launched or started. + - name: database_connections + type: long + description: > + The number of database connections in use. + - name: db_instance.arn + type: keyword + description: > + Amazon Resource Name(ARN) for each rds. + - name: db_instance.class + type: keyword + description: > + Contains the name of the compute and memory capacity class of the DB instance. + - name: db_instance.identifier + type: keyword + description: > + Contains a user-supplied database identifier. This identifier is the unique key that identifies a DB instance. + - name: db_instance.status + type: keyword + description: > + Specifies the current state of this database. + - name: disk_queue_depth + type: float + description: > + The number of outstanding IOs (read/write requests) waiting to access the disk. + - name: failed_sql_server_agent_jobs + type: long + description: > + The number of failed SQL Server Agent jobs during the last minute. + - name: freeable_memory.bytes + type: long + format: bytes + description: > + The amount of available random access memory. + - name: free_storage.bytes + type: long + format: bytes + description: > + The amount of available storage space. + - name: maximum_used_transaction_ids + type: long + description: > + The maximum transaction ID that has been used. Applies to PostgreSQL. + - name: oldest_replication_slot_lag.mb + type: long + description: > + The lagging size of the replica lagging the most in terms of WAL data received. Applies to PostgreSQL. + - name: read_io.ops_per_sec + type: float + description: > + The average number of disk read I/O operations per second. + - name: replica_lag.sec + type: long + format: duration + description: > + The amount of time a Read Replica DB instance lags behind the source DB instance. Applies to MySQL, MariaDB, and PostgreSQL Read Replicas. + - name: swap_usage.bytes + type: long + format: bytes + description: > + The amount of swap space used on the DB instance. This metric is not available for SQL Server. + - name: transaction_logs_generation + type: long + description: > + The disk space used by transaction logs. Applies to PostgreSQL. + - name: write_io.ops_per_sec + type: float + description: > + The average number of disk write I/O operations per second. + - name: queries + type: long + description: > + The average number of queries executed per second. + - name: deadlocks + type: long + description: > + The average number of deadlocks in the database per second. + - name: volume_used.bytes + type: long + format: bytes + description: > + The amount of storage used by your Aurora DB instance, in bytes. + - name: volume.read.iops + type: long + format: bytes + description: > + The number of billed read I/O operations from a cluster volume, reported at 5-minute intervals. + - name: volume.write.iops + type: long + format: bytes + description: > + The number of write disk I/O operations to the cluster volume, reported at 5-minute intervals. + - name: free_local_storage.bytes + type: long + format: bytes + description: > + The amount of storage available for temporary tables and logs, in bytes. + - name: login_failures + type: long + description: > + The average number of failed login attempts per second. + - name: throughput.commit + type: float + description: > + The average number of commit operations per second. + - name: throughput.delete + type: float + description: > + The average number of delete queries per second. + - name: throughput.ddl + type: float + description: > + The average number of DDL requests per second. + - name: throughput.dml + type: float + description: > + The average number of inserts, updates, and deletes per second. + - name: throughput.insert + type: float + description: > + The average number of insert queries per second. + - name: throughput.network + type: float + description: > + The amount of network throughput both received from and transmitted to clients by each instance in the Aurora MySQL DB cluster, in bytes per second. + - name: throughput.network_receive + type: float + description: > + The incoming (Receive) network traffic on the DB instance, including both customer database traffic and Amazon RDS traffic used for monitoring and replication. + - name: throughput.network_transmit + type: float + description: > + The outgoing (Transmit) network traffic on the DB instance, including both customer database traffic and Amazon RDS traffic used for monitoring and replication. + - name: throughput.read + type: float + description: > + The average amount of time taken per disk I/O operation. + - name: throughput.select + type: float + description: > + The average number of select queries per second. + - name: throughput.update + type: float + description: > + The average number of update queries per second. + - name: throughput.write + type: float + description: > + The average number of bytes written to disk per second. + - name: latency.commit + type: float + format: duration + description: > + The amount of latency for commit operations, in milliseconds. + - name: latency.ddl + type: float + format: duration + description: > + The amount of latency for data definition language (DDL) requests, in milliseconds. + - name: latency.dml + type: float + format: duration + description: > + The amount of latency for inserts, updates, and deletes, in milliseconds. + - name: latency.insert + type: float + format: duration + description: > + The amount of latency for insert queries, in milliseconds. + - name: latency.read + type: float + format: duration + description: > + The average amount of time taken per disk I/O operation. + - name: latency.select + type: float + format: duration + description: > + The amount of latency for select queries, in milliseconds. + - name: latency.update + type: float + format: duration + description: > + The amount of latency for update queries, in milliseconds. + - name: latency.write + type: float + format: duration + description: > + The average amount of time taken per disk I/O operation. + - name: latency.delete + type: float + format: duration + description: > + The amount of latency for delete queries, in milliseconds. + - name: disk_usage.bin_log.bytes + type: long + format: bytes + description: > + The amount of disk space occupied by binary logs on the master. Applies to MySQL read replicas. + - name: disk_usage.replication_slot.mb + type: long + description: > + The disk space used by replication slot files. Applies to PostgreSQL. + - name: disk_usage.transaction_logs.mb + type: long + description: > + The disk space used by transaction logs. Applies to PostgreSQL. + - name: transactions.active + type: long + description: > + The average number of current transactions executing on an Aurora database instance per second. + - name: transactions.blocked + type: long + description: > + The average number of transactions in the database that are blocked per second. + - name: db_instance.db_cluster_identifier + type: keyword + description: > + This identifier is the unique key that identifies a DB cluster specifically for Amazon Aurora DB cluster. + - name: db_instance.role + type: keyword + description: > + DB roles like WRITER or READER, specifically for Amazon Aurora DB cluster. + - name: db_instance.engine_name + type: keyword + description: > + Each DB instance runs a DB engine, like MySQL, MariaDB, PostgreSQL and etc. + - name: aurora_bin_log_replica_lag + type: long + description: > + The amount of time a replica DB cluster running on Aurora with MySQL compatibility lags behind the source DB cluster. + - name: aurora_global_db.replicated_write_io.bytes + type: long + description: > + In an Aurora Global Database, the number of write I/O operations replicated from the primary AWS Region to the cluster volume in a secondary AWS Region. + - name: aurora_global_db.data_transfer.bytes + type: long + description: > + In an Aurora Global Database, the amount of redo log data transferred from the master AWS Region to a secondary AWS Region. + - name: aurora_global_db.replication_lag.ms + type: long + description: > + For an Aurora Global Database, the amount of lag when replicating updates from the primary AWS Region, in milliseconds. + - name: aurora_replica.lag.ms + type: long + description: > + For an Aurora Replica, the amount of lag when replicating updates from the primary instance, in milliseconds. + - name: aurora_replica.lag_max.ms + type: long + description: > + The maximum amount of lag between the primary instance and each Aurora DB instance in the DB cluster, in milliseconds. + - name: aurora_replica.lag_min.ms + type: long + description: > + The minimum amount of lag between the primary instance and each Aurora DB instance in the DB cluster, in milliseconds. + - name: backtrack_change_records.creation_rate + type: long + description: > + The number of backtrack change records created over five minutes for your DB cluster. + - name: backtrack_change_records.stored + type: long + description: > + The actual number of backtrack change records used by your DB cluster. + - name: backtrack_window.actual + type: long + description: > + The difference between the target backtrack window and the actual backtrack window. + - name: backtrack_window.alert + type: long + description: > + The number of times that the actual backtrack window is smaller than the target backtrack window for a given period of time. + - name: storage_used.backup_retention_period.bytes + type: long + description: > + The total amount of backup storage in bytes used to support the point-in-time restore feature within the Aurora DB cluster's backup retention window. + - name: storage_used.snapshot.bytes + type: long + description: > + The total amount of backup storage in bytes consumed by all Aurora snapshots for an Aurora DB cluster outside its backup retention window. + - name: cache_hit_ratio.buffer + type: long + description: > + The percentage of requests that are served by the buffer cache. + - name: cache_hit_ratio.result_set + type: long + description: > + The percentage of requests that are served by the Resultset cache. + - name: engine_uptime.sec + type: long + description: > + The amount of time that the instance has been running, in seconds. + - name: rds_to_aurora_postgresql_replica_lag.sec + type: long + description: > + The amount of lag in seconds when replicating updates from the primary RDS PostgreSQL instance to other nodes in the cluster. + - name: backup_storage_billed_total.bytes + type: long + description: > + The total amount of backup storage in bytes for which you are billed for a given Aurora DB cluster. + - name: aurora_volume_left_total.bytes + type: long + description: > + The remaining available space for the cluster volume, measured in bytes. diff --git a/dev/packages/beats/aws-0.0.1/dataset/s3_daily_storage/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/s3_daily_storage/fields/fields.yml new file mode 100644 index 000000000..afd5633ea --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/s3_daily_storage/fields/fields.yml @@ -0,0 +1,51 @@ +- key: aws + title: "aws" + description: > + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. + release: ga + fields: + - name: cloud.account.name + type: keyword + description: > + The cloud account name or alias used to identify different entities in a multi-tenant environment. + - name: aws + type: group + description: > + fields: + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: > + Name of a S3 bucket. + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Metric dimensions. + - name: '*.metrics.*.*' + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Metrics that returned from Cloudwatch API query. + - name: s3_daily_storage + type: group + description: > + `s3_daily_storage` contains the daily storage metrics that were scraped from AWS CloudWatch which contains monitoring metrics sent by AWS S3. + release: ga + fields: + - name: bucket.size.bytes + type: long + format: bytes + description: > + The amount of data in bytes stored in a bucket. + - name: number_of_objects + type: long + description: > + The total number of objects stored in a bucket for all storage classes. diff --git a/dev/packages/beats/aws-0.0.1/dataset/s3_request/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/s3_request/fields/fields.yml new file mode 100644 index 000000000..0ff4cb176 --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/s3_request/fields/fields.yml @@ -0,0 +1,112 @@ +- key: aws + title: "aws" + description: > + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. + release: ga + fields: + - name: cloud.account.name + type: keyword + description: > + The cloud account name or alias used to identify different entities in a multi-tenant environment. + - name: aws + type: group + description: > + fields: + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: > + Name of a S3 bucket. + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Metric dimensions. + - name: '*.metrics.*.*' + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Metrics that returned from Cloudwatch API query. + - name: s3_request + type: group + description: > + `s3_request` contains request metrics that were scraped from AWS CloudWatch which contains monitoring metrics sent by AWS S3. + release: ga + fields: + - name: requests.total + type: long + description: > + The total number of HTTP requests made to an Amazon S3 bucket, regardless of type. + - name: requests.get + type: long + description: > + The number of HTTP GET requests made for objects in an Amazon S3 bucket. + - name: requests.put + type: long + description: > + The number of HTTP PUT requests made for objects in an Amazon S3 bucket. + - name: requests.delete + type: long + description: > + The number of HTTP DELETE requests made for objects in an Amazon S3 bucket. + - name: requests.head + type: long + description: > + The number of HTTP HEAD requests made to an Amazon S3 bucket. + - name: requests.post + type: long + description: > + The number of HTTP POST requests made to an Amazon S3 bucket. + - name: requests.select + type: long + description: > + The number of Amazon S3 SELECT Object Content requests made for objects in an Amazon S3 bucket. + - name: requests.select_scanned.bytes + type: long + format: bytes + description: > + The number of bytes of data scanned with Amazon S3 SELECT Object Content requests in an Amazon S3 bucket. + - name: requests.select_returned.bytes + type: long + format: bytes + description: > + The number of bytes of data returned with Amazon S3 SELECT Object Content requests in an Amazon S3 bucket. + - name: requests.list + type: long + description: > + The number of HTTP requests that list the contents of a bucket. + - name: downloaded.bytes + type: long + format: bytes + description: > + The number bytes downloaded for requests made to an Amazon S3 bucket, where the response includes a body. + - name: uploaded.bytes + type: long + format: bytes + description: > + The number bytes uploaded that contain a request body, made to an Amazon S3 bucket. + - name: errors.4xx + type: long + description: > + The number of HTTP 4xx client error status code requests made to an Amazon S3 bucket with a value of either 0 or 1. + - name: errors.5xx + type: long + description: > + The number of HTTP 5xx server error status code requests made to an Amazon S3 bucket with a value of either 0 or 1. + - name: latency.first_byte.ms + type: long + format: duration + description: > + The per-request time from the complete request being received by an Amazon S3 bucket to when the response starts to be returned. + - name: latency.total_request.ms + type: long + format: duration + description: > + The elapsed per-request time from the first byte received to the last byte sent to an Amazon S3 bucket. diff --git a/dev/packages/beats/aws-0.0.1/dataset/sns/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/sns/fields/fields.yml new file mode 100644 index 000000000..ab6b770c9 --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/sns/fields/fields.yml @@ -0,0 +1,42 @@ +- key: aws + title: "aws" + description: > + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. + release: ga + fields: + - name: cloud.account.name + type: keyword + description: > + The cloud account name or alias used to identify different entities in a multi-tenant environment. + - name: aws + type: group + description: > + fields: + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: > + Name of a S3 bucket. + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Metric dimensions. + - name: '*.metrics.*.*' + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Metrics that returned from Cloudwatch API query. + - name: sns + type: group + description: > + `sns` contains the metrics that were scraped from AWS CloudWatch which contains monitoring metrics sent by AWS SNS. + release: beta + fields: diff --git a/dev/packages/beats/aws-0.0.1/dataset/sqs/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/sqs/fields/fields.yml new file mode 100644 index 000000000..ac5365e4c --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/sqs/fields/fields.yml @@ -0,0 +1,84 @@ +- key: aws + title: "aws" + description: > + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. + release: ga + fields: + - name: cloud.account.name + type: keyword + description: > + The cloud account name or alias used to identify different entities in a multi-tenant environment. + - name: aws + type: group + description: > + fields: + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: > + Name of a S3 bucket. + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Metric dimensions. + - name: '*.metrics.*.*' + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Metrics that returned from Cloudwatch API query. + - name: sqs + type: group + description: > + `sqs` contains the metrics that were scraped from AWS CloudWatch which contains monitoring metrics sent by AWS SQS. + release: ga + fields: + - name: oldest_message_age.sec + type: long + format: duration + description: > + The approximate age of the oldest non-deleted message in the queue. + - name: messages.delayed + type: long + description: > + TThe number of messages in the queue that are delayed and not available for reading immediately. + - name: messages.not_visible + type: long + description: > + The number of messages that are in flight. + - name: messages.visible + type: long + description: > + The number of messages available for retrieval from the queue. + - name: messages.deleted + type: long + description: > + The number of messages deleted from the queue. + - name: messages.received + type: long + description: > + The number of messages returned by calls to the ReceiveMessage action. + - name: messages.sent + type: long + description: > + The number of messages added to a queue. + - name: empty_receives + type: long + description: > + The number of ReceiveMessage API calls that did not return a message. + - name: sent_message_size.bytes + type: long + format: bytes + description: > + The size of messages added to a queue. + - name: queue.name + type: keyword + description: > + SQS queue name diff --git a/dev/packages/beats/aws-0.0.1/dataset/usage/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/usage/fields/fields.yml new file mode 100644 index 000000000..0a548f9b8 --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/usage/fields/fields.yml @@ -0,0 +1,42 @@ +- key: aws + title: "aws" + description: > + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. + release: ga + fields: + - name: cloud.account.name + type: keyword + description: > + The cloud account name or alias used to identify different entities in a multi-tenant environment. + - name: aws + type: group + description: > + fields: + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: > + Name of a S3 bucket. + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Metric dimensions. + - name: '*.metrics.*.*' + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Metrics that returned from Cloudwatch API query. + - name: usage + type: group + description: > + `usage` contains the metrics from Cloudwatch to track usage of some AWS resources. + release: beta + fields: diff --git a/dev/packages/beats/aws-0.0.1/dataset/vpc/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/vpc/fields/fields.yml new file mode 100644 index 000000000..ec4cb6d41 --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/vpc/fields/fields.yml @@ -0,0 +1,42 @@ +- key: aws + title: "aws" + description: > + `aws` module collects AWS monitoring metrics from AWS Cloudwatch. + release: ga + fields: + - name: cloud.account.name + type: keyword + description: > + The cloud account name or alias used to identify different entities in a multi-tenant environment. + - name: aws + type: group + description: > + fields: + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Tag key value pairs from aws resources. + - name: s3.bucket.name + type: keyword + description: > + Name of a S3 bucket. + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Metric dimensions. + - name: '*.metrics.*.*' + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Metrics that returned from Cloudwatch API query. + - name: vpc + type: group + description: > + `vpc` contains the metrics from Cloudwatch to track usage of VPC related resources. + release: beta + fields: diff --git a/dev/packages/beats/azure-0.0.1/dataset/compute_vm/fields/fields.yml b/dev/packages/beats/azure-0.0.1/dataset/compute_vm/fields/fields.yml new file mode 100644 index 000000000..6e223643c --- /dev/null +++ b/dev/packages/beats/azure-0.0.1/dataset/compute_vm/fields/fields.yml @@ -0,0 +1,58 @@ +- key: azure + title: "azure" + description: > + azure module + release: beta + fields: + - name: azure + type: group + description: > + fields: + - name: timegrain + type: keyword + description: > + The Azure metric timegrain + - name: resource + type: group + description: > + The resource specified + fields: + - name: name + type: keyword + description: > + The name of the resource + - name: type + type: keyword + description: > + The type of the resource + - name: group + type: keyword + description: > + The resource group + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure resource tags. + - name: namespace + type: keyword + description: > + The namespace selected + - name: subscription_id + type: keyword + description: > + The subscription ID + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure metric dimensions. + - name: compute_vm.*.* + release: beta + type: object + object_type: float + object_type_mapping_type: "*" + description: > + compute_vm diff --git a/dev/packages/beats/azure-0.0.1/dataset/compute_vm_scaleset/fields/fields.yml b/dev/packages/beats/azure-0.0.1/dataset/compute_vm_scaleset/fields/fields.yml new file mode 100644 index 000000000..6cd5e5f5f --- /dev/null +++ b/dev/packages/beats/azure-0.0.1/dataset/compute_vm_scaleset/fields/fields.yml @@ -0,0 +1,59 @@ +- key: azure + title: "azure" + description: > + azure module + release: beta + fields: + - name: azure + type: group + description: > + fields: + - name: timegrain + type: keyword + description: > + The Azure metric timegrain + - name: resource + type: group + description: > + The resource specified + fields: + - name: name + type: keyword + description: > + The name of the resource + - name: type + type: keyword + description: > + The type of the resource + - name: group + type: keyword + description: > + The resource group + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure resource tags. + - name: namespace + type: keyword + description: > + The namespace selected + - name: subscription_id + type: keyword + description: > + The subscription ID + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure metric dimensions. + - name: compute_vm_scaleset.*.* + release: beta + type: object + object_type: float + object_type_mapping_type: "*" + description: > + compute_vm_scaleset + diff --git a/dev/packages/beats/azure-0.0.1/dataset/container_instance/fields/fields.yml b/dev/packages/beats/azure-0.0.1/dataset/container_instance/fields/fields.yml new file mode 100644 index 000000000..7d5f45372 --- /dev/null +++ b/dev/packages/beats/azure-0.0.1/dataset/container_instance/fields/fields.yml @@ -0,0 +1,58 @@ +- key: azure + title: "azure" + description: > + azure module + release: beta + fields: + - name: azure + type: group + description: > + fields: + - name: timegrain + type: keyword + description: > + The Azure metric timegrain + - name: resource + type: group + description: > + The resource specified + fields: + - name: name + type: keyword + description: > + The name of the resource + - name: type + type: keyword + description: > + The type of the resource + - name: group + type: keyword + description: > + The resource group + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure resource tags. + - name: namespace + type: keyword + description: > + The namespace selected + - name: subscription_id + type: keyword + description: > + The subscription ID + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure metric dimensions. + - name: container_instance.*.* + release: beta + type: object + object_type: float + object_type_mapping_type: "*" + description: > + container instance diff --git a/dev/packages/beats/azure-0.0.1/dataset/container_registry/fields/fields.yml b/dev/packages/beats/azure-0.0.1/dataset/container_registry/fields/fields.yml new file mode 100644 index 000000000..e5be990b5 --- /dev/null +++ b/dev/packages/beats/azure-0.0.1/dataset/container_registry/fields/fields.yml @@ -0,0 +1,58 @@ +- key: azure + title: "azure" + description: > + azure module + release: beta + fields: + - name: azure + type: group + description: > + fields: + - name: timegrain + type: keyword + description: > + The Azure metric timegrain + - name: resource + type: group + description: > + The resource specified + fields: + - name: name + type: keyword + description: > + The name of the resource + - name: type + type: keyword + description: > + The type of the resource + - name: group + type: keyword + description: > + The resource group + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure resource tags. + - name: namespace + type: keyword + description: > + The namespace selected + - name: subscription_id + type: keyword + description: > + The subscription ID + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure metric dimensions. + - name: container_registry.*.* + release: beta + type: object + object_type: float + object_type_mapping_type: "*" + description: > + container registry diff --git a/dev/packages/beats/azure-0.0.1/dataset/container_service/fields/fields.yml b/dev/packages/beats/azure-0.0.1/dataset/container_service/fields/fields.yml new file mode 100644 index 000000000..35331f258 --- /dev/null +++ b/dev/packages/beats/azure-0.0.1/dataset/container_service/fields/fields.yml @@ -0,0 +1,58 @@ +- key: azure + title: "azure" + description: > + azure module + release: beta + fields: + - name: azure + type: group + description: > + fields: + - name: timegrain + type: keyword + description: > + The Azure metric timegrain + - name: resource + type: group + description: > + The resource specified + fields: + - name: name + type: keyword + description: > + The name of the resource + - name: type + type: keyword + description: > + The type of the resource + - name: group + type: keyword + description: > + The resource group + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure resource tags. + - name: namespace + type: keyword + description: > + The namespace selected + - name: subscription_id + type: keyword + description: > + The subscription ID + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure metric dimensions. + - name: container_service.*.* + release: beta + type: object + object_type: float + object_type_mapping_type: "*" + description: > + container service diff --git a/dev/packages/beats/azure-0.0.1/dataset/database_account/fields/fields.yml b/dev/packages/beats/azure-0.0.1/dataset/database_account/fields/fields.yml new file mode 100644 index 000000000..3dc5e22d4 --- /dev/null +++ b/dev/packages/beats/azure-0.0.1/dataset/database_account/fields/fields.yml @@ -0,0 +1,58 @@ +- key: azure + title: "azure" + description: > + azure module + release: beta + fields: + - name: azure + type: group + description: > + fields: + - name: timegrain + type: keyword + description: > + The Azure metric timegrain + - name: resource + type: group + description: > + The resource specified + fields: + - name: name + type: keyword + description: > + The name of the resource + - name: type + type: keyword + description: > + The type of the resource + - name: group + type: keyword + description: > + The resource group + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure resource tags. + - name: namespace + type: keyword + description: > + The namespace selected + - name: subscription_id + type: keyword + description: > + The subscription ID + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure metric dimensions. + - name: database_account.*.* + release: beta + type: object + object_type: float + object_type_mapping_type: "*" + description: > + database account diff --git a/dev/packages/beats/azure-0.0.1/dataset/monitor/fields/fields.yml b/dev/packages/beats/azure-0.0.1/dataset/monitor/fields/fields.yml new file mode 100644 index 000000000..7bed6bda8 --- /dev/null +++ b/dev/packages/beats/azure-0.0.1/dataset/monitor/fields/fields.yml @@ -0,0 +1,64 @@ +- key: azure + title: "azure" + description: > + azure module + release: beta + fields: + - name: azure + type: group + description: > + fields: + - name: timegrain + type: keyword + description: > + The Azure metric timegrain + - name: resource + type: group + description: > + The resource specified + fields: + - name: name + type: keyword + description: > + The name of the resource + - name: type + type: keyword + description: > + The type of the resource + - name: group + type: keyword + description: > + The resource group + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure resource tags. + - name: namespace + type: keyword + description: > + The namespace selected + - name: subscription_id + type: keyword + description: > + The subscription ID + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure metric dimensions. + - name: monitor + type: group + release: beta + description: > + monitor + fields: + - name: metrics.*.* + type: object + object_type: float + object_type_mapping_type: "*" + description: > + Metrics returned. + diff --git a/dev/packages/beats/azure-0.0.1/dataset/storage/fields/fields.yml b/dev/packages/beats/azure-0.0.1/dataset/storage/fields/fields.yml new file mode 100644 index 000000000..39b55c0cd --- /dev/null +++ b/dev/packages/beats/azure-0.0.1/dataset/storage/fields/fields.yml @@ -0,0 +1,58 @@ +- key: azure + title: "azure" + description: > + azure module + release: beta + fields: + - name: azure + type: group + description: > + fields: + - name: timegrain + type: keyword + description: > + The Azure metric timegrain + - name: resource + type: group + description: > + The resource specified + fields: + - name: name + type: keyword + description: > + The name of the resource + - name: type + type: keyword + description: > + The type of the resource + - name: group + type: keyword + description: > + The resource group + - name: tags.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure resource tags. + - name: namespace + type: keyword + description: > + The namespace selected + - name: subscription_id + type: keyword + description: > + The subscription ID + - name: dimensions.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Azure metric dimensions. + - name: storage.*.* + release: beta + type: object + object_type: float + object_type_mapping_type: "*" + description: > + storage account diff --git a/dev/packages/beats/beat-0.0.1/dataset/state/fields/fields.yml b/dev/packages/beats/beat-0.0.1/dataset/state/fields/fields.yml new file mode 100644 index 000000000..1062d3ed1 --- /dev/null +++ b/dev/packages/beats/beat-0.0.1/dataset/state/fields/fields.yml @@ -0,0 +1,42 @@ +- key: beat + title: "Beat" + description: > + Beat module + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: beat + type: group + description: > + fields: + - name: id + type: keyword + description: > + Beat ID. + - name: type + type: keyword + description: > + Beat type. + - name: state + type: group + description: > + Beat state + release: ga + fields: + - name: management.enabled + type: boolean + description: > + Is central management enabled? + - name: module.count + type: integer + description: > + Number of modules enabled + - name: output.name + type: keyword + description: > + Name of output used by Beat + - name: queue.name + type: keyword + description: > + Name of queue being used by Beat diff --git a/dev/packages/beats/beat-0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/beat-0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 000000000..daff1035e --- /dev/null +++ b/dev/packages/beats/beat-0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,115 @@ +- key: beat + title: "Beat" + description: > + Beat module + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: beat + type: group + description: > + fields: + - name: id + type: keyword + description: > + Beat ID. + - name: type + type: keyword + description: > + Beat type. + - name: stats + type: group + description: > + Beat stats + release: ga + fields: + - name: uptime.ms + type: long + description: > + Beat uptime + - name: runtime.goroutines + type: long + description: > + Number of goroutines running in Beat + - name: libbeat + type: group + description: > + Fields common to all Beats + fields: + - name: output + type: group + description: > + Output stats + fields: + - name: type + type: keyword + description: > + Type of output + - name: events + type: group + description: > + Event counters + fields: + - name: acked + type: long + description: > + Number of events acknowledged + - name: active + type: long + description: > + Number of active events + - name: batches + type: long + description: > + Number of event batches + - name: dropped + type: long + description: > + Number of events dropped + - name: duplicates + type: long + description: > + Number of events duplicated + - name: failed + type: long + description: > + Number of events failed + - name: toomany + type: long + description: > + Number of too many events + - name: total + type: long + description: > + Total number of events + - name: read + type: group + description: > + Read stats + fields: + - name: bytes + type: long + description: > + Number of bytes read + - name: errors + type: long + description: > + Number of read errors + - name: write + type: group + description: > + Write stats + fields: + - name: bytes + type: long + description: > + Number of bytes written + - name: errors + type: long + description: > + Number of write errors + + + + diff --git a/dev/packages/beats/ceph-0.0.1/dataset/cluster_disk/fields/fields.yml b/dev/packages/beats/ceph-0.0.1/dataset/cluster_disk/fields/fields.yml new file mode 100644 index 000000000..77b0c1d02 --- /dev/null +++ b/dev/packages/beats/ceph-0.0.1/dataset/cluster_disk/fields/fields.yml @@ -0,0 +1,34 @@ +- key: ceph + title: "Ceph" + description: > + Ceph module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: ceph + type: group + description: > + `ceph` contains the metrics that were scraped from CEPH. + fields: + - name: cluster_disk + type: group + description: > + cluster_disk + release: ga + fields: + - name: available.bytes + type: long + description: > + Available bytes of the cluster + format: bytes + - name: total.bytes + type: long + description: > + Total bytes of the cluster + format: bytes + - name: used.bytes + type: long + description: > + Used bytes of the cluster + format: bytes diff --git a/dev/packages/beats/ceph-0.0.1/dataset/cluster_health/fields/fields.yml b/dev/packages/beats/ceph-0.0.1/dataset/cluster_health/fields/fields.yml new file mode 100644 index 000000000..c249a6ee0 --- /dev/null +++ b/dev/packages/beats/ceph-0.0.1/dataset/cluster_health/fields/fields.yml @@ -0,0 +1,35 @@ +- key: ceph + title: "Ceph" + description: > + Ceph module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: ceph + type: group + description: > + `ceph` contains the metrics that were scraped from CEPH. + fields: + - name: cluster_health + type: group + description: > + cluster_health + release: ga + fields: + - name: overall_status + type: keyword + description: > + Overall status of the cluster + - name: timechecks.epoch + type: long + description: > + Map version + - name: timechecks.round.value + type: long + description: > + timecheck round + - name: timechecks.round.status + type: keyword + description: > + Status of the round diff --git a/dev/packages/beats/ceph-0.0.1/dataset/cluster_status/fields/fields.yml b/dev/packages/beats/ceph-0.0.1/dataset/cluster_status/fields/fields.yml new file mode 100644 index 000000000..48e69bfc3 --- /dev/null +++ b/dev/packages/beats/ceph-0.0.1/dataset/cluster_status/fields/fields.yml @@ -0,0 +1,127 @@ +- key: ceph + title: "Ceph" + description: > + Ceph module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: ceph + type: group + description: > + `ceph` contains the metrics that were scraped from CEPH. + fields: + - name: cluster_status + type: group + release: ga + description: > + cluster_status + fields: + - name: version + type: long + description: > + Ceph Status version + - name: traffic.read_bytes + type: long + format: bytes + description: > + Cluster read throughput per second + - name: traffic.write_bytes + type: long + format: bytes + description: > + Cluster write throughput per second + - name: traffic.read_op_per_sec + type: long + description: > + Cluster read iops per second + - name: traffic.write_op_per_sec + type: long + description: > + Cluster write iops per second + - name: misplace.total + type: long + description: > + Cluster misplace pg number + - name: misplace.objects + type: long + description: > + Cluster misplace objects number + - name: misplace.ratio + type: scaled_float + format: percent + description: > + Cluster misplace ratio + - name: degraded.total + type: long + description: > + Cluster degraded pg number + - name: degraded.objects + type: long + description: > + Cluster degraded objects number + - name: degraded.ratio + type: scaled_float + format: percent + description: > + Cluster degraded ratio + - name: pg.data_bytes + type: long + format: bytes + description: > + Cluster pg data bytes + - name: pg.avail_bytes + type: long + format: bytes + description: > + Cluster available bytes + - name: pg.total_bytes + type: long + format: bytes + description: > + Cluster total bytes + - name: pg.used_bytes + type: long + format: bytes + description: > + Cluster used bytes + - name: pg_state.state_name + type: long + description: > + Pg state description + - name: pg_state.count + type: long + description: > + Shows how many pgs are in state of pg_state.state_name + - name: pg_state.version + type: long + description: > + Cluster status version + - name: osd.full + type: boolean + description: > + Is osd full + - name: osd.nearfull + type: boolean + description: > + Is osd near full + - name: osd.num_osds + type: long + description: > + Shows how many osds in the cluster + - name: osd.num_up_osds + type: long + description: > + Shows how many osds are on the state of UP + - name: osd.num_in_osds + type: long + description: > + Shows how many osds are on the state of IN + - name: osd.num_remapped_pgs + type: long + description: > + Shows how many osds are on the state of REMAPPED + - name: osd.epoch + type: long + description: > + epoch number diff --git a/dev/packages/beats/ceph-0.0.1/dataset/mgr_cluster_disk/fields/fields.yml b/dev/packages/beats/ceph-0.0.1/dataset/mgr_cluster_disk/fields/fields.yml new file mode 100644 index 000000000..3f8a28936 --- /dev/null +++ b/dev/packages/beats/ceph-0.0.1/dataset/mgr_cluster_disk/fields/fields.yml @@ -0,0 +1,19 @@ +- key: ceph + title: "Ceph" + description: > + Ceph module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: ceph + type: group + description: > + `ceph` contains the metrics that were scraped from CEPH. + fields: + - name: mgr_cluster_disk + type: group + description: > + see: cluster_disk + release: beta + fields: diff --git a/dev/packages/beats/ceph-0.0.1/dataset/mgr_cluster_health/fields/fields.yml b/dev/packages/beats/ceph-0.0.1/dataset/mgr_cluster_health/fields/fields.yml new file mode 100644 index 000000000..c91a5fc7d --- /dev/null +++ b/dev/packages/beats/ceph-0.0.1/dataset/mgr_cluster_health/fields/fields.yml @@ -0,0 +1,19 @@ +- key: ceph + title: "Ceph" + description: > + Ceph module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: ceph + type: group + description: > + `ceph` contains the metrics that were scraped from CEPH. + fields: + - name: mgr_cluster_health + type: group + description: > + see: cluster_health + release: beta + fields: diff --git a/dev/packages/beats/ceph-0.0.1/dataset/mgr_osd_perf/fields/fields.yml b/dev/packages/beats/ceph-0.0.1/dataset/mgr_osd_perf/fields/fields.yml new file mode 100644 index 000000000..27e085148 --- /dev/null +++ b/dev/packages/beats/ceph-0.0.1/dataset/mgr_osd_perf/fields/fields.yml @@ -0,0 +1,34 @@ +- key: ceph + title: "Ceph" + description: > + Ceph module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: ceph + type: group + description: > + `ceph` contains the metrics that were scraped from CEPH. + fields: + - name: mgr_osd_perf + type: group + description: > + OSD performance metrics of Ceph cluster + release: beta + fields: + - name: id + type: long + description: OSD ID + - name: stats.commit_latency_ms + type: long + description: Commit latency in ms + - name: stats.apply_latency_ms + type: long + description: Apply latency in ms + - name: stats.commit_latency_ns + type: long + description: Commit latency in ns + - name: stats.apply_latency_ns + type: long + description: Apply latency in ns diff --git a/dev/packages/beats/ceph-0.0.1/dataset/mgr_osd_pool_stats/fields/fields.yml b/dev/packages/beats/ceph-0.0.1/dataset/mgr_osd_pool_stats/fields/fields.yml new file mode 100644 index 000000000..3d53e0932 --- /dev/null +++ b/dev/packages/beats/ceph-0.0.1/dataset/mgr_osd_pool_stats/fields/fields.yml @@ -0,0 +1,41 @@ +- key: ceph + title: "Ceph" + description: > + Ceph module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: ceph + type: group + description: > + `ceph` contains the metrics that were scraped from CEPH. + fields: + - name: mgr_osd_pool_stats + type: group + description: > + OSD pool stats of Ceph cluster + release: beta + fields: + - name: pool_name + type: keyword + description: Pool name + - name: pool_id + type: long + description: Pool ID + - name: client_io_rate + type: object + description: Client I/O rates + fields: + - name: read_bytes_sec + type: long + keyword: Bytes read per second + - name: write_bytes_sec + type: long + keyword: Bytes written per second + - name: read_op_per_sec + type: long + keyword: Read operations per second + - name: write_op_per_sec + type: long + keyword: Write operations per second diff --git a/dev/packages/beats/ceph-0.0.1/dataset/mgr_osd_tree/fields/fields.yml b/dev/packages/beats/ceph-0.0.1/dataset/mgr_osd_tree/fields/fields.yml new file mode 100644 index 000000000..b7522e7cb --- /dev/null +++ b/dev/packages/beats/ceph-0.0.1/dataset/mgr_osd_tree/fields/fields.yml @@ -0,0 +1,19 @@ +- key: ceph + title: "Ceph" + description: > + Ceph module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: ceph + type: group + description: > + `ceph` contains the metrics that were scraped from CEPH. + fields: + - name: mgr_osd_tree + type: group + description: > + see: osd_tree + release: beta + fields: diff --git a/dev/packages/beats/ceph-0.0.1/dataset/mgr_pool_disk/fields/fields.yml b/dev/packages/beats/ceph-0.0.1/dataset/mgr_pool_disk/fields/fields.yml new file mode 100644 index 000000000..9a277e4f9 --- /dev/null +++ b/dev/packages/beats/ceph-0.0.1/dataset/mgr_pool_disk/fields/fields.yml @@ -0,0 +1,19 @@ +- key: ceph + title: "Ceph" + description: > + Ceph module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: ceph + type: group + description: > + `ceph` contains the metrics that were scraped from CEPH. + fields: + - name: mgr_pool_disk + type: group + description: > + see: pool_disk + release: beta + fields: diff --git a/dev/packages/beats/ceph-0.0.1/dataset/monitor_health/fields/fields.yml b/dev/packages/beats/ceph-0.0.1/dataset/monitor_health/fields/fields.yml new file mode 100644 index 000000000..f97a85dec --- /dev/null +++ b/dev/packages/beats/ceph-0.0.1/dataset/monitor_health/fields/fields.yml @@ -0,0 +1,71 @@ +- key: ceph + title: "Ceph" + description: > + Ceph module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: ceph + type: group + description: > + `ceph` contains the metrics that were scraped from CEPH. + fields: + - name: monitor_health + type: group + release: ga + description: > + monitor_health stats data + fields: + - name: available.pct + type: long + description: > + Available percent of the MON + - name: health + type: keyword + description: > + Health of the MON + - name: available.kb + type: long + description: > + Available KB of the MON + - name: total.kb + type: long + description: > + Total KB of the MON + - name: used.kb + type: long + description: > + Used KB of the MON + - name: last_updated + type: date + description: > + Time when was updated + - name: name + type: keyword + description: > + Name of the MON + - name: store_stats.log.bytes + type: long + description: > + Log bytes of MON + format: bytes + - name: store_stats.misc.bytes + type: long + description: > + Misc bytes of MON + format: bytes + - name: store_stats.sst.bytes + type: long + description: > + SST bytes of MON + format: bytes + - name: store_stats.total.bytes + type: long + description: > + Total bytes of MON + format: bytes + - name: store_stats.last_updated + type: long + description: > + Last updated diff --git a/dev/packages/beats/ceph-0.0.1/dataset/osd_df/fields/fields.yml b/dev/packages/beats/ceph-0.0.1/dataset/osd_df/fields/fields.yml new file mode 100644 index 000000000..1759d7a77 --- /dev/null +++ b/dev/packages/beats/ceph-0.0.1/dataset/osd_df/fields/fields.yml @@ -0,0 +1,55 @@ +- key: ceph + title: "Ceph" + description: > + Ceph module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: ceph + type: group + description: > + `ceph` contains the metrics that were scraped from CEPH. + fields: + - name: osd_df + type: group + release: ga + description: > + ceph osd disk usage information + fields: + - name: id + type: long + description: > + osd node id + - name: name + type: keyword + description: > + osd node name + - name: device_class + type: keyword + description: > + osd node type, illegal type include hdd, ssd etc. + - name: total.byte + type: long + format: bytes + description: > + osd disk total volume + - name: used.byte + type: long + format: bytes + description: > + osd disk usage volume + - name: available.bytes + type: long + format: bytes + description: > + osd disk available volume + - name: pg_num + type: long + description: > + shows how many pg located on this osd + - name: used.pct + type: scaled_float + format: percent + description: > + osd disk usage percentage diff --git a/dev/packages/beats/ceph-0.0.1/dataset/osd_tree/fields/fields.yml b/dev/packages/beats/ceph-0.0.1/dataset/osd_tree/fields/fields.yml new file mode 100644 index 000000000..33a1cb222 --- /dev/null +++ b/dev/packages/beats/ceph-0.0.1/dataset/osd_tree/fields/fields.yml @@ -0,0 +1,71 @@ +- key: ceph + title: "Ceph" + description: > + Ceph module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: ceph + type: group + description: > + `ceph` contains the metrics that were scraped from CEPH. + fields: + - name: osd_tree + type: group + description: > + ceph osd tree info + release: ga + fields: + - name: id + type: long + description: > + osd or bucket node id + - name: name + type: keyword + description: > + osd or bucket node name + - name: type + type: keyword + description: > + osd or bucket node type, illegal type include osd, host, root etc. + - name: type_id + type: long + description: > + osd or bucket node typeID + - name: children + type: keyword + description: > + bucket children list, separated by comma. + - name: crush_weight + type: float + description: > + osd node crush weight + - name: depth + type: long + description: > + node depth + - name: exists + type: boolean + description: > + is node still exist or not(1-yes, 0-no) + - name: primary_affinity + type: float + description: > + the weight of reading data from primary osd + - name: reweight + type: long + description: > + the reweight of osd + - name: status + type: keyword + description: > + status of osd, it should be up or down + - name: device_class + type: keyword + description: > + the device class of osd, like hdd, ssd etc. + - name: father + type: keyword + description: > + the parent node of this osd or bucket node diff --git a/dev/packages/beats/ceph-0.0.1/dataset/pool_disk/fields/fields.yml b/dev/packages/beats/ceph-0.0.1/dataset/pool_disk/fields/fields.yml new file mode 100644 index 000000000..0d0bc045c --- /dev/null +++ b/dev/packages/beats/ceph-0.0.1/dataset/pool_disk/fields/fields.yml @@ -0,0 +1,45 @@ +- key: ceph + title: "Ceph" + description: > + Ceph module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: ceph + type: group + description: > + `ceph` contains the metrics that were scraped from CEPH. + fields: + - name: pool_disk + type: group + description: > + pool_disk + release: ga + fields: + - name: id + type: long + description: > + Id of the pool + - name: name + type: keyword + description: > + Name of the pool + - name: stats.available.bytes + type: long + description: > + Available bytes of the pool + format: bytes + - name: stats.objects + type: long + description: > + Number of objects of the pool + - name: stats.used.bytes + type: long + description: > + Used bytes of the pool + format: bytes + - name: stats.used.kb + type: long + description: > + Used kb of the pool diff --git a/dev/packages/beats/cisco-0.0.1/dataset/asa/fields/fields.yml b/dev/packages/beats/cisco-0.0.1/dataset/asa/fields/fields.yml new file mode 100644 index 000000000..9c64d5015 --- /dev/null +++ b/dev/packages/beats/cisco-0.0.1/dataset/asa/fields/fields.yml @@ -0,0 +1,97 @@ +- key: cisco + title: Cisco + description: > + Module for handling Cisco network device logs. + fields: + - name: cisco + type: group + description: > + Fields from Cisco logs. + fields: + - name: asa + type: group + description: > + Fields for Cisco ASA Firewall. + fields: + - name: message_id + type: keyword + description: > + The Cisco ASA message identifier. + + - name: suffix + type: keyword + example: session + description: > + Optional suffix after %ASA identifier. + + - name: source_interface + type: keyword + description: > + Source interface for the flow or event. + + - name: destination_interface + type: keyword + description: > + Destination interface for the flow or event. + + - name: rule_name + type: keyword + description: > + Name of the Access Control List rule that matched this event. + + - name: source_username + type: keyword + description: > + Name of the user that is the source for this event. + + - name: destination_username + type: keyword + description: > + Name of the user that is the destination for this event. + + - name: mapped_source_ip + type: ip + description: > + The translated source IP address. + + - name: mapped_source_port + type: long + description: > + The translated source port. + + - name: mapped_destination_ip + type: ip + description: > + The translated destination IP address. + + - name: mapped_destination_port + type: long + description: > + The translated destination port. + + - name: threat_level + type: keyword + description: > + Threat level for malware / botnet traffic. One of very-low, low, + moderate, high or very-high. + + - name: threat_category + type: keyword + description: > + Category for the malware / botnet traffic. For example: virus, botnet, + trojan, etc. + + - name: connection_id + type: keyword + description: > + Unique identifier for a flow. + + - name: icmp_type + type: short + description: > + ICMP type. + + - name: icmp_code + type: short + description: > + ICMP code. diff --git a/dev/packages/beats/cisco-0.0.1/dataset/ftd/fields/fields.yml b/dev/packages/beats/cisco-0.0.1/dataset/ftd/fields/fields.yml new file mode 100644 index 000000000..d149fee82 --- /dev/null +++ b/dev/packages/beats/cisco-0.0.1/dataset/ftd/fields/fields.yml @@ -0,0 +1,102 @@ +- key: cisco + title: Cisco + description: > + Module for handling Cisco network device logs. + fields: + - name: cisco + type: group + description: > + Fields from Cisco logs. + fields: + - name: ftd + type: group + description: > + Fields for Cisco Firepower Threat Defense Firewall. + fields: + - name: message_id + type: keyword + description: > + The Cisco FTD message identifier. + + - name: suffix + type: keyword + example: session + description: > + Optional suffix after %FTD identifier. + + - name: source_interface + type: keyword + description: > + Source interface for the flow or event. + + - name: destination_interface + type: keyword + description: > + Destination interface for the flow or event. + + - name: rule_name + type: keyword + description: > + Name of the Access Control List rule that matched this event. + + - name: source_username + type: keyword + description: > + Name of the user that is the source for this event. + + - name: destination_username + type: keyword + description: > + Name of the user that is the destination for this event. + + - name: mapped_source_ip + type: ip + description: > + The translated source IP address. Use ECS source.nat.ip. + + - name: mapped_source_port + type: long + description: > + The translated source port. Use ECS source.nat.port. + + - name: mapped_destination_ip + type: ip + description: > + The translated destination IP address. Use ECS destination.nat.ip. + + - name: mapped_destination_port + type: long + description: > + The translated destination port. Use ECS destination.nat.port. + + - name: threat_level + type: keyword + description: > + Threat level for malware / botnet traffic. One of very-low, low, + moderate, high or very-high. + + - name: threat_category + type: keyword + description: > + Category for the malware / botnet traffic. For example: virus, botnet, + trojan, etc. + + - name: connection_id + type: keyword + description: > + Unique identifier for a flow. + + - name: icmp_type + type: short + description: > + ICMP type. + + - name: icmp_code + type: short + description: > + ICMP code. + + - name: security + type: object + description: + Raw fields for Security Events. diff --git a/dev/packages/beats/cisco-0.0.1/dataset/ios/fields/fields.yml b/dev/packages/beats/cisco-0.0.1/dataset/ios/fields/fields.yml new file mode 100644 index 000000000..3fb39af3d --- /dev/null +++ b/dev/packages/beats/cisco-0.0.1/dataset/ios/fields/fields.yml @@ -0,0 +1,28 @@ +- key: cisco + title: Cisco + description: > + Module for handling Cisco network device logs. + fields: + - name: cisco + type: group + description: > + Fields from Cisco logs. + fields: + - name: ios + type: group + description: > + Fields for Cisco IOS logs. + fields: + - name: access_list + type: keyword + description: > + Name of the IP access list. + + - name: facility + type: keyword + example: SEC + description: > + The facility to which the message refers (for example, SNMP, SYS, and so + forth). A facility can be a hardware device, a protocol, or a module of + the system software. It denotes the source or the cause of the system + message. diff --git a/dev/packages/beats/cloudfoundry-0.0.1/dataset/container/fields/fields.yml b/dev/packages/beats/cloudfoundry-0.0.1/dataset/container/fields/fields.yml new file mode 100644 index 000000000..ed109bd4b --- /dev/null +++ b/dev/packages/beats/cloudfoundry-0.0.1/dataset/container/fields/fields.yml @@ -0,0 +1,49 @@ +- key: cloudfoundry + title: "cloudfoundry" + description: > + Cloud Foundry module + release: experimental + fields: + - name: cloudfoundry + type: group + description: > + fields: + - name: app + type: group + description: > + The application the metric is associated with. + fields: + - name: id + type: keyword + description: > + The ID of the application. + - name: container + type: group + description: > + `container` contains container metrics from Cloud Foundry. + release: experimental + fields: + - name: instance_index + type: long + description: > + Index of the instance the metric belongs to. + - name: cpu.pct + type: float + description: > + CPU usage percentage. + - name: memory.bytes + type: long + description: > + Bytes of used memory. + - name: memory.quota.bytes + type: long + description: > + Bytes of available memory. + - name: disk.bytes + type: long + description: > + Bytes of used storage. + - name: disk.quota.bytes + type: long + description: > + Bytes of available storage. diff --git a/dev/packages/beats/cloudfoundry-0.0.1/dataset/counter/fields/fields.yml b/dev/packages/beats/cloudfoundry-0.0.1/dataset/counter/fields/fields.yml new file mode 100644 index 000000000..d902aa84b --- /dev/null +++ b/dev/packages/beats/cloudfoundry-0.0.1/dataset/counter/fields/fields.yml @@ -0,0 +1,37 @@ +- key: cloudfoundry + title: "cloudfoundry" + description: > + Cloud Foundry module + release: experimental + fields: + - name: cloudfoundry + type: group + description: > + fields: + - name: app + type: group + description: > + The application the metric is associated with. + fields: + - name: id + type: keyword + description: > + The ID of the application. + - name: counter + type: group + description: > + `counter` contains counter metrics from Cloud Foundry. + release: experimental + fields: + - name: name + type: keyword + description: > + The name of the counter. + - name: delta + type: long + description: > + The difference between the last time the counter event occurred. + - name: total + type: long + description: > + The total value for the counter. diff --git a/dev/packages/beats/cloudfoundry-0.0.1/dataset/value/fields/fields.yml b/dev/packages/beats/cloudfoundry-0.0.1/dataset/value/fields/fields.yml new file mode 100644 index 000000000..0ae379af6 --- /dev/null +++ b/dev/packages/beats/cloudfoundry-0.0.1/dataset/value/fields/fields.yml @@ -0,0 +1,37 @@ +- key: cloudfoundry + title: "cloudfoundry" + description: > + Cloud Foundry module + release: experimental + fields: + - name: cloudfoundry + type: group + description: > + fields: + - name: app + type: group + description: > + The application the metric is associated with. + fields: + - name: id + type: keyword + description: > + The ID of the application. + - name: value + type: group + description: > + `value` contains counter metrics from Cloud Foundry. + release: experimental + fields: + - name: name + type: keyword + description: > + The name of the value. + - name: unit + type: keyword + description: > + The unit of the value. + - name: value + type: float + description: > + The value of the value. diff --git a/dev/packages/beats/cockroachdb-0.0.1/dataset/status/fields/fields.yml b/dev/packages/beats/cockroachdb-0.0.1/dataset/status/fields/fields.yml new file mode 100644 index 000000000..378cb1f83 --- /dev/null +++ b/dev/packages/beats/cockroachdb-0.0.1/dataset/status/fields/fields.yml @@ -0,0 +1,11 @@ +- key: cockroachdb + title: 'CockroachDB' + release: beta + description: > + CockroachDB module + settings: ["ssl", "http"] + fields: + - name: cockroachdb + type: group + fields: + - release: beta diff --git a/dev/packages/beats/consul-0.0.1/dataset/agent/fields/fields.yml b/dev/packages/beats/consul-0.0.1/dataset/agent/fields/fields.yml new file mode 100644 index 000000000..ce997d2b5 --- /dev/null +++ b/dev/packages/beats/consul-0.0.1/dataset/agent/fields/fields.yml @@ -0,0 +1,69 @@ +- key: consul + title: "consul" + description: > + Consul module + release: beta + fields: + - name: consul + type: group + fields: + - name: agent + type: group + release: beta + description: > + Agent Metricset fetches metrics information from a Consul instance running as Agent + fields: + - name: autopilot + type: group + fields: + - name: healthy + type: boolean + description: Overall health of the local server cluster + - name: runtime + type: group + description: Runtime related metrics + fields: + - name: sys + type: group + fields: + - name: bytes + type: long + description: Number of bytes of memory obtained from the OS. + - name: malloc_count + type: long + description: Heap objects allocated + - name: heap_objects + type: long + description: Objects allocated on the heap and is a general memory pressure indicator. This may burst from time to time but should return to a steady state value. + - name: goroutines + type: long + description: Running goroutines and is a general load pressure indicator. This may burst from time to time but should return to a steady state value. + - name: alloc + type: group + fields: + - name: bytes + type: long + description: Bytes allocated by the Consul process. + - name: garbage_collector + type: group + description: Garbage collector metrics + fields: + - name: runs + type: long + description: Garbage collector total executions + - name: pause + type: group + description: Time that the garbage collector has paused the app + fields: + - name: current + type: group + fields: + - name: ns + type: long + description: Garbage collector pause time in nanoseconds + - name: total + type: group + fields: + - name: ns + type: long + description: Nanoseconds consumed by stop-the-world garbage collection pauses since Consul started. diff --git a/dev/packages/beats/coredns-0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/coredns-0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 000000000..d31154402 --- /dev/null +++ b/dev/packages/beats/coredns-0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,111 @@ +- key: coredns + title: "coredns" + description: > + coredns Module + release: ga + fields: + - name: coredns + type: group + description: > + `coredns` contains statistics that were read from coreDNS + fields: + - name: stats + type: group + description: > + Contains statistics related to the coreDNS service + release: ga + fields: + - name: panic.count + type: long + description: > + Total number of panics + - name: dns.request.count + type: long + description: > + Total query count + - name: dns.request.duration.ns.bucket.* + type: object + object_type: long + description: > + Request duration histogram buckets in nanoseconds + - name: dns.request.duration.ns.sum + type: long + format: duration + description: > + Requests duration, sum of durations in nanoseconds + - name: dns.request.duration.ns.count + type: long + description: > + Requests duration, number of requests + - name: dns.request.size.bytes.bucket.* + type: object + object_type: long + description: > + Request Size histogram buckets + - name: dns.request.size.bytes.sum + type: long + description: > + Request Size histogram sum + - name: dns.request.size.bytes.count + type: long + description: > + Request Size histogram count + - name: dns.request.do.count + type: long + description: > + Number of queries that have the DO bit set + - name: dns.request.type.count + type: long + description: > + Counter of queries per zone and type + - name: type + type: keyword + description: > + Holds the query type of the request + - name: dns.response.rcode.count + type: long + description: > + Counter of responses per zone and rcode + - name: rcode + type: keyword + description: > + Holds the rcode of the response + - name: family + type: keyword + description: > + The address family of the transport (1 = IP (IP version 4), 2 = IP6 (IP version 6)) + - name: dns.response.size.bytes.bucket.* + type: object + object_type: long + description: > + Response Size histogram buckets + - name: dns.response.size.bytes.sum + type: long + description: > + Response Size histogram sum + - name: dns.response.size.bytes.count + type: long + description: > + Response Size histogram count + - name: server + type: keyword + description: > + The server responsible for the request + - name: zone + type: keyword + description: > + The zonename used for the request/response + - name: proto + type: keyword + description: > + The transport of the response ("udp" or "tcp") + + + - name: dns.cache.hits.count + type: long + description: > + Cache hits count for the cache plugin + - name: dns.cache.misses.count + type: long + description: > + Cache misses count for the cache plugin diff --git a/dev/packages/beats/couchbase-0.0.1/dataset/bucket/fields/fields.yml b/dev/packages/beats/couchbase-0.0.1/dataset/bucket/fields/fields.yml new file mode 100644 index 000000000..6cf4a1ad3 --- /dev/null +++ b/dev/packages/beats/couchbase-0.0.1/dataset/bucket/fields/fields.yml @@ -0,0 +1,64 @@ +- key: couchbase + title: "Couchbase" + description: > + Metrics collected from Couchbase servers. + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: couchbase + type: group + description: > + `couchbase` contains the metrics that were scraped from Couchbase. + fields: + - name: bucket + type: group + description: > + Couchbase bucket metrics. + release: ga + fields: + - name: name + type: keyword + description: > + Name of the bucket. + - name: type + type: keyword + description: > + Type of the bucket. + - name: data.used.bytes + format: bytes + type: long + description: > + Size of user data within buckets of the specified state that are resident in RAM. + - name: disk.fetches + type: long + description: > + Number of disk fetches. + - name: disk.used.bytes + format: bytes + type: long + description: > + Amount of disk used (bytes). + - name: memory.used.bytes + format: bytes + type: long + description: > + Amount of memory used by the bucket (bytes). + - name: quota.ram.bytes + format: bytes + type: long + description: > + Amount of RAM used by the bucket (bytes). + - name: quota.use.pct + format: percent + type: scaled_float + description: > + Percentage of RAM used (for active objects) against the configured bucket size (%). + - name: ops_per_sec + type: long + description: > + Number of operations per second. + - name: item_count + type: long + description: > + Number of items associated with the bucket. diff --git a/dev/packages/beats/couchbase-0.0.1/dataset/cluster/fields/fields.yml b/dev/packages/beats/couchbase-0.0.1/dataset/cluster/fields/fields.yml new file mode 100644 index 000000000..6d47f2c08 --- /dev/null +++ b/dev/packages/beats/couchbase-0.0.1/dataset/cluster/fields/fields.yml @@ -0,0 +1,91 @@ +- key: couchbase + title: "Couchbase" + description: > + Metrics collected from Couchbase servers. + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: couchbase + type: group + description: > + `couchbase` contains the metrics that were scraped from Couchbase. + fields: + - name: cluster + type: group + description: > + Couchbase cluster metrics. + release: ga + fields: + - name: hdd.free.bytes + format: bytes + type: long + description: > + Free hard drive space in the cluster (bytes). + - name: hdd.quota.total.bytes + format: bytes + type: long + description: > + Hard drive quota total for the cluster (bytes). + - name: hdd.total.bytes + format: bytes + type: long + description: > + Total hard drive space available to the cluster (bytes). + - name: hdd.used.value.bytes + format: bytes + type: long + description: > + Hard drive space used by the cluster (bytes). + - name: hdd.used.by_data.bytes + format: bytes + type: long + description: > + Hard drive space used by the data in the cluster (bytes). + - name: max_bucket_count + type: long + description: > + Max bucket count setting. + - name: quota.index_memory.mb + type: long + description: > + Memory quota setting for the Index service (Mbyte). + - name: quota.memory.mb + type: long + description: > + Memory quota setting for the cluster (Mbyte). + - name: ram.quota.total.value.bytes + format: bytes + type: long + description: > + RAM quota total for the cluster (bytes). + - name: ram.quota.total.per_node.bytes + format: bytes + type: long + description: > + RAM quota used by the current node in the cluster (bytes). + - name: ram.quota.used.value.bytes + format: bytes + type: long + description: > + RAM quota used by the cluster (bytes). + - name: ram.quota.used.per_node.bytes + format: bytes + type: long + description: > + Ram quota used by the current node in the cluster (bytes) + - name: ram.total.bytes + format: bytes + type: long + description: > + Total RAM available to cluster (bytes). + - name: ram.used.value.bytes + format: bytes + type: long + description: > + RAM used by the cluster (bytes). + - name: ram.used.by_data.bytes + format: bytes + type: long + description: > + RAM used by the data in the cluster (bytes). diff --git a/dev/packages/beats/couchbase-0.0.1/dataset/node/fields/fields.yml b/dev/packages/beats/couchbase-0.0.1/dataset/node/fields/fields.yml new file mode 100644 index 000000000..eea6ea72e --- /dev/null +++ b/dev/packages/beats/couchbase-0.0.1/dataset/node/fields/fields.yml @@ -0,0 +1,114 @@ +- key: couchbase + title: "Couchbase" + description: > + Metrics collected from Couchbase servers. + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: couchbase + type: group + description: > + `couchbase` contains the metrics that were scraped from Couchbase. + fields: + - name: node + type: group + description: > + Couchbase node metrics. + release: ga + fields: + - name: cmd_get + type: long + description: > + Number of get commands + - name: couch.docs.disk_size.bytes + format: bytes + type: long + description: > + Amount of disk space used by Couch docs (bytes). + - name: couch.docs.data_size.bytes + format: bytes + type: long + description: > + Data size of Couch docs associated with a node (bytes). + - name: couch.spatial.data_size.bytes + type: long + description: > + Size of object data for spatial views (bytes). + - name: couch.spatial.disk_size.bytes + type: long + description: > + Amount of disk space used by spatial views (bytes). + - name: couch.views.disk_size.bytes + type: long + description: > + Amount of disk space used by Couch views (bytes). + - name: couch.views.data_size.bytes + type: long + description: > + Size of object data for Couch views (bytes). + - name: cpu_utilization_rate.pct + type: scaled_float + description: > + The CPU utilization rate (%). + - name: current_items.value + type: long + description: > + Number of current items. + - name: current_items.total + type: long + description: > + Total number of items associated with the node. + - name: ep_bg_fetched + type: long + description: > + Number of disk fetches performed since the server was started. + - name: get_hits + type: long + description: > + Number of get hits. + - name: hostname + type: keyword + description: > + The hostname of the node. + - name: mcd_memory.allocated.bytes + format: bytes + type: long + description: > + Amount of memcached memory allocated (bytes). + - name: mcd_memory.reserved.bytes + type: long + description: > + Amount of memcached memory reserved (bytes). + - name: memory.free.bytes + type: long + description: > + Amount of memory free for the node (bytes). + - name: memory.total.bytes + type: long + description: > + Total memory available to the node (bytes). + - name: memory.used.bytes + type: long + description: > + Memory used by the node (bytes). + - name: ops + type: long + description: > + Number of operations performed on Couchbase. + - name: swap.total.bytes + type: long + description: > + Total swap size allocated (bytes). + - name: swap.used.bytes + type: long + description: > + Amount of swap space used (bytes). + - name: uptime.sec + type: long + description: > + Time during which the node was in operation (sec). + - name: vb_replica_curr_items + type: long + description: > + Number of items/documents that are replicas. diff --git a/dev/packages/beats/couchdb-0.0.1/dataset/server/fields/fields.yml b/dev/packages/beats/couchdb-0.0.1/dataset/server/fields/fields.yml new file mode 100644 index 000000000..952fc816d --- /dev/null +++ b/dev/packages/beats/couchdb-0.0.1/dataset/server/fields/fields.yml @@ -0,0 +1,190 @@ +- key: couchdb + title: "couchdb" + description: > + couchdb module + release: ga + fields: + - name: couchdb + type: group + description: > + fields: + - name: server + type: group + description: > + Contains CouchDB server stats + release: ga + fields: + - name: httpd + type: group + description: > + HTTP statistics + fields: + - name: view_reads + type: long + description: > + Number of view reads + + - name: bulk_requests + type: long + description: > + Number of bulk requests + + - name: clients_requesting_changes + type: long + description: > + Number of clients for continuous _changes + + - name: temporary_view_reads + type: long + description: > + Number of temporary view reads + + - name: requests + type: long + description: > + Number of HTTP requests + + - name: httpd_request_methods + type: group + description: > + HTTP request methods + fields: + - name: COPY + type: long + description: > + Number of HTTP COPY requests + + - name: HEAD + type: long + description: > + Number of HTTP HEAD requests + + - name: POST + type: long + description: > + Number of HTTP POST requests + + - name: DELETE + type: long + description: > + Number of HTTP DELETE requests + + - name: GET + type: long + description: > + Number of HTTP GET requests + + - name: PUT + type: long + description: > + Number of HTTP PUT requests + + - name: httpd_status_codes + type: group + description: > + HTTP status codes statistics + fields: + - name: "200" + type: long + description: > + Number of HTTP 200 OK responses + + - name: "201" + type: long + description: > + Number of HTTP 201 Created responses + + - name: "202" + type: long + description: > + Number of HTTP 202 Accepted responses + + - name: "301" + type: long + description: > + Number of HTTP 301 Moved Permanently responses + + - name: "304" + type: long + description: > + Number of HTTP 304 Not Modified responses + + - name: "400" + type: long + description: > + Number of HTTP 400 Bad Request responses + + - name: "401" + type: long + description: > + Number of HTTP 401 Unauthorized responses + + - name: "403" + type: long + description: > + Number of HTTP 403 Forbidden responses + + - name: "404" + type: long + description: > + Number of HTTP 404 Not Found responses + + - name: "405" + type: long + description: > + Number of HTTP 405 Method Not Allowed responses + + - name: "409" + type: long + description: > + Number of HTTP 409 Conflict responses + + - name: "412" + type: long + description: > + Number of HTTP 412 Precondition Failed responses + + - name: "500" + type: long + description: > + Number of HTTP 500 Internal Server Error responses + + - name: couchdb + type: group + description: > + couchdb statistics + fields: + - name: database_writes + type: long + description: > + Number of times a database was changed + + - name: open_databases + type: long + description: > + Number of open databases + + - name: auth_cache_misses + type: long + description: > + Number of authentication cache misses + + - name: request_time + type: long + description: > + Length of a request inside CouchDB without MochiWeb + + - name: database_reads + type: long + description: > + Number of times a document was read from a database + + - name: auth_cache_hits + type: long + description: > + Number of authentication cache hits + + - name: open_os_files + type: long + description: > + Number of file descriptors CouchDB has open diff --git a/dev/packages/beats/docker-0.0.1/dataset/container/fields/fields.yml b/dev/packages/beats/docker-0.0.1/dataset/container/fields/fields.yml new file mode 100644 index 000000000..d2300bc16 --- /dev/null +++ b/dev/packages/beats/docker-0.0.1/dataset/container/fields/fields.yml @@ -0,0 +1,51 @@ +- key: docker + title: "Docker" + description: > + Docker stats collected from Docker. + release: ga + short_config: false + fields: + - name: docker + type: group + description: > + Information and statistics about docker's running containers. + fields: + - name: container + type: group + description: > + Docker container metrics. + release: ga + fields: + - name: command + type: keyword + description: > + Command that was executed in the Docker container. + - name: created + type: date + description: > + Date when the container was created. + - name: status + type: keyword + description: > + Container status. + - name: ip_addresses + type: ip + description: > + Container IP addresses. + - name: size + type: group + description: > + Container size metrics. + fields: + - name: root_fs + type: long + description: > + Total size of all the files in the container. + - name: rw + type: long + description: > + Size of the files that have been created or changed since creation. + - name: tags + type: keyword + description: > + Image tags. diff --git a/dev/packages/beats/docker-0.0.1/dataset/cpu/fields/fields.yml b/dev/packages/beats/docker-0.0.1/dataset/cpu/fields/fields.yml new file mode 100644 index 000000000..619a36bcd --- /dev/null +++ b/dev/packages/beats/docker-0.0.1/dataset/cpu/fields/fields.yml @@ -0,0 +1,87 @@ +- key: docker + title: "Docker" + description: > + Docker stats collected from Docker. + release: ga + short_config: false + fields: + - name: docker + type: group + description: > + Information and statistics about docker's running containers. + fields: + - name: cpu + type: group + description: > + Runtime CPU metrics. + release: ga + fields: + - name: kernel.pct + type: scaled_float + format: percent + description: > + Percentage of time in kernel space. + - name: kernel.norm.pct + type: scaled_float + format: percent + description: > + Percentage of time in kernel space normalized by the number of CPU cores. + - name: kernel.ticks + type: long + description: > + CPU ticks in kernel space. + - name: system.pct + type: scaled_float + format: percent + description: > + Percentage of total CPU time in the system. + - name: system.norm.pct + type: scaled_float + format: percent + description: > + Percentage of total CPU time in the system normalized by the number of CPU cores. + - name: system.ticks + type: long + description: > + CPU system ticks. + - name: user.pct + type: scaled_float + format: percent + description: > + Percentage of time in user space. + - name: user.norm.pct + type: scaled_float + format: percent + description: > + Percentage of time in user space normalized by the number of CPU cores. + - name: user.ticks + type: long + description: > + CPU ticks in user space. + - name: total.pct + type: scaled_float + format: percent + description: > + Total CPU usage. + - name: total.norm.pct + type: scaled_float + format: percent + description: > + Total CPU usage normalized by the number of CPU cores. + - name: core.*.pct + type: object + object_type: scaled_float + format: percent + description: > + Percentage of CPU time in this core. + - name: core.*.norm.pct + type: object + object_type: scaled_float + format: percent + description: > + Percentage of CPU time in this core, normalized by the number of CPU cores. + - name: core.*.ticks + type: object + object_type: long + description: > + Number of CPU ticks in this core. diff --git a/dev/packages/beats/docker-0.0.1/dataset/diskio/fields/fields.yml b/dev/packages/beats/docker-0.0.1/dataset/diskio/fields/fields.yml new file mode 100644 index 000000000..7966b9726 --- /dev/null +++ b/dev/packages/beats/docker-0.0.1/dataset/diskio/fields/fields.yml @@ -0,0 +1,87 @@ +- key: docker + title: "Docker" + description: > + Docker stats collected from Docker. + release: ga + short_config: false + fields: + - name: docker + type: group + description: > + Information and statistics about docker's running containers. + fields: + - name: diskio + type: group + description: > + Disk I/O metrics. + release: ga + fields: + - name: read + type: group + description: > + Accumulated reads during the life of the container + fields: + - name: ops + type: long + description: > + Number of reads during the life of the container + - name: bytes + type: long + format: bytes + description: > + Bytes read during the life of the container + - name: rate + type: long + description: > + Number of current reads per second + - name: reads + type: scaled_float + deprecated: 6.4 + description: > + Number of current reads per second + - name: write + type: group + description: > + Accumulated writes during the life of the container + fields: + - name: ops + type: long + description: > + Number of writes during the life of the container + - name: bytes + type: long + format: bytes + description: > + Bytes written during the life of the container + - name: rate + type: long + description: > + Number of current writes per second + - name: writes + type: scaled_float + deprecated: 6.4 + description: > + Number of current writes per second + - name: summary + type: group + description: > + Accumulated reads and writes during the life of the container + fields: + - name: ops + type: long + description: > + Number of I/O operations during the life of the container + - name: bytes + type: long + format: bytes + description: > + Bytes read and written during the life of the container + - name: rate + type: long + description: > + Number of current operations per second + - name: total + type: scaled_float + deprecated: 6.4 + description: > + Number of reads and writes per second diff --git a/dev/packages/beats/docker-0.0.1/dataset/event/fields/fields.yml b/dev/packages/beats/docker-0.0.1/dataset/event/fields/fields.yml new file mode 100644 index 000000000..15896d122 --- /dev/null +++ b/dev/packages/beats/docker-0.0.1/dataset/event/fields/fields.yml @@ -0,0 +1,52 @@ +- key: docker + title: "Docker" + description: > + Docker stats collected from Docker. + release: ga + short_config: false + fields: + - name: docker + type: group + description: > + Information and statistics about docker's running containers. + fields: + - name: event + type: group + description: > + Docker event + release: ga + fields: + - name: status + type: keyword + description: > + Event status + - name: id + type: keyword + description: > + Event id when available + - name: from + type: keyword + description: > + Event source + - name: type + type: keyword + description: > + The type of object emitting the event + - name: action + type: keyword + description: > + The type of event + - name: actor + type: group + description: > + Actor + fields: + - name: id + type: keyword + description: > + The ID of the object emitting the event + - name: attributes + type: object + object_type: keyword + description: > + Various key/value attributes of the object, depending on its type diff --git a/dev/packages/beats/docker-0.0.1/dataset/healthcheck/fields/fields.yml b/dev/packages/beats/docker-0.0.1/dataset/healthcheck/fields/fields.yml new file mode 100644 index 000000000..5cb145d24 --- /dev/null +++ b/dev/packages/beats/docker-0.0.1/dataset/healthcheck/fields/fields.yml @@ -0,0 +1,50 @@ +- key: docker + title: "Docker" + description: > + Docker stats collected from Docker. + release: ga + short_config: false + fields: + - name: docker + type: group + description: > + Information and statistics about docker's running containers. + fields: + - name: healthcheck + type: group + description: > + Docker healthcheck metrics. + + Healthcheck data will only be available from docker containers where the + docker `HEALTHCHECK` instruction has been used to build the docker image. + release: ga + fields: + - name: failingstreak + type: integer + description: > + concurent failed check + - name: status + type: keyword + description: > + Healthcheck status code + - name: event + type: group + description: > + event fields. + fields: + - name: end_date + type: date + description: > + Healthcheck end date + - name: start_date + type: date + description: > + Healthcheck start date + - name: output + type: keyword + description: > + Healthcheck output + - name: exit_code + type: integer + description: > + Healthcheck status code diff --git a/dev/packages/beats/docker-0.0.1/dataset/image/fields/fields.yml b/dev/packages/beats/docker-0.0.1/dataset/image/fields/fields.yml new file mode 100644 index 000000000..84b702a9f --- /dev/null +++ b/dev/packages/beats/docker-0.0.1/dataset/image/fields/fields.yml @@ -0,0 +1,59 @@ +- key: docker + title: "Docker" + description: > + Docker stats collected from Docker. + release: ga + short_config: false + fields: + - name: docker + type: group + description: > + Information and statistics about docker's running containers. + fields: + - name: image + type: group + description: > + Docker image metrics. + release: ga + fields: + - name: id + type: group + description: > + The image layers identifier. + fields: + - name: current + type: keyword + description: > + Unique image identifier given upon its creation. + - name: parent + type: keyword + description: > + Identifier of the image, if it exists, from which the current image directly descends. + - name: created + type: date + description: > + Date and time when the image was created. + - name: size + type: group + description: > + Image size layers. + fields: + - name: virtual + type: long + description: > + Size of the image. + - name: regular + type: long + description: > + Total size of the all cached images associated to the current image. + + - name: labels + type: object + object_type: keyword + description: > + Image labels. + + - name: tags + type: keyword + description: > + Image tags. diff --git a/dev/packages/beats/docker-0.0.1/dataset/info/fields/fields.yml b/dev/packages/beats/docker-0.0.1/dataset/info/fields/fields.yml new file mode 100644 index 000000000..a04632951 --- /dev/null +++ b/dev/packages/beats/docker-0.0.1/dataset/info/fields/fields.yml @@ -0,0 +1,48 @@ +- key: docker + title: "Docker" + description: > + Docker stats collected from Docker. + release: ga + short_config: false + fields: + - name: docker + type: group + description: > + Information and statistics about docker's running containers. + fields: + - name: info + type: group + description: > + Info metrics based on https://docs.docker.com/engine/reference/api/docker_remote_api_v1.24/#/display-system-wide-information. + release: ga + fields: + - name: containers + type: group + description: > + Overall container stats. + fields: + - name: paused + type: long + description: > + Total number of paused containers. + - name: running + type: long + description: > + Total number of running containers. + - name: stopped + type: long + description: > + Total number of stopped containers. + - name: total + type: long + description: > + Total number of existing containers. + - name: id + type: keyword + description: > + Unique Docker host identifier. + + - name: images + type: long + description: > + Total number of existing images. diff --git a/dev/packages/beats/docker-0.0.1/dataset/memory/fields/fields.yml b/dev/packages/beats/docker-0.0.1/dataset/memory/fields/fields.yml new file mode 100644 index 000000000..f240ef18f --- /dev/null +++ b/dev/packages/beats/docker-0.0.1/dataset/memory/fields/fields.yml @@ -0,0 +1,89 @@ +- key: docker + title: "Docker" + description: > + Docker stats collected from Docker. + release: ga + short_config: false + fields: + - name: docker + type: group + description: > + Information and statistics about docker's running containers. + fields: + - name: memory + type: group + description: > + Memory metrics. + release: ga + fields: + - name: stats.* + type: object + object_type: long + object_type_mapping_type: "*" + description: > + Raw memory stats from the cgroups memory.stat interface + - name: commit + type: group + description: > + Committed bytes on Windows + fields: + - name: total + type: long + format: bytes + description: > + Total bytes + - name: peak + type: long + format: bytes + description: > + Peak committed bytes on Windows + - name: private_working_set.total + type: long + format: bytes + description: > + private working sets on Windows + - name: fail.count + type: scaled_float + description: > + Fail counter. + - name: limit + type: long + format: bytes + description: > + Memory limit. + - name: rss + type: group + description: > + RSS memory stats. + fields: + - name: total + type: long + format: bytes + description: > + Total memory resident set size. + - name: pct + type: scaled_float + format: percent + description: > + Memory resident set size percentage. + - name: usage + type: group + description: > + Usage memory stats. + fields: + - name: max + type: long + format: bytes + description: > + Max memory usage. + - name: pct + type: scaled_float + format: percent + description: > + Memory usage percentage. + - name: total + type: long + format: bytes + description: > + Total memory usage. + diff --git a/dev/packages/beats/docker-0.0.1/dataset/network/fields/fields.yml b/dev/packages/beats/docker-0.0.1/dataset/network/fields/fields.yml new file mode 100644 index 000000000..e3edc4b95 --- /dev/null +++ b/dev/packages/beats/docker-0.0.1/dataset/network/fields/fields.yml @@ -0,0 +1,113 @@ +- key: docker + title: "Docker" + description: > + Docker stats collected from Docker. + release: ga + short_config: false + fields: + - name: docker + type: group + description: > + Information and statistics about docker's running containers. + fields: + - name: network + type: group + description: > + Network metrics. + release: ga + fields: + + - name: interface + type: keyword + description: > + Network interface name. + - name: in + type: group + deprecated: 6.4 + description: > + Incoming network stats per second. + fields: + - name: bytes + type: long + format: bytes + description: > + Total number of incoming bytes. + - name: dropped + type: scaled_float + description: > + Total number of dropped incoming packets. + - name: errors + type: long + description: > + Total errors on incoming packets. + - name: packets + type: long + description: > + Total number of incoming packets. + - name: out + type: group + deprecated: 6.4 + description: > + Outgoing network stats per second. + fields: + - name: bytes + type: long + format: bytes + description: > + Total number of outgoing bytes. + - name: dropped + type: scaled_float + description: > + Total number of dropped outgoing packets. + - name: errors + type: long + description: > + Total errors on outgoing packets. + - name: packets + type: long + description: > + Total number of outgoing packets. + - name: inbound + type: group + description: > + Incoming network stats since the container started. + fields: + - name: bytes + type: long + format: bytes + description: > + Total number of incoming bytes. + - name: dropped + type: long + description: > + Total number of dropped incoming packets. + - name: errors + type: long + description: > + Total errors on incoming packets. + - name: packets + type: long + description: > + Total number of incoming packets. + - name: outbound + type: group + description: > + Outgoing network stats since the container started. + fields: + - name: bytes + type: long + format: bytes + description: > + Total number of outgoing bytes. + - name: dropped + type: long + description: > + Total number of dropped outgoing packets. + - name: errors + type: long + description: > + Total errors on outgoing packets. + - name: packets + type: long + description: > + Total number of outgoing packets. diff --git a/dev/packages/beats/dropwizard-0.0.1/dataset/collector/fields/fields.yml b/dev/packages/beats/dropwizard-0.0.1/dataset/collector/fields/fields.yml new file mode 100644 index 000000000..05afae2d5 --- /dev/null +++ b/dev/packages/beats/dropwizard-0.0.1/dataset/collector/fields/fields.yml @@ -0,0 +1,13 @@ +- key: dropwizard + title: "Dropwizard" + description: > + Stats collected from Dropwizard. + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: dropwizard + type: group + description: > + fields: + - release: ga diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/ccr/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/ccr/fields/fields.yml new file mode 100644 index 000000000..4788d1e4c --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/ccr/fields/fields.yml @@ -0,0 +1,76 @@ +- key: elasticsearch + title: "Elasticsearch" + description: > + Elasticsearch module + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: cluster.name + type: keyword + description: > + Elasticsearch cluster name. + + - name: cluster.id + type: keyword + description: > + Elasticsearch cluster id. + + - name: cluster.state.id + type: keyword + description: > + Elasticsearch state id. + + - name: node.id + type: keyword + description: > + Node ID + + - name: node.name + type: keyword + description: > + Node name. + - name: ccr + type: group + description: > + Cross-cluster replication stats + release: ga + fields: + - name: leader + type: group + fields: + - name: index + type: keyword + description: > + Name of leader index + - name: max_seq_no + type: long + description: > + Maximum sequence number of operation on the leader shard + - name: follower + type: group + fields: + - name: index + type: keyword + description: > + Name of follower index + - name: shard.number + type: long + description: > + Number of the shard within the index + - name: operations_written + type: long + description: > + Number of operations indexed (replicated) into the follower shard from the leader shard + - name: time_since_last_read.ms + type: long + description: > + Time, in ms, since the follower last fetched from the leader + - name: global_checkpoint + type: long + description: > + Global checkpoint value on follower shard diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/cluster_stats/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/cluster_stats/fields/fields.yml new file mode 100644 index 000000000..b6273c3d6 --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/cluster_stats/fields/fields.yml @@ -0,0 +1,89 @@ +- key: elasticsearch + title: "Elasticsearch" + description: > + Elasticsearch module + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: cluster.name + type: keyword + description: > + Elasticsearch cluster name. + + - name: cluster.id + type: keyword + description: > + Elasticsearch cluster id. + + - name: cluster.state.id + type: keyword + description: > + Elasticsearch state id. + + - name: node.id + type: keyword + description: > + Node ID + + - name: node.name + type: keyword + description: > + Node name. + - name: cluster.stats + type: group + description: > + Cluster stats + release: ga + fields: + - name: status + type: keyword + description: > + Cluster status (green, yellow, red). + - name: nodes + type: group + description: > + Nodes statistics. + fields: + - name: count + type: long + description: > + Total number of nodes in cluster. + - name: master + type: long + description: > + Number of master-eligible nodes in cluster. + - name: data + type: long + description: > + Number of data nodes in cluster. + - name: indices + type: group + description: > + Indices statistics. + fields: + - name: count + type: long + description: > + Total number of indices in cluster. + - name: shards + type: group + description: > + Shard statistics. + fields: + - name: count + type: long + description: > + Total number of shards in cluster. + - name: primaries + type: long + description: > + Total number of primary shards in cluster. + - name: fielddata.memory.bytes + type: long + description: > + Memory used for fielddata. diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/enrich/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/enrich/fields/fields.yml new file mode 100644 index 000000000..4763aee54 --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/enrich/fields/fields.yml @@ -0,0 +1,61 @@ +- key: elasticsearch + title: "Elasticsearch" + description: > + Elasticsearch module + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: cluster.name + type: keyword + description: > + Elasticsearch cluster name. + + - name: cluster.id + type: keyword + description: > + Elasticsearch cluster id. + + - name: cluster.state.id + type: keyword + description: > + Elasticsearch state id. + + - name: node.id + type: keyword + description: > + Node ID + + - name: node.name + type: keyword + description: > + Node name. + - name: enrich + type: group + description: > + Enrich stats + release: ga + fields: + - name: queue.size + type: long + description: > + Number of search requests in the queue. + - name: remote_requests + type: group + fields: + - name: current + type: long + description: > + Current number of outstanding remote requests. + - name: total + type: long + description: > + Number of outstanding remote requests executed since node startup. + - name: executed_searches.total + type: long + description: > + Number of search requests that enrich processors have executed since node startup. diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/index/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/index/fields/fields.yml new file mode 100644 index 000000000..419227cbd --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/index/fields/fields.yml @@ -0,0 +1,72 @@ +- key: elasticsearch + title: "Elasticsearch" + description: > + Elasticsearch module + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: cluster.name + type: keyword + description: > + Elasticsearch cluster name. + + - name: cluster.id + type: keyword + description: > + Elasticsearch cluster id. + + - name: cluster.state.id + type: keyword + description: > + Elasticsearch state id. + + - name: node.id + type: keyword + description: > + Node ID + + - name: node.name + type: keyword + description: > + Node name. + - name: index + type: group + description: > + index + release: ga + fields: + - name: name + type: keyword + description: > + Index name. + - name: total + type: group + fields: + - name: docs.count + type: long + description: > + Total number of documents in the index. + - name: docs.deleted + type: long + description: > + Total number of deleted documents in the index. + - name: store.size.bytes + type: long + format: bytes + description: > + Total size of the index in bytes. + - name: segments.count + type: long + description: > + Total number of index segments. + - name: segments.memory.bytes + type: long + format: bytes + description: > + Total number of memory used by the segments in bytes. + diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/index_recovery/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/index_recovery/fields/fields.yml new file mode 100644 index 000000000..6434daa91 --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/index_recovery/fields/fields.yml @@ -0,0 +1,84 @@ +- key: elasticsearch + title: "Elasticsearch" + description: > + Elasticsearch module + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: cluster.name + type: keyword + description: > + Elasticsearch cluster name. + + - name: cluster.id + type: keyword + description: > + Elasticsearch cluster id. + + - name: cluster.state.id + type: keyword + description: > + Elasticsearch state id. + + - name: node.id + type: keyword + description: > + Node ID + + - name: node.name + type: keyword + description: > + Node name. + - name: index.recovery + type: group + description: > + index + release: ga + fields: + - name: id + type: long + description: > + Shard recovery id. + - name: type + type: keyword + description: > + Shard recovery type. + - name: primary + type: boolean + description: > + True if primary shard. + - name: stage + type: keyword + description: > + Recovery stage. + + - name: target.id + type: keyword + description: > + Target node id. + - name: target.host + type: keyword + description: > + Target node host address (could be IP address or hostname). + - name: target.name + type: keyword + description: > + Target node name. + + - name: source.id + type: keyword + description: > + Source node id. + - name: source.host + type: keyword + description: > + Source node host address (could be IP address or hostname). + - name: source.name + type: keyword + description: > + Source node name. diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/index_summary/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/index_summary/fields/fields.yml new file mode 100644 index 000000000..105815f2c --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/index_summary/fields/fields.yml @@ -0,0 +1,92 @@ +- key: elasticsearch + title: "Elasticsearch" + description: > + Elasticsearch module + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: cluster.name + type: keyword + description: > + Elasticsearch cluster name. + + - name: cluster.id + type: keyword + description: > + Elasticsearch cluster id. + + - name: cluster.state.id + type: keyword + description: > + Elasticsearch state id. + + - name: node.id + type: keyword + description: > + Node ID + + - name: node.name + type: keyword + description: > + Node name. + - name: index.summary + type: group + description: > + index + release: ga + fields: + - name: primaries + type: group + fields: + - name: docs.count + type: long + description: > + Total number of documents in the index. + - name: docs.deleted + type: long + description: > + Total number of deleted documents in the index. + - name: store.size.bytes + type: long + format: bytes + description: > + Total size of the index in bytes. + - name: segments.count + type: long + description: > + Total number of index segments. + - name: segments.memory.bytes + type: long + format: bytes + description: > + Total number of memory used by the segments in bytes. + - name: total + type: group + fields: + - name: docs.count + type: long + description: > + Total number of documents in the index. + - name: docs.deleted + type: long + description: > + Total number of deleted documents in the index. + - name: store.size.bytes + type: long + format: bytes + description: > + Total size of the index in bytes. + - name: segments.count + type: long + description: > + Total number of index segments. + - name: segments.memory.bytes + type: long + format: bytes + description: > + Total number of memory used by the segments in bytes. diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/ml_job/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/ml_job/fields/fields.yml new file mode 100644 index 000000000..0c2aa5df8 --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/ml_job/fields/fields.yml @@ -0,0 +1,60 @@ +- key: elasticsearch + title: "Elasticsearch" + description: > + Elasticsearch module + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: cluster.name + type: keyword + description: > + Elasticsearch cluster name. + + - name: cluster.id + type: keyword + description: > + Elasticsearch cluster id. + + - name: cluster.state.id + type: keyword + description: > + Elasticsearch state id. + + - name: node.id + type: keyword + description: > + Node ID + + - name: node.name + type: keyword + description: > + Node name. + - name: ml.job + type: group + description: > + ml + release: ga + fields: + - name: id + type: keyword + description: > + Unique ml job id. + - name: state + type: keyword + description: > + Job state. + - name: data_counts.processed_record_count + type: long + description: > + Processed data events. + - name: data_counts.invalid_date_count + type: long + description: > + The number of records with either a missing date field or a date that could not be parsed. + + diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/node/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/node/fields/fields.yml new file mode 100644 index 000000000..1086fcd5a --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/node/fields/fields.yml @@ -0,0 +1,79 @@ +- key: elasticsearch + title: "Elasticsearch" + description: > + Elasticsearch module + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: cluster.name + type: keyword + description: > + Elasticsearch cluster name. + + - name: cluster.id + type: keyword + description: > + Elasticsearch cluster id. + + - name: cluster.state.id + type: keyword + description: > + Elasticsearch state id. + + - name: node.id + type: keyword + description: > + Node ID + + - name: node.name + type: keyword + description: > + Node name. + - name: node + type: group + description: > + node + release: ga + fields: + - name: version + type: keyword + description: > + Node version. + - name: jvm + type: group + description: > + JVM Info. + fields: + - name: version + type: keyword + description: > + JVM version. + - name: memory.heap.init.bytes + type: long + format: bytes + description: > + Heap init used by the JVM in bytes. + - name: memory.heap.max.bytes + type: long + format: bytes + description: > + Heap max used by the JVM in bytes. + - name: memory.nonheap.init.bytes + type: long + format: bytes + description: > + Non-Heap init used by the JVM in bytes. + - name: memory.nonheap.max.bytes + type: long + format: bytes + description: > + Non-Heap max used by the JVM in bytes. + - name: process.mlockall + type: boolean + description: > + If process locked in memory. diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/node_stats/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/node_stats/fields/fields.yml new file mode 100644 index 000000000..64fab4955 --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/node_stats/fields/fields.yml @@ -0,0 +1,194 @@ +- key: elasticsearch + title: "Elasticsearch" + description: > + Elasticsearch module + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: cluster.name + type: keyword + description: > + Elasticsearch cluster name. + + - name: cluster.id + type: keyword + description: > + Elasticsearch cluster id. + + - name: cluster.state.id + type: keyword + description: > + Elasticsearch state id. + + - name: node.id + type: keyword + description: > + Node ID + + - name: node.name + type: keyword + description: > + Node name. + - name: node.stats + type: group + description: > + node_stats + release: ga + fields: + - name: indices + type: group + description: > + Node indices stats + fields: + - name: docs.count + type: long + description: > + Total number of existing documents. + - name: docs.deleted + type: long + description: > + Total number of deleted documents. + - name: segments.count + type: long + description: > + Total number of segments. + - name: segments.memory.bytes + type: long + format: bytes + description: > + Total size of segments in bytes. + - name: store.size.bytes + type: long + description: > + Total size of the store in bytes. + - name: jvm.mem.pools + type: group + description: > + JVM memory pool stats + fields: + - name: old + type: group + description: > + Old memory pool stats. + fields: + - name: max.bytes + type: long + format: bytes + description: + Max bytes. + - name: peak.bytes + type: long + format: bytes + description: + Peak bytes. + - name: peak_max.bytes + type: long + format: bytes + description: + Peak max bytes. + - name: used.bytes + type: long + format: bytes + description: + Used bytes. + - name: young + type: group + description: > + Young memory pool stats. + fields: + - name: max.bytes + type: long + format: bytes + description: + Max bytes. + - name: peak.bytes + type: long + format: bytes + description: + Peak bytes. + - name: peak_max.bytes + type: long + format: bytes + description: + Peak max bytes. + - name: used.bytes + type: long + format: bytes + description: + Used bytes. + - name: survivor + type: group + description: > + Survivor memory pool stats. + fields: + - name: max.bytes + type: long + format: bytes + description: + Max bytes. + - name: peak.bytes + type: long + format: bytes + description: + Peak bytes. + - name: peak_max.bytes + type: long + format: bytes + description: + Peak max bytes. + - name: used.bytes + type: long + format: bytes + description: + Used bytes. + + - name: jvm.gc.collectors + type: group + description: > + GC collector stats. + fields: + - name: old.collection + type: group + description: > + Old collection gc. + fields: + - name: count + type: long + description: > + - name: ms + type: long + description: > + - name: young.collection + type: group + description: > + Young collection gc. + fields: + - name: count + type: long + description: > + - name: ms + type: long + description: > + + - name: fs.summary + type: group + description: > + File system summary + fields: + - name: total.bytes + type: long + format: bytes + description: > + - name: free.bytes + type: long + format: bytes + description: > + - name: available.bytes + type: long + format: bytes + description: > diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/pending_tasks/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/pending_tasks/fields/fields.yml new file mode 100644 index 000000000..652463d50 --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/pending_tasks/fields/fields.yml @@ -0,0 +1,58 @@ +- key: elasticsearch + title: "Elasticsearch" + description: > + Elasticsearch module + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: cluster.name + type: keyword + description: > + Elasticsearch cluster name. + + - name: cluster.id + type: keyword + description: > + Elasticsearch cluster id. + + - name: cluster.state.id + type: keyword + description: > + Elasticsearch state id. + + - name: node.id + type: keyword + description: > + Node ID + + - name: node.name + type: keyword + description: > + Node name. + - name: cluster.pending_task + type: group + description: > + `cluster.pending_task` contains a pending task description. + release: ga + fields: + - name: insert_order + type: long + description: > + Insert order + - name: priority + type: long + description: > + Priority + - name: source + type: keyword + description: > + Source. For example: put-mapping + - name: time_in_queue.ms + type: long + description: > + Time in queue diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/shard/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/shard/fields/fields.yml new file mode 100644 index 000000000..2ae2ec94f --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/shard/fields/fields.yml @@ -0,0 +1,58 @@ +- key: elasticsearch + title: "Elasticsearch" + description: > + Elasticsearch module + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: cluster.name + type: keyword + description: > + Elasticsearch cluster name. + + - name: cluster.id + type: keyword + description: > + Elasticsearch cluster id. + + - name: cluster.state.id + type: keyword + description: > + Elasticsearch state id. + + - name: node.id + type: keyword + description: > + Node ID + + - name: node.name + type: keyword + description: > + Node name. + - name: shard + type: group + description: > + shard fields + release: ga + fields: + - name: primary + type: boolean + description: > + True if this is the primary shard. + - name: number + type: long + description: > + The number of this shard. + - name: state + type: keyword + description: > + The state of this shard. + - name: relocating_node.name + type: keyword + description: > + The node the shard was relocated from. diff --git a/dev/packages/beats/envoyproxy-0.0.1/dataset/server/fields/fields.yml b/dev/packages/beats/envoyproxy-0.0.1/dataset/server/fields/fields.yml new file mode 100644 index 000000000..f0d3c949e --- /dev/null +++ b/dev/packages/beats/envoyproxy-0.0.1/dataset/server/fields/fields.yml @@ -0,0 +1,263 @@ +- key: envoyproxy + title: "envoyproxy" + description: > + envoyproxy module + release: ga + fields: + - name: envoyproxy + type: group + description: > + fields: + - name: server + type: group + release: ga + description: > + Contains envoy proxy server stats + fields: + - name: cluster_manager + type: group + fields: + - name: active_clusters + type: integer + description: > + Number of currently active (warmed) clusters + - name: cluster_added + type: integer + description: > + Total clusters added (either via static config or CDS) + - name: cluster_modified + type: integer + description: > + Total clusters modified (via CDS) + - name: cluster_removed + type: integer + description: > + Total clusters removed (via CDS) + - name: warming_clusters + type: integer + description: > + Number of currently warming (not active) clusters + - name: cluster_updated + type: integer + description: > + Total cluster updates + - name: cluster_updated_via_merge + type: integer + description: > + Total cluster updates applied as merged updates + - name: update_merge_cancelled + type: integer + description: > + Total merged updates that got cancelled and delivered early + - name: update_out_of_merge_window + type: integer + description: > + Total updates which arrived out of a merge window + + - name: filesystem + type: group + fields: + - name: flushed_by_timer + type: integer + description: > + Total number of times internal flush buffers are written to a file due to flush timeout + - name: reopen_failed + type: integer + description: > + Total number of times a file was failed to be opened + - name: write_buffered + type: integer + description: > + Total number of times file data is moved to Envoys internal flush buffer + - name: write_completed + type: integer + description: > + Total number of times a file was written + - name: write_total_buffered + type: integer + description: > + Current total size of internal flush buffer in bytes + - name: write_failed + type: integer + description: > + Total number of times an error occurred during a file write operation + + - name: runtime + type: group + fields: + - name: load_error + type: integer + description: > + Total number of load attempts that resulted in an error in any layer + - name: load_success + type: integer + description: > + Total number of load attempts that were successful at all layers + - name: num_keys + type: integer + description: > + Number of keys currently loaded + - name: override_dir_exists + type: integer + description: > + Total number of loads that did use an override directory + - name: override_dir_not_exists + type: integer + description: > + Total number of loads that did not use an override directory + - name: admin_overrides_active + type: integer + description: > + 1 if any admin overrides are active otherwise 0 + - name: deprecated_feature_use + type: integer + description: > + Total number of times deprecated features were used. + - name: num_layers + type: integer + description: > + Number of layers currently active (without loading errors) + + - name: listener_manager + type: group + fields: + - name: listener_added + type: integer + description: > + Total listeners added (either via static config or LDS) + - name: listener_create_failure + type: integer + description: > + Total failed listener object additions to workers + - name: listener_create_success + type: integer + description: > + Total listener objects successfully added to workers + - name: listener_modified + type: integer + description: > + Total listeners modified (via LDS) + - name: listener_removed + type: integer + description: > + Total listeners removed (via LDS) + - name: total_listeners_active + type: integer + description: > + Number of currently active listeners + - name: total_listeners_draining + type: integer + description: > + Number of currently draining listeners + - name: total_listeners_warming + type: integer + description: > + Number of currently warming listeners + - name: listener_stopped + type: integer + description: > + Total listeners stopped + + - name: stats + type: group + fields: + - name: overflow + type: integer + description: > + Total number of times Envoy cannot allocate a statistic due to a shortage of shared memory + + - name: server + type: group + fields: + - name: days_until_first_cert_expiring + type: integer + description: > + Number of days until the next certificate being managed will expire + - name: live + type: integer + description: > + 1 if the server is not currently draining, 0 otherwise + - name: memory_allocated + type: integer + description: > + Current amount of allocated memory in bytes + - name: memory_heap_size + type: integer + description: > + Current reserved heap size in bytes + - name: parent_connections + type: integer + description: > + Total connections of the old Envoy process on hot restart + - name: total_connections + type: integer + description: > + Total connections of both new and old Envoy processes + - name: uptime + type: integer + description: > + Current server uptime in seconds + - name: version + type: integer + description: > + Integer represented version number based on SCM revision + - name: watchdog_mega_miss + type: integer + - name: watchdog_miss + type: integer + - name: hot_restart_epoch + type: integer + description: > + Current hot restart epoch + - name: concurrency + type: integer + description: > + Number of worker threads + - name: debug_assertion_failures + type: integer + - name: dynamic_unknown_fields + type: integer + description: > + Number of messages in dynamic configuration with unknown fields + - name: state + type: integer + description: > + Current state of the Server + - name: static_unknown_fields + type: integer + description: > + Number of messages in static configuration with unknown fields + - name: stats_recent_lookups + type: integer + + - name: http2 + type: group + fields: + - name: header_overflow + type: integer + description: > + Total number of connections reset due to the headers being larger than Envoy::Http::Http2::ConnectionImpl::StreamImpl::MAX_HEADER_SIZE (63k) + - name: headers_cb_no_stream + type: integer + description: > + Total number of errors where a header callback is called without an associated stream. This tracks an unexpected occurrence due to an as yet undiagnosed bug + - name: rx_messaging_error + type: integer + description: > + Total number of invalid received frames that violated section 8 of the HTTP/2 spec. This will result in a tx_reset + - name: rx_reset + type: integer + description: > + Total number of reset stream frames received by Envoy + - name: too_many_header_frames + type: integer + description: > + Total number of times an HTTP2 connection is reset due to receiving too many headers frames. Envoy currently supports proxying at most one header frame for 100-Continue one non-100 response code header frame and one frame with trailers + - name: trailers + type: integer + description: > + Total number of trailers seen on requests coming from downstream + - name: tx_reset + type: integer + description: > + Total number of reset stream frames transmitted by Envoy diff --git a/dev/packages/beats/etcd-0.0.1/dataset/leader/fields/fields.yml b/dev/packages/beats/etcd-0.0.1/dataset/leader/fields/fields.yml new file mode 100644 index 000000000..5a5f8ccc8 --- /dev/null +++ b/dev/packages/beats/etcd-0.0.1/dataset/leader/fields/fields.yml @@ -0,0 +1,56 @@ +- key: etcd + title: "Etcd" + description: > + etcd Module + release: ga + settings: ["ssl", "http"] + fields: + - name: etcd + type: group + description: > + `etcd` contains statistics that were read from Etcd + fields: + - name: api_version + type: keyword + description: > + Etcd API version for metrics retrieval + + + - name: leader + type: group + description: > + Contains etcd leader statistics. + release: ga + fields: + - name: followers.counts + type: group + description: > + The number of failed and successful Raft RPC requests. + fields: + - name: followers.counts.success + type: integer + description: successful Raft RPC requests + - name: followers.counts.fail + type: integer + description: failed Raft RPC requests + + + - name: followers.latency + type: group + description: > + latency to each peer in the cluster + fields: + - name: followers.latency.average + type: scaled_float + - name: followers.latency.current + type: scaled_float + - name: followers.latency.maximum + type: scaled_float + - name: followers.latency.minimum + type: integer + - name: follower.latency.standardDeviation + type: scaled_float + - name: leader + type: keyword + description: ID of actual leader + diff --git a/dev/packages/beats/etcd-0.0.1/dataset/metrics/fields/fields.yml b/dev/packages/beats/etcd-0.0.1/dataset/metrics/fields/fields.yml new file mode 100644 index 000000000..b97176008 --- /dev/null +++ b/dev/packages/beats/etcd-0.0.1/dataset/metrics/fields/fields.yml @@ -0,0 +1,132 @@ +- key: etcd + title: "Etcd" + description: > + etcd Module + release: ga + settings: ["ssl", "http"] + fields: + - name: etcd + type: group + description: > + `etcd` contains statistics that were read from Etcd + fields: + - name: api_version + type: keyword + description: > + Etcd API version for metrics retrieval + + + - name: server + type: group + description: > + Server metrics from the Etcd V3 /metrics endpoint + release: beta + fields: + - name: has_leader + type: byte + description: > + Whether a leader exists in the cluster + + - name: leader_changes.count + type: long + description: > + Number of leader changes seen at the cluster + + - name: proposals_committed.count + type: long + description: > + Number of consensus proposals commited + + - name: proposals_pending.count + type: long + description: > + Number of consensus proposals pending + + - name: proposals_failed.count + type: long + description: > + Number of consensus proposals failed + + - name: grpc_started.count + type: long + description: > + Number of sent gRPC requests + + - name: grpc_handled.count + type: long + description: > + Number of received gRPC requests + + - name: disk + type: group + description: > + Disk metrics from the Etcd V3 /metrics endpoint + release: beta + fields: + - name: mvcc_db_total_size.bytes + type: long + format: bytes + description: > + Size of stored data at MVCC + + - name: wal_fsync_duration.ns.bucket.* + type: object + object_type: long + description: > + Latency for writing ahead logs to disk + + - name: wal_fsync_duration.ns.count + type: long + description: > + Write ahead logs count + + - name: wal_fsync_duration.ns.sum + type: long + description: > + Write ahead logs latency sum + + - name: backend_commit_duration.ns.bucket.* + type: object + object_type: long + description: > + Latency for writing backend changes to disk + + - name: backend_commit_duration.ns.count + type: long + description: > + Backend commits count + + - name: backend_commit_duration.ns.sum + type: long + description: > + Backend commits latency sum + + - name: memory + type: group + description: > + Memory metrics from the Etcd V3 /metrics endpoint + release: beta + fields: + - name: go_memstats_alloc.bytes + type: long + format: bytes + description: > + Memory allocated bytes as of MemStats Go + + - name: network + type: group + description: > + Network metrics from the Etcd V3 /metrics endpoint + release: beta + fields: + - name: client_grpc_sent.bytes + type: long + format: bytes + description: > + gRPC sent bytes total + + - name: client_grpc_received.bytes + type: long + format: bytes + description: > + gRPC received bytes total diff --git a/dev/packages/beats/etcd-0.0.1/dataset/self/fields/fields.yml b/dev/packages/beats/etcd-0.0.1/dataset/self/fields/fields.yml new file mode 100644 index 000000000..dcf982606 --- /dev/null +++ b/dev/packages/beats/etcd-0.0.1/dataset/self/fields/fields.yml @@ -0,0 +1,82 @@ +- key: etcd + title: "Etcd" + description: > + etcd Module + release: ga + settings: ["ssl", "http"] + fields: + - name: etcd + type: group + description: > + `etcd` contains statistics that were read from Etcd + fields: + - name: api_version + type: keyword + description: > + Etcd API version for metrics retrieval + + + - name: self + type: group + description: > + Contains etcd self statistics. + release: ga + fields: + - name: id + type: keyword + description: > + the unique identifier for the member + + - name: leaderinfo.leader + type: keyword + description: > + id of the current leader member + - name: leaderinfo.starttime + type: keyword + description: > + the time when this node was started + - name: leaderinfo.uptime + type: keyword + description: > + amount of time the leader has been leader + + - name: name + type: keyword + description: > + this member's name + + - name: recv.appendrequest.count + type: integer + description: > + number of append requests this node has processed + - name: recv.bandwidthrate + type: scaled_float + description: > + number of bytes per second this node is receiving (follower only) + - name: recv.pkgrate + type: scaled_float + description: > + number of requests per second this node is receiving (follower only) + + - name: send.appendrequest.count + type: integer + description: > + number of requests that this node has sent + - name: send.bandwidthrate + type: scaled_float + description: > + number of bytes per second this node is sending (leader only). This value is undefined on single member clusters. + - name: send.pkgrate + type: scaled_float + description: > + number of requests per second this node is sending (leader only). This value is undefined on single member clusters. + + - name: starttime + type: keyword + description: > + the time when this node was started + + - name: state + type: keyword + description: > + either leader or follower diff --git a/dev/packages/beats/etcd-0.0.1/dataset/store/fields/fields.yml b/dev/packages/beats/etcd-0.0.1/dataset/store/fields/fields.yml new file mode 100644 index 000000000..0c1df2da2 --- /dev/null +++ b/dev/packages/beats/etcd-0.0.1/dataset/store/fields/fields.yml @@ -0,0 +1,65 @@ +- key: etcd + title: "Etcd" + description: > + etcd Module + release: ga + settings: ["ssl", "http"] + fields: + - name: etcd + type: group + description: > + `etcd` contains statistics that were read from Etcd + fields: + - name: api_version + type: keyword + description: > + Etcd API version for metrics retrieval + + + - name: store + type: group + description: > + The store statistics include information about the operations that this node has handled. + release: ga + fields: + - name: gets.success + type: integer + - name: gets.fail + type: integer + + - name: sets.success + type: integer + - name: sets.fail + type: integer + + - name: delete.success + type: integer + - name: delete.fail + type: integer + + - name: update.success + type: integer + - name: update.fail + type: integer + + - name: create.success + type: integer + - name: create.fail + type: integer + + - name: compareandswap.success + type: integer + - name: compareandswap.fail + type: integer + + - name: compareanddelete.success + type: integer + - name: compareanddelete.fail + type: integer + + + - name: expire.count + type: integer + + - name: watchers + type: integer diff --git a/dev/packages/beats/golang-0.0.1/dataset/expvar/fields/fields.yml b/dev/packages/beats/golang-0.0.1/dataset/expvar/fields/fields.yml new file mode 100644 index 000000000..c67a5ff30 --- /dev/null +++ b/dev/packages/beats/golang-0.0.1/dataset/expvar/fields/fields.yml @@ -0,0 +1,22 @@ +- key: golang + title: "Golang" + description: > + Golang module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: golang + type: group + description: > + fields: + - name: expvar + type: group + description: > + expvar + release: ga + fields: + - name: cmdline + type: keyword + description: > + The cmdline of this Go program start with. diff --git a/dev/packages/beats/golang-0.0.1/dataset/heap/fields/fields.yml b/dev/packages/beats/golang-0.0.1/dataset/heap/fields/fields.yml new file mode 100644 index 000000000..3290f1256 --- /dev/null +++ b/dev/packages/beats/golang-0.0.1/dataset/heap/fields/fields.yml @@ -0,0 +1,150 @@ +- key: golang + title: "Golang" + description: > + Golang module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: golang + type: group + description: > + fields: + - name: heap + type: group + description: > + The Go program heap information exposed by expvar. + release: ga + fields: + - name: cmdline + type: keyword + description: > + The cmdline of this Go program start with. + + - name: gc + type: group + description: > + Garbage collector summary. + fields: + - name: total_pause + type: group + description: > + Total GC pause duration over lifetime of process. + fields: + - name: ns + type: long + description: > + Duration in Ns. + - name: total_count + type: long + description: > + Total number of GC was happened. + - name: next_gc_limit + type: long + format: bytes + description: > + Next collection will happen when HeapAlloc > this amount. + - name: cpu_fraction + type: float + description: > + Fraction of CPU time used by GC. + - name: pause + type: group + description: > + Last GC pause durations during the monitoring period. + fields: + - name: count + type: long + description: > + Count of GC pause duration during this collect period. + - name: sum + type: group + description: > + Total GC pause duration during this collect period. + fields: + - name: ns + type: long + description: > + Duration in Ns. + - name: max + type: group + description: > + Max GC pause duration during this collect period. + fields: + - name: ns + type: long + description: > + Duration in Ns. + - name: avg + type: group + description: > + Average GC pause duration during this collect period. + fields: + - name: ns + type: long + description: > + Duration in Ns. + + - name: system + type: group + description: > + Heap summary,which bytes was obtained from system. + fields: + - name: total + type: long + format: bytes + description: > + Total bytes obtained from system (sum of XxxSys below). + - name: obtained + type: long + format: bytes + description: > + Via HeapSys, bytes obtained from system. heap_sys = heap_idle + heap_inuse. + - name: stack + type: long + format: bytes + description: > + Bytes used by stack allocator, and these bytes was obtained from system. + - name: released + type: long + format: bytes + description: > + Bytes released to the OS. + + - name: allocations + type: group + description: > + Heap allocations summary. + fields: + - name: mallocs + type: long + description: > + Number of mallocs. + - name: frees + type: long + description: > + Number of frees. + - name: objects + type: long + description: > + Total number of allocated objects. + - name: total + type: long + format: bytes + description: > + Bytes allocated (even if freed) throughout the lifetime. + - name: allocated + type: long + format: bytes + description: > + Bytes allocated and not yet freed (same as Alloc above). + - name: idle + type: long + format: bytes + description: > + Bytes in idle spans. + - name: active + type: long + format: bytes + description: > + Bytes in non-idle span. diff --git a/dev/packages/beats/googlecloud-0.0.1/dataset/compute/fields/fields.yml b/dev/packages/beats/googlecloud-0.0.1/dataset/compute/fields/fields.yml new file mode 100644 index 000000000..f7a68d66a --- /dev/null +++ b/dev/packages/beats/googlecloud-0.0.1/dataset/compute/fields/fields.yml @@ -0,0 +1,79 @@ +- key: googlecloud + title: 'Google Cloud Platform' + release: beta + description: > + GCP module + fields: + - name: googlecloud.labels + type: object + fields: + - name: user.* + type: object + - name: metadata.* + type: object + - name: metrics.* + type: object + - name: system.* + type: object + - name: compute + release: beta + type: group + description: Google Cloud Compute metrics + fields: + - name: instance + type: group + fields: + - name: firewall + type: group + fields: + - name: dropped_bytes_count + type: long + description: Incoming bytes dropped by the firewall + - name: dropped_packets_count + type: long + description: Incoming packets dropped by the firewall + - name: cpu + type: group + fields: + - name: reserved_cores + type: double + description: Number of cores reserved on the host of the instance + - name: utilization + type: double + description: The fraction of the allocated CPU that is currently in use on the instance + - name: usage_time + type: double + description: Usage for all cores in seconds + - name: disk + type: group + fields: + - name: read_bytes_count + type: long + description: Count of bytes read from disk + - name: read_ops_count + type: long + description: Count of disk read IO operations + - name: write_bytes_count + type: long + description: Count of bytes written to disk + - name: write_ops_count + type: long + description: Count of disk write IO operations + - name: uptime + type: long + description: How long the VM has been running, in seconds + - name: network + type: group + fields: + - name: received_bytes_count + type: long + description: Count of bytes received from the network + - name: received_packets_count + type: long + description: Count of packets received from the network + - name: sent_bytes_count + type: long + description: Count of bytes sent over the network + - name: sent_packets_count + type: long + description: Count of packets sent over the network diff --git a/dev/packages/beats/googlecloud-0.0.1/dataset/loadbalancing/fields/fields.yml b/dev/packages/beats/googlecloud-0.0.1/dataset/loadbalancing/fields/fields.yml new file mode 100644 index 000000000..bde1af4b4 --- /dev/null +++ b/dev/packages/beats/googlecloud-0.0.1/dataset/loadbalancing/fields/fields.yml @@ -0,0 +1,266 @@ +- key: googlecloud + title: 'Google Cloud Platform' + release: beta + description: > + GCP module + fields: + - name: googlecloud.labels + type: object + fields: + - name: user.* + type: object + - name: metadata.* + type: object + - name: metrics.* + type: object + - name: system.* + type: object + - name: loadbalancing + release: beta + type: group + description: Google Cloud Load Balancing metrics + fields: + - name: https + type: group + description: Google Cloud Load Balancing metrics + fields: + - name: backend_latencies + description: A distribution of the latency calculated from when the request was sent by the proxy to the backend until the proxy received from the backend the last byte of response. + type: group + fields: + - name: count + type: long + - name: mean + type: long + - name: bucket_counts + type: long + - name: bucket_options + type: group + fields: + - name: Options + type: group + fields: + - name: ExponentialBuckets + type: group + fields: + - name: growth_factor + type: double + - name: scale + type: long + - name: num_finite_buckets + type: long + - name: backend_request_bytes_count + type: long + description: The number of bytes sent as requests from HTTP/S load balancer to backends. + - name: backend_request_count + type: long + description: The number of requests served by backends of HTTP/S load balancer. + - name: backend_response_bytes_count + type: long + description: The number of bytes sent as responses from backends (or cache) to HTTP/S load balancer. + - name: frontend_tcp_rtt + description: A distribution of the RTT measured for each connection between client and proxy. + type: group + fields: + - name: count + type: long + - name: mean + type: long + - name: bucket_counts + type: long + - name: bucket_options + type: group + fields: + - name: Options + type: group + fields: + - name: ExponentialBuckets + type: group + fields: + - name: growth_factor + type: double + - name: scale + type: long + - name: num_finite_buckets + type: long + - name: internal + type: group + fields: + - name: backend_latencies + description: A distribution of the latency calculated from when the request was sent by the proxy to the backend until the proxy received from the backend the last byte of response. + type: group + fields: + - name: count + type: long + - name: mean + type: long + - name: bucket_counts + type: long + - name: bucket_options + type: group + fields: + - name: Options + type: group + fields: + - name: ExponentialBuckets + type: group + fields: + - name: growth_factor + type: double + - name: scale + type: long + - name: num_finite_buckets + type: long + - name: request_bytes_count + type: long + description: The number of bytes sent as requests from clients to HTTP/S load balancer. + - name: request_count + type: long + description: The number of requests served by HTTP/S load balancer. + - name: response_bytes_count + type: long + description: The number of bytes sent as responses from HTTP/S load balancer to clients. + - name: total_latencies + description: A distribution of the latency calculated from when the request was received by the proxy until the proxy got ACK from client on last response byte. + type: group + fields: + - name: count + type: long + - name: mean + type: long + - name: bucket_counts + type: long + - name: bucket_options + type: group + fields: + - name: Options + type: group + fields: + - name: ExponentialBuckets + type: group + fields: + - name: growth_factor + type: double + - name: scale + type: long + - name: num_finite_buckets + type: long + - name: request_bytes_count + type: long + description: The number of bytes sent as requests from clients to HTTP/S load balancer. + - name: request_count + type: long + description: The number of requests served by HTTP/S load balancer. + - name: response_bytes_count + type: long + description: The number of bytes sent as responses from HTTP/S load balancer to clients. + - name: total_latencies + description: A distribution of the latency calculated from when the request was received by the proxy until the proxy got ACK from client on last response byte. + type: group + fields: + - name: count + type: long + - name: mean + type: long + - name: bucket_counts + type: long + - name: bucket_options + type: group + fields: + - name: Options + type: group + fields: + - name: ExponentialBuckets + type: group + fields: + - name: growth_factor + type: double + - name: scale + type: long + - name: num_finite_buckets + type: long + - name: l3.internal + type: group + description: Google Cloud Load Balancing metrics + fields: + - name: egress_bytes_count + type: long + description: The number of bytes sent from ILB backend to client (for TCP flows it's counting bytes on application stream only). + - name: egress_packets_count + type: long + description: The number of packets sent from ILB backend to client of the flow. + - name: ingress_bytes_count + type: long + description: The number of bytes sent from client to ILB backend (for TCP flows it's counting bytes on application stream only). + - name: ingress_packets_count + type: long + description: The number of packets sent from client to ILB backend. + - name: rtt_latencies + description: A distribution of RTT measured over TCP connections for ILB flows. + type: group + fields: + - name: count + type: long + - name: mean + type: long + - name: bucket_counts + type: long + - name: bucket_options + type: group + fields: + - name: Options + type: group + fields: + - name: ExponentialBuckets + type: group + fields: + - name: growth_factor + type: double + - name: scale + type: long + - name: num_finite_buckets + type: long + - name: tcp_ssl_proxy + type: group + description: Google Cloud Load Balancing metrics + fields: + - name: closed_connections + type: long + description: Number of connections that were terminated over TCP/SSL proxy. + - name: egress_bytes_count + type: long + description: Number of bytes sent from VM to client using proxy. + - name: frontend_tcp_rtt + description: A distribution of the smoothed RTT (in ms) measured by the proxy's TCP stack, each minute application layer bytes pass from proxy to client. + type: group + fields: + - name: count + type: long + - name: mean + type: long + - name: bucket_counts + type: long + - name: bucket_options + type: group + fields: + - name: Options + type: group + fields: + - name: ExponentialBuckets + type: group + fields: + - name: growth_factor + type: double + - name: scale + type: long + - name: num_finite_buckets + type: long + - name: ingress_bytes_count + type: long + description: Number of bytes sent from client to VM using proxy. + - name: new_connections + type: long + description: Number of connections that were created over TCP/SSL proxy. + - name: open_connections + type: long + description: Current number of outstanding connections through the TCP/SSL proxy. diff --git a/dev/packages/beats/googlecloud-0.0.1/dataset/stackdriver/fields/fields.yml b/dev/packages/beats/googlecloud-0.0.1/dataset/stackdriver/fields/fields.yml new file mode 100644 index 000000000..43ac6e610 --- /dev/null +++ b/dev/packages/beats/googlecloud-0.0.1/dataset/stackdriver/fields/fields.yml @@ -0,0 +1,22 @@ +- key: googlecloud + title: 'Google Cloud Platform' + release: beta + description: > + GCP module + fields: + - name: googlecloud.labels + type: object + fields: + - name: user.* + type: object + - name: metadata.* + type: object + - name: metrics.* + type: object + - name: system.* + type: object + - release: beta + key: stackdriver + type: group + description: Google Cloud Compute metrics + fields: diff --git a/dev/packages/beats/graphite-0.0.1/dataset/server/fields/fields.yml b/dev/packages/beats/graphite-0.0.1/dataset/server/fields/fields.yml new file mode 100644 index 000000000..a3fdf5c69 --- /dev/null +++ b/dev/packages/beats/graphite-0.0.1/dataset/server/fields/fields.yml @@ -0,0 +1,20 @@ +- key: graphite + title: "Graphite" + description: > + graphite Module + release: ga + fields: + - name: graphite + type: group + description: > + fields: + - name: server + type: group + description: > + server + release: ga + fields: + - name: example + type: keyword + description: > + Example field diff --git a/dev/packages/beats/haproxy-0.0.1/dataset/info/fields/fields.yml b/dev/packages/beats/haproxy-0.0.1/dataset/info/fields/fields.yml new file mode 100644 index 000000000..371a0b380 --- /dev/null +++ b/dev/packages/beats/haproxy-0.0.1/dataset/info/fields/fields.yml @@ -0,0 +1,252 @@ +- key: haproxy + title: "HAProxy" + description: > + HAProxy Module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: haproxy + type: group + description: > + HAProxy metrics. + fields: + - name: info + type: group + description: > + General information about HAProxy processes. + release: ga + fields: + - name: processes + type: long + description: > + Number of processes. + + - name: process_num + type: long + description: > + Process number. + + - name: pid + type: alias + path: process.pid + migration: true + description: > + Process ID. + + - name: run_queue + type: long + description: > + + - name: tasks + type: long + description: > + + - name: uptime.sec + type: long + description: > + Current uptime in seconds. + + - name: memory.max.bytes + type: long + format: bytes + description: > + Maximum amount of memory usage in bytes (the 'Memmax_MB' value converted to bytes). + + - name: ulimit_n + type: long + description: > + Maximum number of open files for the process. + + - name: compress + type: group + description: > + + fields: + - name: bps + type: group + description: > + + fields: + - name: in + type: long + description: > + + - name: out + type: long + description: > + + - name: rate_limit + type: long + description: > + + - name: connection + type: group + description: > + + fields: + - name: rate + type: group + description: > + + fields: + - name: value + type: long + description: > + + - name: limit + type: long + description: > + + - name: max + type: long + description: > + + - name: current + type: long + description: > + Current connections. + + - name: total + type: long + description: > + Total connections. + + - name: ssl.current + type: long + description: > + Current SSL connections. + + - name: ssl.total + type: long + description: > + Total SSL connections. + + - name: ssl.max + type: long + description: > + Maximum SSL connections. + + - name: max + type: long + description: > + Maximum connections. + + - name: hard_max + type: long + description: > + + - name: requests.total + type: long + description: > + + - name: sockets.max + type: long + description: > + + - name: requests.max + type: long + description: > + + - name: pipes + type: group + description: > + fields: + - name: used + type: integer + description: > + + - name: free + type: integer + description: > + + - name: max + type: integer + description: > + + - name: session + type: group + description: + fields: + - name: rate.value + type: integer + description: > + + - name: rate.limit + type: integer + description: > + + - name: rate.max + type: integer + description: > + + + - name: ssl + type: group + description: + fields: + - name: rate.value + type: integer + description: + + - name: rate.limit + type: integer + description: + + - name: rate.max + type: integer + description: + + - name: frontend + type: group + description: + fields: + - name: key_rate.value + type: integer + description: + + - name: key_rate.max + type: integer + description: + + - name: session_reuse.pct + type: scaled_float + format: percent + description: + + - name: backend + type: group + description: + fields: + - name: key_rate.value + type: integer + description: + + - name: key_rate.max + type: integer + description: MaxConnRate + - name: cached_lookups + type: long + description: + - name: cache_misses + type: long + description: + + + - name: zlib_mem_usage + type: group + description: > + + fields: + - name: value + type: integer + description: > + + - name: max + type: integer + description: > + + - name: idle.pct + type: scaled_float + format: percent + description: > diff --git a/dev/packages/beats/haproxy-0.0.1/dataset/stat/fields/fields.yml b/dev/packages/beats/haproxy-0.0.1/dataset/stat/fields/fields.yml new file mode 100644 index 000000000..1c17adfbe --- /dev/null +++ b/dev/packages/beats/haproxy-0.0.1/dataset/stat/fields/fields.yml @@ -0,0 +1,439 @@ +- key: haproxy + title: "HAProxy" + description: > + HAProxy Module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: haproxy + type: group + description: > + HAProxy metrics. + fields: + - name: stat + type: group + description: > + Stats collected from HAProxy processes. + release: ga + fields: + + - name: status + type: keyword + description: > + Status (UP, DOWN, NOLB, MAINT, or MAINT(via)...). + + - name: weight + type: long + description: > + Total weight (for backends), or server weight (for servers). + + - name: downtime + type: long + description: > + Total downtime (in seconds). For backends, this value is the downtime + for the whole backend, not the sum of the downtime for the servers. + + - name: component_type + type: integer + description: > + Component type (0=frontend, 1=backend, 2=server, or 3=socket/listener). + + - name: process_id + type: alias + path: process.pid + migration: true + description: > + Process ID (0 for first instance, 1 for second, and so on). + + - name: service_name + type: keyword + description: > + Service name (FRONTEND for frontend, BACKEND for backend, or any name for server/listener). + + - name: in.bytes + type: long + format: bytes + description: > + Bytes in. + + - name: out.bytes + type: long + format: bytes + description: > + Bytes out. + + - name: last_change + type: integer + description: > + Number of seconds since the last UP->DOWN or DOWN->UP transition. + + - name: throttle.pct + type: scaled_float + format: percent + description: > + Current throttle percentage for the server when slowstart + is active, or no value if slowstart is inactive. + + - name: selected.total + type: long + description: > + Total number of times a server was selected, either for new + sessions, or when re-dispatching. For servers, this field reports the + the number of times the server was selected. + + - name: tracked.id + type: long + description: > + ID of the proxy/server if tracking is enabled. + + - name: connection + type: group + fields: + + - name: total + type: long + description: > + Cumulative number of connections. + + - name: retried + type: long + description: > + Number of times a connection to a server was retried. + + - name: time.avg + type: long + description: > + Average connect time in ms over the last 1024 requests. + + - name: request + type: group + fields: + + - name: denied + type: long + description: > + Requests denied because of security concerns. + + * For TCP this is because of a matched tcp-request content rule. + * For HTTP this is because of a matched http-request or tarpit rule. + + - name: queued.current + type: long + description: > + Current queued requests. For backends, this field reports the number + of requests queued without a server assigned. + + - name: queued.max + type: long + description: > + Maximum value of queued.current. + + - name: errors + type: long + description: > + Request errors. Some of the possible causes are: + + * early termination from the client, before the request has been sent + * read error from the client + * client timeout + * client closed connection + * various bad requests from the client. + * request was tarpitted. + + - name: redispatched + type: long + description: > + Number of times a request was redispatched to another server. For + servers, this field reports the number of times the server was + switched away from. + + - name: connection.errors + type: long + description: > + Number of requests that encountered an error trying to + connect to a server. For backends, this field reports the sum of + the stat for all backend servers, plus any connection errors not + associated with a particular server (such as the backend having no + active servers). + + - name: rate + type: group + description: > + fields: + - name: value + type: long + description: > + Number of HTTP requests per second over the last elapsed second. + - name: max + type: long + description: > + Maximum number of HTTP requests per second. + + - name: total + type: long + description: > + Total number of HTTP requests received. + + + - name: response + type: group + fields: + + - name: errors + type: long + description: > + Number of response errors. This value includes the number of data + transfers aborted by the server (haproxy.stat.server.aborted). + Some other errors are: + + * write errors on the client socket (won't be counted for the server stat) + * failure applying filters to the response + + + - name: time.avg + type: long + description: > + Average response time in ms over the last 1024 requests (0 for TCP). + + - name: denied + type: integer + description: > + Responses denied because of security concerns. For HTTP this is + because of a matched http-request rule, or "option checkcache". + + - name: http + type: group + description: > + + fields: + - name: 1xx + type: long + description: > + HTTP responses with 1xx code. + + - name: 2xx + type: long + description: > + HTTP responses with 2xx code. + + - name: 3xx + type: long + description: > + HTTP responses with 3xx code. + + - name: 4xx + type: long + description: > + HTTP responses with 4xx code. + + - name: 5xx + type: long + description: > + HTTP responses with 5xx code. + + - name: other + type: long + description: > + HTTP responses with other codes (protocol error). + + + - name: session + type: group + fields: + + - name: current + type: long + description: > + Number of current sessions. + + - name: max + type: long + description: > + Maximum number of sessions. + + - name: limit + type: long + description: > + Configured session limit. + + - name: rate + type: group + fields: + - name: value + type: integer + description: > + Number of sessions per second over the last elapsed second. + + - name: limit + type: integer + description: > + Configured limit on new sessions per second. + + - name: max + type: integer + description: > + Maximum number of new sessions per second. + + + - name: check + type: group + description: > + + fields: + - name: status + type: keyword + description: > + Status of the last health check. One of: + + UNK -> unknown + INI -> initializing + SOCKERR -> socket error + L4OK -> check passed on layer 4, no upper layers testing enabled + L4TOUT -> layer 1-4 timeout + L4CON -> layer 1-4 connection problem, for example + "Connection refused" (tcp rst) or "No route to host" (icmp) + L6OK -> check passed on layer 6 + L6TOUT -> layer 6 (SSL) timeout + L6RSP -> layer 6 invalid response - protocol error + L7OK -> check passed on layer 7 + L7OKC -> check conditionally passed on layer 7, for example 404 with + disable-on-404 + L7TOUT -> layer 7 (HTTP/SMTP) timeout + L7RSP -> layer 7 invalid response - protocol error + L7STS -> layer 7 response error, for example HTTP 5xx + + - name: code + type: long + description: > + Layer 5-7 code, if available. + + - name: duration + type: long + description: > + Time in ms that it took to finish the last health check. + + - name: health.last + type: keyword + description: > + The result of the last health check. + + - name: health.fail + type: long + description: > + Number of failed checks. + + - name: agent.last + type: integer + description: > + + - name: failed + type: long + description: > + Number of checks that failed while the server was up. + + - name: down + type: long + description: > + Number of UP->DOWN transitions. For backends, this value is the + number of transitions to the whole backend being down, rather than + the sum of the transitions for each server. + + - name: client.aborted + type: integer + description: > + Number of data transfers aborted by the client. + + + - name: server + type: group + description: > + fields: + + - name: id + type: integer + description: > + Server ID (unique inside a proxy). + + - name: aborted + type: integer + description: > + Number of data transfers aborted by the server. This value is + included in haproxy.stat.response.errors. + + - name: active + type: integer + description: > + Number of backend servers that are active, meaning that they are + healthy and can receive requests from the load balancer. + + - name: backup + type: integer + description: > + Number of backend servers that are backup servers. + + + - name: compressor + type: group + description: > + + fields: + - name: in.bytes + type: long + format: bytes + description: > + Number of HTTP response bytes fed to the compressor. + + - name: out.bytes + type: integer + format: bytes + description: > + Number of HTTP response bytes emitted by the compressor. + + - name: bypassed.bytes + type: long + format: bytes + description: > + Number of bytes that bypassed the HTTP compressor (CPU/BW limit). + + - name: response.bytes + type: long + format: bytes + description: > + Number of HTTP responses that were compressed. + + - name: proxy + type: group + description: > + + fields: + - name: id + type: integer + description: > + Unique proxy ID. + + - name: name + type: keyword + description: > + Proxy name. + + + - name: queue + type: group + description: > + + fields: + - name: limit + type: integer + description: > + Configured queue limit (maxqueue) for the server, or nothing if the + value of maxqueue is 0 (meaning no limit). + + - name: time.avg + type: integer + description: > + The average queue time in ms over the last 1024 requests. + + + + diff --git a/dev/packages/beats/http-0.0.1/dataset/json/fields/fields.yml b/dev/packages/beats/http-0.0.1/dataset/json/fields/fields.yml new file mode 100644 index 000000000..7229f3689 --- /dev/null +++ b/dev/packages/beats/http-0.0.1/dataset/json/fields/fields.yml @@ -0,0 +1,45 @@ +- key: http + title: "HTTP" + description: > + HTTP module + release: ga + settings: ["ssl", "http"] + fields: + - name: http + type: group + description: > + fields: + - name: request + type: group + description: > + HTTP request information + fields: + - name: headers + type: object + description: > + The HTTP headers sent + - name: response + type: group + description: > + HTTP response information + fields: + - name: headers + type: object + description: > + The HTTP headers received + - name: code + type: keyword + description: > + The HTTP status code + example: 404 + - name: phrase + type: keyword + example: Not found + description: > + The HTTP status phrase + - name: json + type: group + description: > + json metricset + release: ga + fields: diff --git a/dev/packages/beats/http-0.0.1/dataset/server/fields/fields.yml b/dev/packages/beats/http-0.0.1/dataset/server/fields/fields.yml new file mode 100644 index 000000000..9168c19c9 --- /dev/null +++ b/dev/packages/beats/http-0.0.1/dataset/server/fields/fields.yml @@ -0,0 +1,45 @@ +- key: http + title: "HTTP" + description: > + HTTP module + release: ga + settings: ["ssl", "http"] + fields: + - name: http + type: group + description: > + fields: + - name: request + type: group + description: > + HTTP request information + fields: + - name: headers + type: object + description: > + The HTTP headers sent + - name: response + type: group + description: > + HTTP response information + fields: + - name: headers + type: object + description: > + The HTTP headers received + - name: code + type: keyword + description: > + The HTTP status code + example: 404 + - name: phrase + type: keyword + example: Not found + description: > + The HTTP status phrase + - name: server + type: group + description: > + server + release: ga + fields: diff --git a/dev/packages/beats/ibmmq-0.0.1/dataset/qmgr/fields/fields.yml b/dev/packages/beats/ibmmq-0.0.1/dataset/qmgr/fields/fields.yml new file mode 100644 index 000000000..9df411ae8 --- /dev/null +++ b/dev/packages/beats/ibmmq-0.0.1/dataset/qmgr/fields/fields.yml @@ -0,0 +1,11 @@ +- key: ibmmq + title: 'IBM MQ' + release: beta + description: > + IBM MQ module + settings: ["http"] + fields: + - name: ibmmq + type: group + fields: + - release: beta diff --git a/dev/packages/beats/icinga-0.0.1/dataset/debug/fields/fields.yml b/dev/packages/beats/icinga-0.0.1/dataset/debug/fields/fields.yml new file mode 100644 index 000000000..f785653c8 --- /dev/null +++ b/dev/packages/beats/icinga-0.0.1/dataset/debug/fields/fields.yml @@ -0,0 +1,27 @@ +- key: icinga + title: "Icinga" + description: > + Icinga Module + fields: + - name: icinga + type: group + description: > + fields: + - name: debug + type: group + description: > + Contains fields for the Icinga debug logs. + fields: + - name: facility + type: keyword + description: > + Specifies what component of Icinga logged the message. + + - name: severity + type: alias + path: log.level + migration: true + - name: message + type: alias + path: message + migration: true diff --git a/dev/packages/beats/icinga-0.0.1/dataset/main/fields/fields.yml b/dev/packages/beats/icinga-0.0.1/dataset/main/fields/fields.yml new file mode 100644 index 000000000..c33e611e6 --- /dev/null +++ b/dev/packages/beats/icinga-0.0.1/dataset/main/fields/fields.yml @@ -0,0 +1,27 @@ +- key: icinga + title: "Icinga" + description: > + Icinga Module + fields: + - name: icinga + type: group + description: > + fields: + - name: main + type: group + description: > + Contains fields for the Icinga main logs. + fields: + - name: facility + type: keyword + description: > + Specifies what component of Icinga logged the message. + + - name: severity + type: alias + path: log.level + migration: true + - name: message + type: alias + path: message + migration: true diff --git a/dev/packages/beats/icinga-0.0.1/dataset/startup/fields/fields.yml b/dev/packages/beats/icinga-0.0.1/dataset/startup/fields/fields.yml new file mode 100644 index 000000000..b63066aa6 --- /dev/null +++ b/dev/packages/beats/icinga-0.0.1/dataset/startup/fields/fields.yml @@ -0,0 +1,27 @@ +- key: icinga + title: "Icinga" + description: > + Icinga Module + fields: + - name: icinga + type: group + description: > + fields: + - name: startup + type: group + description: > + Contains fields for the Icinga startup logs. + fields: + - name: facility + type: keyword + description: > + Specifies what component of Icinga logged the message. + + - name: severity + type: alias + path: log.level + migration: true + - name: message + type: alias + path: message + migration: true diff --git a/dev/packages/beats/iis-0.0.1/dataset/application_pool/fields/fields.yml b/dev/packages/beats/iis-0.0.1/dataset/application_pool/fields/fields.yml new file mode 100644 index 000000000..74519c294 --- /dev/null +++ b/dev/packages/beats/iis-0.0.1/dataset/application_pool/fields/fields.yml @@ -0,0 +1,21 @@ +- key: iis + title: "iis" + description: > + iis module + release: beta + + fields: + - name: iis + type: group + description: > + fields: + - name: application_pool + type: group + release: beta + description: > + application_pool + fields: + - name: name + type: keyword + description: > + application pool name diff --git a/dev/packages/beats/iis-0.0.1/dataset/webserver/fields/fields.yml b/dev/packages/beats/iis-0.0.1/dataset/webserver/fields/fields.yml new file mode 100644 index 000000000..c39054454 --- /dev/null +++ b/dev/packages/beats/iis-0.0.1/dataset/webserver/fields/fields.yml @@ -0,0 +1,19 @@ +- key: iis + title: "iis" + description: > + iis module + release: beta + + fields: + - name: iis + type: group + description: > + fields: + - name: webserver.*.* + release: beta + type: object + object_type: float + object_type_mapping_type: "*" + description: > + webserver + diff --git a/dev/packages/beats/iis-0.0.1/dataset/website/fields/fields.yml b/dev/packages/beats/iis-0.0.1/dataset/website/fields/fields.yml new file mode 100644 index 000000000..05de3074b --- /dev/null +++ b/dev/packages/beats/iis-0.0.1/dataset/website/fields/fields.yml @@ -0,0 +1,21 @@ +- key: iis + title: "iis" + description: > + iis module + release: beta + + fields: + - name: iis + type: group + description: > + fields: + - name: website + type: group + release: beta + description: > + website + fields: + - name: name + type: keyword + description: > + website name diff --git a/dev/packages/beats/iptables-0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/iptables-0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 000000000..41355e394 --- /dev/null +++ b/dev/packages/beats/iptables-0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,173 @@ +- key: iptables + title: iptables + description: > + Module for handling the iptables logs. + fields: + - name: iptables + type: group + description: > + Fields from the iptables logs. + fields: + - name: ether_type + type: long + description: > + Value of the ethernet type field identifying the network layer protocol. + + - name: flow_label + type: integer + description: > + IPv6 flow label. + + - name: fragment_flags + type: keyword + description: > + IP fragment flags. A combination of CE, DF and MF. + + - name: fragment_offset + type: long + description: > + Offset of the current IP fragment. + + - name: icmp + type: group + description: > + ICMP fields. + fields: + + - name: code + type: long + description: > + ICMP code. + + - name: id + type: long + description: > + ICMP ID. + + - name: parameter + type: long + description: > + ICMP parameter. + + - name: redirect + type: ip + description: > + ICMP redirect address. + + - name: seq + type: long + description: > + ICMP sequence number. + + - name: type + type: long + description: > + ICMP type. + + - name: id + type: long + description: > + Packet identifier. + + - name: incomplete_bytes + type: long + description: > + Number of incomplete bytes. + + - name: input_device + type: keyword + description: > + Device that received the packet. + + - name: precedence_bits + type: short + description: > + IP precedence bits. + + - name: tos + type: long + description: > + IP Type of Service field. + + - name: length + type: long + description: > + Packet length. + + - name: output_device + type: keyword + description: > + Device that output the packet. + + - name: tcp + type: group + description: > + TCP fields. + fields: + + - name: flags + type: keyword + description: > + TCP flags. + + - name: reserved_bits + type: short + description: > + TCP reserved bits. + + - name: seq + type: long + description: > + TCP sequence number. + + - name: ack + type: long + description: > + TCP Acknowledgment number. + + - name: window + type: long + description: > + Advertised TCP window size. + + - name: ttl + type: integer + description: > + Time To Live field. + + - name: udp + type: group + description: > + UDP fields. + fields: + + - name: length + type: long + description: > + Length of the UDP header and payload. + + - name: ubiquiti + type: group + description: > + Fields for Ubiquiti network devices. + fields: + + - name: input_zone + type: keyword + description: > + Input zone. + + - name: output_zone + type: keyword + description: > + Output zone. + + - name: rule_number + type: keyword + description: + The rule number within the rule set. + + - name: rule_set + type: keyword + description: + The rule set name. diff --git a/dev/packages/beats/istio-0.0.1/dataset/citadel/fields/fields.yml b/dev/packages/beats/istio-0.0.1/dataset/citadel/fields/fields.yml new file mode 100644 index 000000000..6732bd726 --- /dev/null +++ b/dev/packages/beats/istio-0.0.1/dataset/citadel/fields/fields.yml @@ -0,0 +1,70 @@ +- key: istio + title: "istio" + description: > + istio Module + release: beta + fields: + - name: istio + type: group + description: > + `istio` contains statistics that were read from Istio + fields: + - name: citadel + type: group + description: > + Contains statistics related to the Istio Citadel service + release: beta + fields: + - name: grpc.method + type: keyword + description: > + The grpc method + - name: grpc.service + type: keyword + description: > + The grpc service + - name: grpc.type + type: keyword + description: > + The type of the respective grpc service + + - name: secret_controller_svc_acc_created_cert.count + type: long + description: > + The number of certificates created due to service account creation. + - name: server_root_cert_expiry_seconds + type: float + description: > + The unix timestamp, in seconds, when Citadel root cert will expire. We set it to negative in case of internal error. + - name: grpc.server.handled + type: long + description: > + Total number of RPCs completed on the server, regardless of success or failure. + - name: grpc.server.msg.received + type: long + description: > + Total number of RPC stream messages received on the server. + - name: grpc.server.msg.sent + type: long + description: > + Total number of gRPC stream messages sent by the server. + - name: grpc.server.started + type: long + description: > + Total number of RPCs started on the server. + + - name: grpc.server.handling.latency.ms.bucket.* + type: object + object_type: long + description: > + The response latency (milliseconds) of gRPC that had been application-level handled by the server. + - name: grpc.server.handling.latency.ms.sum + type: long + format: duration + description: > + The response latency of gRPC, sum of latencies in milliseconds + - name: grpc.server.handling.latency.ms.count + type: long + description: > + The response latency of gRPC, number of metrics + diff --git a/dev/packages/beats/istio-0.0.1/dataset/galley/fields/fields.yml b/dev/packages/beats/istio-0.0.1/dataset/galley/fields/fields.yml new file mode 100644 index 000000000..dd798dde5 --- /dev/null +++ b/dev/packages/beats/istio-0.0.1/dataset/galley/fields/fields.yml @@ -0,0 +1,156 @@ +- key: istio + title: "istio" + description: > + istio Module + release: beta + fields: + - name: istio + type: group + description: > + `istio` contains statistics that were read from Istio + fields: + - name: galley + type: group + description: > + Contains statistics related to the Istio galley service + release: beta + fields: + - name: name + type: keyword + description: > + The name of the resource the metric is related to + - name: namespace + type: keyword + description: > + The Kubernetes namespace of the resource + - name: version + type: keyword + description: > + The version of the object + - name: collection + type: keyword + description: > + The collection of the instance + + - name: istio.authentication.meshpolicies + type: long + description: > + The number of valid istio/authentication/meshpolicies known to galley at a point in time + - name: istio.authentication.policies + type: long + description: > + The number of valid istio/authentication/policies known to galley at a point in time + - name: istio.mesh.MeshConfig + type: long + description: > + The number of valid istio/mesh/MeshConfig known to galley at a point in time + - name: istio.networking.destinationrules + type: long + description: > + The number of valid istio/networking/destinationrules known to galley at a point in time + - name: istio.networking.envoyfilters + type: long + description: > + The number of valid istio/networking/envoyfilters known to galley at a point in time + - name: istio.networking.gateways + type: long + description: > + The number of valid istio/networking/gateways known to galley at a point in time + - name: istio.networking.sidecars + type: long + description: > + The number of valid istio/networking/sidecars known to galley at a point in time + - name: istio.networking.virtualservices + type: long + description: > + The number of valid istio/networking/virtualservices known to galley at a point in time + - name: istio.policy.attributemanifests + type: long + description: > + The number of valid istio/policy/attributemanifests known to galley at a point in time + - name: istio.policy.handlers + type: long + description: > + The number of valid istio/policy/handlers known to galley at a point in time + - name: istio.policy.instances + type: long + description: > + The number of valid istio/policy/instances known to galley at a point in time + - name: istio.policy.rules + type: long + description: > + The number of valid istio/policy/rules known to galley at a point in time + + + - name: runtime.processor.event_span.duration.ms.bucket.* + type: object + object_type: long + description: > + The duration between each incoming event as histogram buckets in milliseconds + - name: runtime.processor.event_span.duration.ms.sum + type: long + format: duration + description: > + The duration between each incoming event, sum of durations in milliseconds + - name: runtime.processor.event_span.duration.ms.count + type: long + description: > + The duration between each incoming event, number of metrics + + - name: runtime.processor.snapshot_events.bucket.* + type: object + object_type: long + description: > + The number of events that have been processed as histogram buckets + - name: runtime.processor.snapshot_events.sum + type: long + description: > + The number of events that have been processed, sum of events + - name: runtime.processor.snapshot_events.count + type: long + description: > + The duration between each incoming event, number of metrics + + - name: runtime.processor.snapshot_lifetime.duration.ms.bucket.* + type: object + object_type: long + description: > + The duration of each snapshot as histogram buckets in milliseconds + - name: runtime.processor.snapshot_lifetime.duration.ms.sum + type: long + format: duration + description: > + The duration of each snapshot, sum of durations in milliseconds + - name: runtime.processor.snapshot_lifetime.duration.ms.count + type: long + description: > + The duration of each snapshot, number of metrics + + - name: runtime.state_type_instances + type: long + description: > + The number of type instances per type URL + - name: runtime.strategy.on_change + type: long + description: > + The number of times the strategy's onChange has been called + - name: runtime.strategy.timer_quiesce_reached + type: long + description: > + The number of times a quiesce has been reached + - name: source_kube_event_success_total + type: long + description: > + The number of times a kubernetes source successfully handled an event + - name: validation.cert_key.updates + type: long + description: > + Galley validation webhook certificate updates + - name: validation.config.load + type: long + description: > + k8s webhook configuration (re)loads + - name: validation.config.updates + type: long + description: > + k8s webhook configuration updates diff --git a/dev/packages/beats/istio-0.0.1/dataset/mesh/fields/fields.yml b/dev/packages/beats/istio-0.0.1/dataset/mesh/fields/fields.yml new file mode 100644 index 000000000..0ffd9f6c8 --- /dev/null +++ b/dev/packages/beats/istio-0.0.1/dataset/mesh/fields/fields.yml @@ -0,0 +1,142 @@ +- key: istio + title: "istio" + description: > + istio Module + release: beta + fields: + - name: istio + type: group + description: > + `istio` contains statistics that were read from Istio + fields: + - name: mesh + type: group + description: > + Contains statistics related to the Istio mesh service + release: beta + fields: + - name: instance + type: text + description: > + The prometheus instance + - name: job + type: keyword + description: > + The prometheus job + - name: requests + type: long + description: > + Total requests handled by an Istio proxy + - name: request.duration.ms.bucket.* + type: object + object_type: long + description: > + Request duration histogram buckets in milliseconds + - name: request.duration.ms.sum + type: long + format: duration + description: > + Requests duration, sum of durations in milliseconds + - name: request.duration.ms.count + type: long + description: > + Requests duration, number of requests + - name: request.size.bytes.bucket.* + type: object + object_type: long + description: > + Request Size histogram buckets + - name: request.size.bytes.sum + type: long + description: > + Request Size histogram sum + - name: request.size.bytes.count + type: long + description: > + Request Size histogram count + + - name: response.size.bytes.bucket.* + type: object + object_type: long + description: > + Request Size histogram buckets + - name: response.size.bytes.sum + type: long + description: > + Request Size histogram sum + - name: response.size.bytes.count + type: long + description: > + Request Size histogram count + + - name: reporter + type: keyword + description: > + Reporter identifies the reporter of the request. It is set to destination if report is from a server Istio proxy and source if report is from a client Istio proxy. + - name: source.workload.name + type: keyword + description: > + This identifies the name of source workload which controls the source. + - name: source.workload.namespace + type: keyword + description: > + This identifies the namespace of the source workload. + - name: source.principal + type: keyword + description: > + This identifies the peer principal of the traffic source. It is set when peer authentication is used. + - name: source.app + type: keyword + description: > + This identifies the source app based on app label of the source workload. + - name: source.version + type: keyword + description: > + This identifies the version of the source workload. + + - name: destination.workload.name + type: keyword + description: > + This identifies the name of destination workload. + - name: destination.workload.namespace + type: keyword + description: > + This identifies the namespace of the destination workload. + - name: destination.principal + type: keyword + description: > + This identifies the peer principal of the traffic destination. It is set when peer authentication is used. + - name: destination.app + type: keyword + description: > + This identifies the destination app based on app label of the destination workload.. + - name: destination.version + type: keyword + description: > + This identifies the version of the destination workload. + + - name: destination.service.host + type: keyword + description: > + This identifies destination service host responsible for an incoming request. + - name: destination.service.name + type: keyword + description: > + This identifies the destination service name. + - name: destination.service.namespace + type: keyword + description: > + This identifies the namespace of destination service. + + - name: request.protocol + type: keyword + description: > + This identifies the protocol of the request. It is set to API protocol if provided, otherwise request or connection protocol. + - name: response.code + type: long + description: > + This identifies the response code of the request. This label is present only on HTTP metrics. + - name: connection.security.policy + type: keyword + description: > + This identifies the service authentication policy of the request. It is set to mutual_tls when Istio is used to make communication secure and report is from destination. It is set to unknown when report is from source since security policy cannot be properly populated. diff --git a/dev/packages/beats/istio-0.0.1/dataset/mixer/fields/fields.yml b/dev/packages/beats/istio-0.0.1/dataset/mixer/fields/fields.yml new file mode 100644 index 000000000..3e53cb78a --- /dev/null +++ b/dev/packages/beats/istio-0.0.1/dataset/mixer/fields/fields.yml @@ -0,0 +1,109 @@ +- key: istio + title: "istio" + description: > + istio Module + release: beta + fields: + - name: istio + type: group + description: > + `istio` contains statistics that were read from Istio + fields: + - name: mixer + type: group + description: > + Contains statistics related to the Istio mixer service + release: beta + fields: + - name: istio.mcp.request.acks + type: long + description: > + The number of request acks received by the source. + - name: config.adapter.info.errors.config + type: long + description: > + The number of errors encountered during processing of the adapter info configuration. + - name: config.adapter.info.configs + type: long + description: > + The number of known adapters in the current config. + - name: config.attributes + type: long + description: > + The number of known attributes in the current config. + - name: config.handler.configs + type: long + description: > + The number of known handlers in the current config. + - name: config.handler.errors.validation + type: long + description: > + The number of errors encountered because handler validation returned error. + - name: config.instance.errors.config + type: long + description: > + The number of errors encountered during processing of the instance configuration. + - name: config.instance.configs + type: long + description: > + The number of known instances in the current config. + - name: config.rule.errors.config + type: long + description: > + The number of errors encountered during processing of the rule configuration. + - name: config.rule.errors.match + type: long + description: > + The number of rule conditions that was not parseable. + - name: config.rule.configs + type: long + description: > + The number of known rules in the current config. + - name: config.template.errors.config + type: long + description: > + The number of errors encountered during processing of the template configuration. + - name: config.template.configs + type: long + description: > + The number of known templates in the current config. + - name: config.unsatisfied.action_handler + type: long + description: > + The number of actions that failed due to handlers being unavailable. + - name: dispatcher_destinations_per_variety_total + type: long + description: > + The number of Mixer adapter destinations by template variety type. + - name: handler.handlers.closed + type: long + description: > + The number of handlers that were closed during config transition. + - name: handler.daemons + type: long + description: > + The current number of active daemon routines in a given adapter environment. + - name: handler.failures.build + type: long + description: > + The number of handlers that failed creation during config transition. + - name: handler.failures.close + type: long + description: > + The number of errors encountered while closing handlers during config transition. + - name: handler.handlers.new + type: long + description: > + The number of handlers that were newly created during config transition. + - name: handler.handlers.reused + type: long + description: > + The number of handlers that were re-used during config transition. + - name: handler + type: long + description: > + The name of the daemon handler + - name: variety + type: long + description: > + The name of the variety diff --git a/dev/packages/beats/istio-0.0.1/dataset/pilot/fields/fields.yml b/dev/packages/beats/istio-0.0.1/dataset/pilot/fields/fields.yml new file mode 100644 index 000000000..a4db5da7f --- /dev/null +++ b/dev/packages/beats/istio-0.0.1/dataset/pilot/fields/fields.yml @@ -0,0 +1,95 @@ +- key: istio + title: "istio" + description: > + istio Module + release: beta + fields: + - name: istio + type: group + description: > + `istio` contains statistics that were read from Istio + fields: + - name: pilot + type: group + description: > + Contains statistics related to the Istio pilot service + release: beta + fields: + - name: xds.count + type: integer + description: > + Count of concurrent xDS client connections for Pilot. + - name: xds.pushes + type: integer + description: > + Count of xDS messages sent, as well as errors building or sending xDS messages + for lds, rds, cds and eds. + - name: xds.push.time.sec + type: long + description: > + Total time in seconds Pilot takes to push lds, rds, cds and eds. + - name: xds.eds.instances + type: object + description: > + Instances for each cluster, as of last push. Zero instances is an error. + - name: xds.push.context.errors + type: integer + description: > + Number of errors (timeouts) initiating push context. + - name: xds.internal.errors + type: integer + description: > + Total number of internal XDS errors in pilot. + - name: conflict.listener.inbound + type: integer + description: > + Number of conflicting inbound listeners. + - name: conflict.listener.outbound.http.over.current.tcp + type: integer + description: > + Number of conflicting wildcard http listeners with current wildcard tcp listener. + - name: conflict.listener.outbound.http.over.https + type: integer + description: > + Number of conflicting HTTP listeners with well known HTTPS ports. + - name: conflict.listener.outbound.tcp.over.current.http + type: integer + description: > + Number of conflicting wildcard tcp listeners with current wildcard http listener. + - name: conflict.listener.outbound.tcp.over.current.tcp + type: integer + description: > + Number of conflicting tcp listeners with current tcp listener. + - name: proxy.conv.ms.bucket.* + type: object + object_type: long + description: > + Time needed by Pilot to push Envoy configurations, histogram buckets in milliseconds. + - name: proxy.conv.ms.sum + type: long + description: > + Time needed by Pilot to push Envoy configurations, histogram sum of times in milliseconds. + - name: services + type: integer + description: > + Total services known to pilot. + - name: virt.services + type: integer + description: > + Total virtual services known to pilot. + - name: proxy.conv.ms.count + type: long + description: > + Time needed by Pilot to push Envoy configurations, histogram count of times. + - name: no.ip + type: object + description: > + Pods not found in the endpoint table, possibly invalid. + - name: cluster + type: text + description: > + The instance FQDN. + - name: type + type: text + description: > + The Envoy proxy configuration type. diff --git a/dev/packages/beats/jolokia-0.0.1/dataset/jmx/fields/fields.yml b/dev/packages/beats/jolokia-0.0.1/dataset/jmx/fields/fields.yml new file mode 100644 index 000000000..0839e74dd --- /dev/null +++ b/dev/packages/beats/jolokia-0.0.1/dataset/jmx/fields/fields.yml @@ -0,0 +1,19 @@ +- key: jolokia + title: "Jolokia" + description: > + Jolokia module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: jolokia + type: group + description: > + jolokia contains metrics exposed via jolokia agent + fields: + - key: jmx + type: group + description: > + Jolokia jmx metricset + release: ga + fields: diff --git a/dev/packages/beats/kafka-0.0.1/dataset/broker/fields/fields.yml b/dev/packages/beats/kafka-0.0.1/dataset/broker/fields/fields.yml new file mode 100644 index 000000000..87a1d8843 --- /dev/null +++ b/dev/packages/beats/kafka-0.0.1/dataset/broker/fields/fields.yml @@ -0,0 +1,119 @@ +- key: kafka + title: "Kafka" + description: > + Kafka module + short_config: false + release: ga + fields: + - name: kafka + type: group + description: > + fields: + - name: broker + type: group + description: > + Broker Consumer Group Information have been read from (Broker handling + the consumer group). + fields: + - name: id + type: long + description: > + Broker id + + - name: address + type: keyword + description: > + Broker advertised address + + - name: topic.name + type: keyword + description: > + Topic name + + - name: topic.error.code + type: long + description: > + Topic error code. + + - name: partition.id + type: long + description: > + Partition id. + + - name: partition.topic_id + type: keyword + description: + Unique id of the partition in the topic. + + - name: partition.topic_broker_id + type: keyword + description: + Unique id of the partition in the topic and the broker. + - name: broker + type: group + description: Broker metrics from Kafka Broker JMX + release: beta + fields: + - name: mbean + description: Mbean that this event is related to + type: keyword + - name: request.channel.queue.size + description: The size of the request queue + type: long + - name: request.produce.failed_per_second + description: The rate of failed produce requests per second + type: float + - name: request.fetch.failed_per_second + description: The rate of client fetch request failures per second + type: float + - name: request.produce.failed + description: The number of failed produce requests + type: float + - name: request.fetch.failed + description: The number of client fetch request failures + type: float + - name: replication.leader_elections + description: The leader election rate + type: float + - name: replication.unclean_leader_elections + description: The unclean leader election rate + type: float + - name: session.zookeeper.disconnect + description: The ZooKeeper closed sessions per second + type: float + - name: session.zookeeper.expire + description: The ZooKeeper expired sessions per second + type: float + - name: session.zookeeper.readonly + description: The ZooKeeper readonly sessions per second + type: float + - name: session.zookeeper.sync + description: The ZooKeeper client connections per second + type: float + - name: log.flush_rate + description: The log flush rate + type: float + - name: topic.net.in.bytes_per_sec + description: The incoming byte rate per topic + type: float + - name: topic.net.out.bytes_per_sec + description: The outgoing byte rate per topic + type: float + - name: topic.net.rejected.bytes_per_sec + description: The rejected byte rate per topic + type: float + - name: topic.messages_in + description: The incoming message rate per topic + type: float + - name: net.in.bytes_per_sec + description: The incoming byte rate + type: float + - name: net.out.bytes_per_sec + description: The outgoing byte rate + type: float + - name: net.rejected.bytes_per_sec + description: The rejected byte rate + type: float + - name: messages_in + description: The incoming message rate + type: float diff --git a/dev/packages/beats/kafka-0.0.1/dataset/consumer/fields/fields.yml b/dev/packages/beats/kafka-0.0.1/dataset/consumer/fields/fields.yml new file mode 100644 index 000000000..c24bdb2e0 --- /dev/null +++ b/dev/packages/beats/kafka-0.0.1/dataset/consumer/fields/fields.yml @@ -0,0 +1,83 @@ +- key: kafka + title: "Kafka" + description: > + Kafka module + short_config: false + release: ga + fields: + - name: kafka + type: group + description: > + fields: + - name: broker + type: group + description: > + Broker Consumer Group Information have been read from (Broker handling + the consumer group). + fields: + - name: id + type: long + description: > + Broker id + + - name: address + type: keyword + description: > + Broker advertised address + + - name: topic.name + type: keyword + description: > + Topic name + + - name: topic.error.code + type: long + description: > + Topic error code. + + - name: partition.id + type: long + description: > + Partition id. + + - name: partition.topic_id + type: keyword + description: + Unique id of the partition in the topic. + + - name: partition.topic_broker_id + type: keyword + description: + Unique id of the partition in the topic and the broker. + - name: consumer + type: group + description: Consumer metrics from Kafka Consumer JMX + release: beta + fields: + - name: mbean + description: Mbean that this event is related to + type: keyword + - name: fetch_rate + description: The minimum rate at which the consumer sends fetch requests to a broker + type: float + - name: bytes_consumed + description: The average number of bytes consumed for a specific topic per second + type: float + - name: records_consumed + description: The average number of records consumed per second for a specific topic + type: float + - name: in.bytes_per_sec + description: The rate of bytes coming in to the consumer + type: float + - name: max_lag + description: The maximum consumer lag + type: float + - name: zookeeper_commits + description: The rate of offset commits to ZooKeeper + type: float + - name: kafka_commits + description: The rate of offset commits to Kafka + type: float + - name: messages_in + description: The rate of consumer message consumption + type: float diff --git a/dev/packages/beats/kafka-0.0.1/dataset/consumergroup/fields/fields.yml b/dev/packages/beats/kafka-0.0.1/dataset/consumergroup/fields/fields.yml new file mode 100644 index 000000000..09cadc8c2 --- /dev/null +++ b/dev/packages/beats/kafka-0.0.1/dataset/consumergroup/fields/fields.yml @@ -0,0 +1,121 @@ +- key: kafka + title: "Kafka" + description: > + Kafka module + short_config: false + release: ga + fields: + - name: kafka + type: group + description: > + fields: + - name: broker + type: group + description: > + Broker Consumer Group Information have been read from (Broker handling + the consumer group). + fields: + - name: id + type: long + description: > + Broker id + + - name: address + type: keyword + description: > + Broker advertised address + + - name: topic.name + type: keyword + description: > + Topic name + + - name: topic.error.code + type: long + description: > + Topic error code. + + - name: partition.id + type: long + description: > + Partition id. + + - name: partition.topic_id + type: keyword + description: + Unique id of the partition in the topic. + + - name: partition.topic_broker_id + type: keyword + description: + Unique id of the partition in the topic and the broker. + - name: consumergroup + type: group + description: > + consumergroup + release: ga + fields: + - name: broker + type: group + deprecated: 6.5 + description: > + Broker Consumer Group Information have been read from (Broker handling + the consumer group). + fields: + - name: id + type: long + description: > + Broker id + + - name: address + type: keyword + description: > + Broker address + + - name: id + type: keyword + description: Consumer Group ID + + - name: topic + type: keyword + deprecated: 6.5 + description: Topic name + + - name: partition + type: long + deprecated: 6.5 + description: Partition ID + + - name: offset + type: long + description: consumer offset into partition being read + + - name: meta + type: keyword + description: custom consumer meta data string + + - name: consumer_lag + type: long + description: consumer lag for partition/topic calculated as the difference between the partition offset and consumer offset + + - name: error.code + type: long + description: > + kafka consumer/partition error code. + + - name: client + type: group + description: > + Assigned client reading events from partition + fields: + - name: id + type: keyword + description: Client ID (kafka setting client.id) + + - name: host + type: keyword + description: Client host + + - name: member_id + type: keyword + description: internal consumer group member ID diff --git a/dev/packages/beats/kafka-0.0.1/dataset/partition/fields/fields.yml b/dev/packages/beats/kafka-0.0.1/dataset/partition/fields/fields.yml new file mode 100644 index 000000000..e594033a0 --- /dev/null +++ b/dev/packages/beats/kafka-0.0.1/dataset/partition/fields/fields.yml @@ -0,0 +1,133 @@ +- key: kafka + title: "Kafka" + description: > + Kafka module + short_config: false + release: ga + fields: + - name: kafka + type: group + description: > + fields: + - name: broker + type: group + description: > + Broker Consumer Group Information have been read from (Broker handling + the consumer group). + fields: + - name: id + type: long + description: > + Broker id + + - name: address + type: keyword + description: > + Broker advertised address + + - name: topic.name + type: keyword + description: > + Topic name + + - name: topic.error.code + type: long + description: > + Topic error code. + + - name: partition.id + type: long + description: > + Partition id. + + - name: partition.topic_id + type: keyword + description: + Unique id of the partition in the topic. + + - name: partition.topic_broker_id + type: keyword + description: + Unique id of the partition in the topic and the broker. + - name: partition + type: group + description: > + partition + release: ga + fields: + - name: offset + type: group + description: > + Available offsets of the given partition. + fields: + - name: newest + type: long + description: > + Newest offset of the partition. + - name: oldest + type: long + description: > + Oldest offset of the partition. + + - name: partition + type: group + description: > + Partition data. + fields: + - name: id + type: long + deprecated: 6.5 + description: > + Partition id. + + - name: leader + type: long + description: > + Leader id (broker). + - name: isr + type: keyword + description: > + List of isr ids. + - name: replica + type: long + description: > + Replica id (broker). + + - name: insync_replica + type: boolean + description: > + Indicates if replica is included in the in-sync replicate set (ISR). + + - name: is_leader + type: boolean + description: > + Indicates if replica is the leader + + - name: error.code + type: long + description: > + Error code from fetching partition. + + - name: topic.error.code + type: long + deprecated: 6.5 + description: > + topic error code. + - name: topic.name + type: keyword + deprecated: 6.5 + description: > + Topic name + + - name: broker.id + type: long + deprecated: 6.5 + description: > + Broker id + - name: broker.address + type: keyword + deprecated: 6.5 + description: > + Broker address + + diff --git a/dev/packages/beats/kafka-0.0.1/dataset/producer/fields/fields.yml b/dev/packages/beats/kafka-0.0.1/dataset/producer/fields/fields.yml new file mode 100644 index 000000000..b1b8ba7ae --- /dev/null +++ b/dev/packages/beats/kafka-0.0.1/dataset/producer/fields/fields.yml @@ -0,0 +1,101 @@ +- key: kafka + title: "Kafka" + description: > + Kafka module + short_config: false + release: ga + fields: + - name: kafka + type: group + description: > + fields: + - name: broker + type: group + description: > + Broker Consumer Group Information have been read from (Broker handling + the consumer group). + fields: + - name: id + type: long + description: > + Broker id + + - name: address + type: keyword + description: > + Broker advertised address + + - name: topic.name + type: keyword + description: > + Topic name + + - name: topic.error.code + type: long + description: > + Topic error code. + + - name: partition.id + type: long + description: > + Partition id. + + - name: partition.topic_id + type: keyword + description: + Unique id of the partition in the topic. + + - name: partition.topic_broker_id + type: keyword + description: + Unique id of the partition in the topic and the broker. + - name: producer + type: group + description: Producer metrics from Kafka Producer JMX + release: beta + fields: + - name: mbean + description: Mbean that this event is related to + type: keyword + - name: available_buffer_bytes + description: The total amount of buffer memory + type: float + - name: batch_size_avg + description: The average number of bytes sent + type: float + - name: batch_size_max + description: The maximum number of bytes sent + type: long + - name: record_send_rate + description: The average number of records sent per second + type: float + - name: record_retry_rate + description: The average number of retried record sends per second + type: float + - name: record_error_rate + description: The average number of retried record sends per second + type: float + - name: records_per_request + description: The average number of records sent per second + type: float + - name: record_size_avg + description: The average record size + type: float + - name: record_size_max + description: The maximum record size + type: long + - name: request_rate + description: The number of producer requests per second + type: float + - name: response_rate + description: The number of producer responses per second + type: float + - name: io_wait + description: The producer I/O wait time + type: float + - name: out.bytes_per_sec + description: The rate of bytes going out for the producer + type: float + - name: message_rate + description: The producer message rate + type: float diff --git a/dev/packages/beats/kibana-0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/kibana-0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 000000000..379be2c4e --- /dev/null +++ b/dev/packages/beats/kibana-0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,119 @@ +- key: kibana + title: "Kibana" + description: > + Kibana module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: kibana + type: group + description: > + fields: + - name: stats + type: group + description: > + Kibana stats and run-time metrics. + release: ga + fields: + - name: uuid + type: alias + path: service.id + migration: true + description: > + Kibana instance UUID + - name: name + type: keyword + description: > + Kibana instance name + - name: index + type: keyword + description: > + Name of Kibana's internal index + - name: host.name + type: keyword + description: > + Kibana instance hostname + - name: transport_address + type: alias + path: service.address + migration: true + description: > + Kibana server's hostname and port + - name: version + type: alias + description: > + Kibana version + path: service.version + migration: true + - name: snapshot + type: boolean + description: > + Whether the Kibana build is a snapshot build + - name: status + type: keyword + description: > + Kibana instance's health status + - name: concurrent_connections + type: long + description: > + Number of client connections made to the server. Note that browsers can send multiple simultaneous connections to request multiple server assets at once, and they can re-use established connections. + - name: process + type: group + description: > + Process metrics + fields: + - name: event_loop_delay.ms + type: scaled_float + description: > + Event loop delay in milliseconds + - name: memory.heap + type: group + description: > + Process heap metrics + fields: + - name: total.bytes + type: long + format: bytes + description: > + Total heap allocated to process in bytes + - name: used.bytes + type: long + format: bytes + description: > + Heap used by process in bytes + - name: size_limit.bytes + type: long + format: bytes + description: > + Max. old space size allocated to Node.js process, in bytes + - name: uptime.ms + type: long + description: > + Uptime of process in milliseconds + - name: request + type: group + description: > + Request count metrics + fields: + - name: disconnects + type: long + description: > + Number of requests that were disconnected + - name: total + type: long + description: > + Total number of requests + - name: response_time + type: group + description: > + Response times metrics + fields: + - name: avg.ms + type: long + description: > + Average response time in milliseconds + - name: max.ms + type: long + description: > + Maximum response time in milliseconds diff --git a/dev/packages/beats/kibana-0.0.1/dataset/status/fields/fields.yml b/dev/packages/beats/kibana-0.0.1/dataset/status/fields/fields.yml new file mode 100644 index 000000000..8be30e34c --- /dev/null +++ b/dev/packages/beats/kibana-0.0.1/dataset/status/fields/fields.yml @@ -0,0 +1,60 @@ +- key: kibana + title: "Kibana" + description: > + Kibana module + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: kibana + type: group + description: > + fields: + - name: status + type: group + description: > + Status fields + release: ga + fields: + - name: name + type: keyword + description: > + Kibana instance name. + - name: uuid + type: alias + path: service.id + migration: true + description: > + Kibana instance uuid. + - name: version.number + type: alias + description: > + Kibana version number. + path: service.version + migration: true + - name: status.overall.state + type: keyword + description: > + Kibana overall state. + - name: metrics + type: group + description: > + Metrics fields + fields: + - name: concurrent_connections + type: long + description: > + Current concurrent connections. + - name: requests + type: group + description: > + Request statistics. + fields: + - name: disconnects + type: long + description: > + Total number of disconnected connections. + - name: total + type: long + description: > + Total number of connections. diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/apiserver/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/apiserver/fields/fields.yml new file mode 100644 index 000000000..9e2772055 --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/apiserver/fields/fields.yml @@ -0,0 +1,181 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: apiserver + type: group + description: > + Kubernetes API server metrics + release: ga + fields: + - name: request.client + type: keyword + description: > + Client executing requests + - name: request.resource + type: keyword + description: > + Requested resource + - name: request.subresource + type: keyword + description: > + Requested subresource + - name: request.scope + type: keyword + description: > + Request scope (cluster, namespace, resource) + - name: request.verb + type: keyword + description: > + HTTP verb + - name: request.code + type: keyword + description: > + HTTP code + - name: request.content_type + type: keyword + description: > + Request HTTP content type + - name: request.dry_run + type: keyword + description: > + Wether the request uses dry run + - name: request.kind + type: keyword + description: > + Kind of request + - name: request.component + type: keyword + description: > + Component handling the request + - name: request.group + type: keyword + description: > + API group for the resource + - name: request.version + type: keyword + description: > + version for the group + - name: request.handler + type: keyword + description: > + Request handler + - name: request.method + type: keyword + description: > + HTTP method + - name: request.host + type: keyword + description: > + Request host + - name: process + type: group + fields: + - name: cpu.sec + type: double + description: CPU seconds + - name: memory.resident.bytes + type: long + format: bytes + description: Bytes in resident memory + - name: memory.virtual.bytes + type: long + format: bytes + description: Bytes in virtual memory + - name: fds.open.count + type: long + description: Number of open file descriptors + - name: started.sec + type: double + description: Seconds since the process started + - name: http + type: group + fields: + - name: request.duration.us.percentile.* + type: object + object_type: double + description: Request duration microseconds percentiles + - name: request.duration.us.sum + type: double + description: Request duration microseconds cumulative sum + - name: request.duration.us.count + type: long + description: Request count for duration + - name: request.size.bytes.percentile.* + type: object + object_type: long + description: Request size percentiles + - name: request.size.bytes.sum + type: long + format: bytes + description: Request size cumulative sum + - name: request.size.bytes.count + type: long + description: Request count for size + - name: response.size.bytes.percentile.* + type: object + object_type: long + description: Response size percentiles + - name: response.size.bytes.sum + type: long + format: bytes + description: Response size cumulative sum + - name: response.size.bytes.count + type: long + description: Response count + - name: request.count + type: long + description: Request count for response + - name: client.request.count + type: long + description: Number of requests as client + - name: request + type: group + fields: + - name: count + type: long + description: Number of requests + - name: latency.sum + type: long + description: Requests latency, sum of latencies in microseconds + - name: latency.count + type: long + description: Request latency, number of requests + - name: latency.bucket.* + type: object + object_type: long + description: Request latency histogram buckets + - name: duration.us.sum + type: long + description: Request duration, sum in microseconds + - name: duration.us.count + type: long + description: Request duration, number of operations + - name: duration.us.bucket.* + type: object + object_type: long + description: Request duration, histogram buckets + - name: current.count + type: long + description: Inflight requests + - name: longrunning.count + type: long + description: Number of requests active long running requests + - name: etcd.object.count + type: long + description: Number of kubernetes objects at etcd + - name: audit.event.count + type: long + description: Number of audit events + - name: audit.rejected.count + type: long + description: Number of audit rejected events diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/container/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/container/fields/fields.yml new file mode 100644 index 000000000..8ec69a7dc --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/container/fields/fields.yml @@ -0,0 +1,183 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: container + type: group + description: > + kubernetes container metrics + release: ga + fields: + - name: start_time + type: date + description: > + Start time + - name: cpu + type: group + description: > + CPU usage metrics + fields: + - name: usage + type: group + fields: + - name: core + type: group + fields: + - name: ns + type: long + description: > + Container CPU Core usage nanoseconds + - name: nanocores + type: long + description: > + CPU used nanocores + - name: node.pct + type: scaled_float + format: percent + description: > + CPU usage as a percentage of the total node allocatable CPU + - name: limit.pct + type: scaled_float + format: percent + description: > + CPU usage as a percentage of the defined limit for the container (or total node allocatable CPU if unlimited) + - name: logs + type: group + description: > + Logs info + fields: + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Logs available capacity in bytes + - name: capacity + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Logs total capacity in bytes + - name: used + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Logs used capacity in bytes + - name: inodes + type: group + fields: + - name: count + type: long + description: > + Total available inodes + - name: free + type: long + description: > + Total free inodes + - name: used + type: long + description: > + Total used inodes + - name: memory + type: group + fields: + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Total available memory + - name: usage + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Total memory usage + - name: node.pct + type: scaled_float + format: percent + description: > + Memory usage as a percentage of the total node allocatable memory + - name: limit.pct + type: scaled_float + format: percent + description: > + Memory usage as a percentage of the defined limit for the container (or total node allocatable memory if unlimited) + - name: rss + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + RSS memory usage + - name: workingset + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Working set memory usage + - name: pagefaults + type: long + description: > + Number of page faults + - name: majorpagefaults + type: long + description: > + Number of major page faults + - name: rootfs + type: group + fields: + - name: capacity + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Root filesystem total capacity in bytes + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Root filesystem total available in bytes + - name: used + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Root filesystem total used in bytes + - name: inodes + type: group + fields: + - name: used + type: long + description: > + Used inodes diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/controllermanager/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/controllermanager/fields/fields.yml new file mode 100644 index 000000000..24716401b --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/controllermanager/fields/fields.yml @@ -0,0 +1,143 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: controllermanager + type: group + description: > + Controller manager metrics + release: beta + fields: + - name: handler + type: keyword + description: > + Request handler + - name: code + type: keyword + description: > + HTTP code + - name: method + type: keyword + description: > + HTTP method + - name: host + type: keyword + description: > + Request host + - name: name + type: keyword + description: > + Name for the resource + - name: zone + type: keyword + description: > + Infrastructure zone + - name: process + type: group + fields: + - name: cpu.sec + type: double + description: CPU seconds + - name: memory.resident.bytes + type: long + format: bytes + description: Bytes in resident memory + - name: memory.virtual.bytes + type: long + format: bytes + description: Bytes in virtual memory + - name: fds.open.count + type: long + description: Number of open file descriptors + - name: started.sec + type: double + description: Seconds since the process started + - name: http + type: group + fields: + - name: request.duration.us.percentile.* + type: object + object_type: double + description: Request duration microseconds percentiles + - name: request.duration.us.sum + type: double + description: Request duration microseconds cumulative sum + - name: request.duration.us.count + type: long + description: Request count for duration + - name: request.size.bytes.percentile.* + type: object + object_type: long + description: Request size percentiles + - name: request.size.bytes.sum + type: long + format: bytes + description: Request size cumulative sum + - name: request.size.bytes.count + type: long + description: Request count for size + - name: response.size.bytes.percentile.* + type: object + object_type: long + description: Response size percentiles + - name: response.size.bytes.sum + type: long + format: bytes + description: Response size cumulative sum + - name: response.size.bytes.count + type: long + description: Response count + - name: request.count + type: long + description: Request count for response + - name: client.request.count + type: long + description: > + Number of requests as client + - name: workqueue + type: group + fields: + - name: longestrunning.sec + type: double + description: Longest running processors + - name: unfinished.sec + type: double + description: Unfinished processors + - name: adds.count + type: long + description: Workqueue add count + - name: depth.count + type: long + description: Workqueue depth count + - name: retries.count + type: long + description: Workqueue number of retries + - name: node.collector + type: group + fields: + - name: eviction.count + type: long + description: Number of node evictions + - name: unhealthy.count + type: long + description: Number of unhealthy nodes + - name: count + type: long + description: Number of nodes + - name: health.pct + type: long + description: Percentage of healthy nodes + - name: leader.is_master + type: boolean + description: > + Whether the node is master + diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/event/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/event/fields/fields.yml new file mode 100644 index 000000000..3c07f3c7d --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/event/fields/fields.yml @@ -0,0 +1,105 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: event + type: group + description: > + The Kubernetes events metricset collects events that are generated by objects running + inside of Kubernetes + release: ga + fields: + - name: count + type: long + description: > + Count field records the number of times the particular event has occurred + - name: timestamp + type: group + fields: + - name: first_occurrence + type: date + description: > + Timestamp of first occurrence of event + - name: last_occurrence + type: date + description: > + Timestamp of last occurrence of event + - name: message + type: text + description: > + Message recorded for the given event + copy_to: message + - name: reason + type: keyword + description: > + Reason recorded for the given event + - name: type + type: keyword + description: > + Type of the given event + - name: metadata + type: group + description: > + Metadata associated with the given event + fields: + - name: timestamp + type: group + fields: + - name: created + type: date + description: > + Timestamp of creation of the given event + - name: name + type: keyword + description: > + Name of the event + - name: namespace + type: keyword + description: > + Namespace in which event was generated + - name: resource_version + type: keyword + description: > + Version of the event resource + - name: uid + type: keyword + description: > + Unique identifier to the event object + - name: self_link + type: keyword + description: > + URL representing the event + - name: involved_object + type: group + description: > + Metadata associated with the given involved object + fields: + - name: api_version + type: keyword + description: > + API version of the object + - name: kind + type: keyword + description: > + API kind of the object + - name: name + type: keyword + description: > + name of the object + - name: resource_version + type: keyword + description: > + resource version of the object + - name: uid + type: keyword + description: > + UUID version of the object diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/node/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/node/fields/fields.yml new file mode 100644 index 000000000..a19216c79 --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/node/fields/fields.yml @@ -0,0 +1,184 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: node + type: group + description: > + kubernetes node metrics + release: ga + fields: + - name: start_time + type: date + description: > + Start time + - name: cpu + type: group + description: > + CPU usage metrics + fields: + - name: usage + type: group + fields: + - name: core + type: group + fields: + - name: ns + type: long + description: > + Node CPU Core usage nanoseconds + - name: nanocores + type: long + description: > + CPU used nanocores + - name: memory + type: group + fields: + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Total available memory + - name: usage + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Total memory usage + - name: rss + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + RSS memory usage + - name: workingset + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Working set memory usage + - name: pagefaults + type: long + description: > + Number of page faults + - name: majorpagefaults + type: long + description: > + Number of major page faults + - name: network + type: group + fields: + - name: rx + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Received bytes + - name: errors + type: long + description: > + Rx errors + - name: tx + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Transmitted bytes + - name: errors + type: long + description: > + Tx errors + - name: fs + type: group + fields: + - name: capacity + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Filesystem total capacity in bytes + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Filesystem total available in bytes + - name: used + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Filesystem total used in bytes + - name: inodes + type: group + fields: + - name: used + type: long + description: > + Number of used inodes + - name: count + type: long + description: > + Number of inodes + - name: free + type: long + description: > + Number of free inodes + - name: runtime + type: group + fields: + - name: imagefs + type: group + fields: + - name: capacity + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Image filesystem total capacity in bytes + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Image filesystem total available in bytes + - name: used + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Image filesystem total used in bytes diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/pod/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/pod/fields/fields.yml new file mode 100644 index 000000000..7c37de43c --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/pod/fields/fields.yml @@ -0,0 +1,125 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: pod + type: group + description: > + kubernetes pod metrics + release: ga + fields: + - name: start_time + type: date + description: > + Start time + - name: network + type: group + fields: + - name: rx + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Received bytes + - name: errors + type: long + description: > + Rx errors + - name: tx + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Transmitted bytes + - name: errors + type: long + description: > + Tx errors + - name: cpu + type: group + description: > + CPU usage metrics + fields: + - name: usage + type: group + fields: + - name: nanocores + type: long + description: > + CPU used nanocores + - name: node.pct + type: scaled_float + format: percent + description: > + CPU usage as a percentage of the total node CPU + - name: limit.pct + type: scaled_float + format: percent + description: > + CPU usage as a percentage of the defined limit for the pod containers (or total node CPU if one or more containers of the pod are unlimited) + - name: memory + type: group + fields: + - name: usage + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Total memory usage + - name: node.pct + type: scaled_float + format: percent + description: > + Memory usage as a percentage of the total node allocatable memory + - name: limit.pct + type: scaled_float + format: percent + description: > + Memory usage as a percentage of the defined limit for the pod containers (or total node allocatable memory if unlimited) + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Total memory available + - name: working_set + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Total working set memory + - name: rss + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Total resident set size memory + - name: page_faults + type: long + description: > + Total page faults + - name: major_page_faults + type: long + description: > + Total major page faults diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/proxy/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/proxy/fields/fields.yml new file mode 100644 index 000000000..7c4c85f2e --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/proxy/fields/fields.yml @@ -0,0 +1,123 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: proxy + type: group + description: > + Kubernetes proxy server metrics + release: beta + fields: + - name: handler + type: keyword + description: > + Request handler + - name: code + type: keyword + description: > + HTTP code + - name: method + type: keyword + description: > + HTTP method + - name: host + type: keyword + description: > + Request host + - name: process + type: group + fields: + - name: cpu.sec + type: double + description: CPU seconds + - name: memory.resident.bytes + type: long + format: bytes + description: Bytes in resident memory + - name: memory.virtual.bytes + type: long + format: bytes + description: Bytes in virtual memory + - name: fds.open.count + type: long + description: Number of open file descriptors + - name: started.sec + type: double + description: Seconds since the process started + - name: http + type: group + fields: + - name: request.duration.us.percentile.* + type: object + object_type: double + description: Request duration microseconds percentiles + - name: request.duration.us.sum + type: double + description: Request duration microseconds cumulative sum + - name: request.duration.us.count + type: long + description: Request count for duration + - name: request.size.bytes.percentile.* + type: object + object_type: long + description: Request size percentiles + - name: request.size.bytes.sum + type: long + format: bytes + description: Request size cumulative sum + - name: request.size.bytes.count + type: long + description: Request count for size + - name: response.size.bytes.percentile.* + type: object + object_type: long + description: Response size percentiles + - name: response.size.bytes.sum + type: long + format: bytes + description: Response size cumulative sum + - name: response.size.bytes.count + type: long + description: Response count + - name: request.count + type: long + description: Request count + - name: client.request.count + type: long + description: > + Number of requests as client + - name: sync + type: group + description: > + kubeproxy proxy sync metrics + fields: + - name: rules.duration.us.sum + type: long + description: SyncProxyRules duration, sum of durations in microseconds + - name: rules.duration.us.count + type: long + description: SyncProxyRules duration, number of operations + - name: rules.duration.us.bucket.* + type: object + object_type: long + description: SyncProxyRules duration, histogram buckets + - name: networkprogramming.duration.us.sum + type: long + description: Network programming duration, sum in microseconds + - name: networkprogramming.duration.us.count + type: long + description: Network programming duration, number of operations + - name: networkprogramming.duration.us.bucket.* + type: object + object_type: long + description: Network programming duration, histogram buckets + diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/scheduler/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/scheduler/fields/fields.yml new file mode 100644 index 000000000..8e2b2e5e4 --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/scheduler/fields/fields.yml @@ -0,0 +1,144 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: scheduler + type: group + description: > + Kubernetes scheduler metrics + release: beta + fields: + - name: handler + type: keyword + description: > + Request handler + - name: code + type: keyword + description: > + HTTP code + - name: method + type: keyword + description: > + HTTP method + - name: host + type: keyword + description: > + Request host + - name: name + type: keyword + description: > + Name for the resource + - name: result + type: keyword + description: > + Schedule attempt result + - name: operation + type: keyword + description: > + Scheduling operation + - name: process + type: group + fields: + - name: cpu.sec + type: double + description: CPU seconds + - name: memory.resident.bytes + type: long + format: bytes + description: Bytes in resident memory + - name: memory.virtual.bytes + type: long + format: bytes + description: Bytes in virtual memory + - name: fds.open.count + type: long + description: Number of open file descriptors + - name: started.sec + type: double + description: Seconds since the process started + - name: http + type: group + fields: + - name: request.duration.us.percentile.* + type: object + object_type: double + description: Request duration microseconds percentiles + - name: request.duration.us.sum + type: double + description: Request duration microseconds cumulative sum + - name: request.duration.us.count + type: long + description: Request count for duration + - name: request.size.bytes.percentile.* + type: object + object_type: long + description: Request size percentiles + - name: request.size.bytes.sum + type: long + format: bytes + description: Request size cumulative sum + - name: request.size.bytes.count + type: long + description: Request count for size + - name: response.size.bytes.percentile.* + type: object + object_type: long + description: Response size percentiles + - name: response.size.bytes.sum + type: long + format: bytes + description: Response size cumulative sum + - name: response.size.bytes.count + type: long + description: Response count + - name: request.count + type: long + description: Request count + - name: client.request.count + type: long + description: > + Number of requests as client + - name: leader.is_master + type: boolean + description: > + Whether the node is master + + - name: scheduling + type: group + fields: + - name: e2e.duration.us.bucket.* + type: object + object_type: long + description: End to end scheduling duration microseconds + - name: e2e.duration.us.sum + type: long + description: End to end scheduling duration microseconds sum + - name: e2e.duration.us.count + type: long + description: End to end scheduling count + - name: pod.preemption.victims.count + type: long + description: Pod preemption victims + - name: pod.attempts.count + type: long + description: Pod attempts count + - name: duration.seconds.percentile.* + type: object + object_type: double + description: Scheduling duration percentiles + - name: duration.seconds.sum + type: double + description: Scheduling duration cumulative sum + - name: duration.seconds.count + type: long + description: Scheduling count + diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/state_container/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/state_container/fields/fields.yml new file mode 100644 index 000000000..2096eb792 --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/state_container/fields/fields.yml @@ -0,0 +1,77 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: container + type: group + description: > + kubernetes container metrics + release: ga + fields: + - name: id + type: keyword + description: + Container id + - name: status + type: group + fields: + - name: phase + type: keyword + description: > + Container phase (running, waiting, terminated) + - name: ready + type: boolean + description: > + Container ready status + - name: restarts + type: integer + description: > + Container restarts count + - name: reason + type: keyword + description: > + Waiting (ContainerCreating, CrashLoopBackoff, ErrImagePull, ImagePullBackoff) + or termination (Completed, ContainerCannotRun, Error, OOMKilled) reason. + - name: cpu + type: group + fields: + - name: limit.cores + type: float + description: > + Container CPU cores limit + - name: request.cores + type: float + description: > + Container CPU requested cores + - name: limit.nanocores + type: long + deprecated: 6.4 + description: > + Container CPU nanocores limit + - name: request.nanocores + deprecated: 6.4 + type: long + description: > + Container CPU requested nanocores + - name: memory + type: group + fields: + - name: limit.bytes + type: long + format: bytes + description: > + Container memory limit in bytes + - name: request.bytes + type: long + format: bytes + description: > + Container requested memory in bytes diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/state_cronjob/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/state_cronjob/fields/fields.yml new file mode 100644 index 000000000..7cd9e5b37 --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/state_cronjob/fields/fields.yml @@ -0,0 +1,54 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: cronjob + type: group + description: > + kubernetes cronjob metrics + release: beta + fields: + - name: name + type: keyword + description: Cronjob name + - name: schedule + type: keyword + description: Cronjob schedule + - name: concurrency + type: keyword + description: Concurrency policy + - name: active.count + type: long + description: Number of active pods for the cronjob + - name: is_suspended + type: boolean + description: Whether the cronjob is suspended + - name: created.sec + type: double + description: Epoch seconds since the cronjob was created + - name: last_schedule.sec + type: double + description: Epoch seconds for last cronjob run + - name: next_schedule.sec + type: double + description: Epoch seconds for next cronjob run + - name: deadline.sec + type: long + description: Deadline seconds after schedule for considering failed + + + + + + + + diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/state_deployment/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/state_deployment/fields/fields.yml new file mode 100644 index 000000000..c5406adfa --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/state_deployment/fields/fields.yml @@ -0,0 +1,44 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: deployment + type: group + description: > + kubernetes deployment metrics + release: ga + fields: + - name: paused + type: boolean + description: > + Kubernetes deployment paused status + - name: replicas + type: group + description: > + Kubernetes deployment replicas info + fields: + - name: desired + type: integer + description: > + Deployment number of desired replicas (spec) + - name: available + type: integer + description: > + Deployment available replicas + - name: unavailable + type: integer + description: > + Deployment unavailable replicas + - name: updated + type: integer + description: > + Deployment updated replicas diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/state_node/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/state_node/fields/fields.yml new file mode 100644 index 000000000..5b602a2e9 --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/state_node/fields/fields.yml @@ -0,0 +1,65 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: node + type: group + description: > + kubernetes node metrics + release: ga + fields: + - name: status + type: group + fields: + - name: ready + type: keyword + description: > + Node ready status (true, false or unknown) + - name: unschedulable + type: boolean + description: > + Node unschedulable status + - name: cpu + type: group + fields: + - name: allocatable.cores + type: float + description: > + Node CPU allocatable cores + - name: capacity.cores + type: long + description: > + Node CPU capacity cores + - name: memory + type: group + fields: + - name: allocatable.bytes + type: long + format: bytes + description: > + Node allocatable memory in bytes + - name: capacity.bytes + type: long + format: bytes + description: > + Node memory capacity in bytes + - name: pod + type: group + fields: + - name: allocatable.total + type: long + description: > + Node allocatable pods + - name: capacity.total + type: long + description: > + Node pod capacity diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/state_persistentvolume/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/state_persistentvolume/fields/fields.yml new file mode 100644 index 000000000..0e9d9006e --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/state_persistentvolume/fields/fields.yml @@ -0,0 +1,34 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: persistentvolume + type: group + description: > + kubernetes persistent volume metrics from kube-state-metrics + release: experimental + fields: + - name: name + type: keyword + description: Volume name. + - name: capacity.bytes + type: long + description: Volume capacity + - name: phase + type: keyword + description: Volume phase according to kubernetes + - name: storage_class + type: keyword + description: Storage class for the volume + + + diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/state_persistentvolumeclaim/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/state_persistentvolumeclaim/fields/fields.yml new file mode 100644 index 000000000..685b8a69d --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/state_persistentvolumeclaim/fields/fields.yml @@ -0,0 +1,38 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: persistentvolumeclaim + type: group + description: > + kubernetes persistent volume clame metrics from kube-state-metrics + release: experimental + fields: + - name: name + type: keyword + description: PVC name. + - name: volume_name + type: keyword + description: Binded volume name. + - name: request_storage.bytes + type: long + description: Requested capacity. + - name: phase + type: keyword + description: PVC phase. + - name: access_mode + type: keyword + description: Access mode. + - name: storage_class + type: keyword + description: Storage class for the PVC. + diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/state_pod/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/state_pod/fields/fields.yml new file mode 100644 index 000000000..708e29a82 --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/state_pod/fields/fields.yml @@ -0,0 +1,44 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: pod + type: group + description: > + kubernetes pod metrics + release: ga + fields: + - name: ip + type: ip + description: > + Kubernetes pod IP + - name: host_ip + type: ip + description: > + Kubernetes pod host IP + - name: status + type: group + description: > + Kubernetes pod status metrics + fields: + - name: phase + type: keyword + description: > + Kubernetes pod phase (Running, Pending...) + - name: ready + type: keyword + description: > + Kubernetes pod ready status (true, false or unknown) + - name: scheduled + type: keyword + description: > + Kubernetes pod scheduled status (true, false, unknown) diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/state_replicaset/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/state_replicaset/fields/fields.yml new file mode 100644 index 000000000..dfa53980c --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/state_replicaset/fields/fields.yml @@ -0,0 +1,44 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: replicaset + type: group + description: > + kubernetes replica set metrics + release: ga + fields: + - name: replicas + type: group + description: > + Kubernetes replica set paused status + fields: + - name: available + type: long + description: > + The number of replicas per ReplicaSet + - name: desired + type: long + description: > + The number of replicas per ReplicaSet + - name: ready + type: long + description: > + The number of ready replicas per ReplicaSet + - name: observed + type: long + description: > + The generation observed by the ReplicaSet controller + - name: labeled + type: long + description: > + The number of fully labeled replicas per ReplicaSet diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/state_resourcequota/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/state_resourcequota/fields/fields.yml new file mode 100644 index 000000000..89efbea0f --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/state_resourcequota/fields/fields.yml @@ -0,0 +1,39 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: resourcequota + type: group + description: > + kubernetes resourcequota metrics + release: beta + fields: + - name: created.sec + type: double + description: Epoch seconds since the ResourceQuota was created + - name: quota + type: double + description: Quota informed (hard or used) for the resource + - name: name + type: keyword + description: ResourceQuota name + - name: type + type: keyword + description: Quota information type, `hard` or `used` + - name: resource + type: keyword + description: Resource name the quota applies to + + + + + diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/state_service/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/state_service/fields/fields.yml new file mode 100644 index 000000000..7fa66831b --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/state_service/fields/fields.yml @@ -0,0 +1,50 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: service + type: group + description: > + kubernetes service metrics + release: experimental + fields: + - name: name + type: keyword + description: Service name. + - name: cluster_ip + type: ip + description: Internal IP for the service. + - name: external_name + type: keyword + description: Service external DNS name + - name: external_ip + type: keyword + description: Service external IP + - name: load_balancer_ip + type: keyword + description: Load Balancer service IP + - name: type + type: keyword + description: Service type + - name: ingress_ip + type: keyword + description: Ingress IP + - name: ingress_hostname + type: ip + description: Ingress Hostname + - name: created + type: date + description: Service creation date + + + + diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/state_statefulset/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/state_statefulset/fields/fields.yml new file mode 100644 index 000000000..ec79a50b5 --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/state_statefulset/fields/fields.yml @@ -0,0 +1,49 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: statefulset + type: group + description: > + kubernetes stateful set metrics + release: ga + fields: + - name: created + type: long + description: > + The creation timestamp (epoch) for StatefulSet + - name: replicas + type: group + description: > + Kubernetes stateful set replicas status + fields: + - name: observed + type: long + description: > + The number of observed replicas per StatefulSet + - name: desired + type: long + description: > + The number of desired replicas per StatefulSet + - name: generation + type: group + description: > + Kubernetes stateful set generation information + fields: + - name: observed + type: long + description: > + The observed generation per StatefulSet + - name: desired + type: long + description: > + The desired generation per StatefulSet diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/state_storageclass/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/state_storageclass/fields/fields.yml new file mode 100644 index 000000000..a50869c72 --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/state_storageclass/fields/fields.yml @@ -0,0 +1,34 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: storageclass + type: group + description: > + kubernetes storage class metrics + release: experimental + fields: + - name: name + type: keyword + description: Storage class name. + - name: provisioner + type: keyword + description: Volume provisioner for the storage class. + - name: reclaim_policy + type: keyword + description: Reclaim policy for dynamically created volumes + - name: volume_binding_mode + type: keyword + description: Mode for default provisioning and binding + - name: created + type: date + description: Storage class creation date diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/system/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/system/fields/fields.yml new file mode 100644 index 000000000..2d9ebd23d --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/system/fields/fields.yml @@ -0,0 +1,81 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: system + type: group + description: > + kubernetes system containers metrics + release: ga + fields: + - name: container + type: keyword + description: > + Container name + - name: start_time + type: date + description: > + Start time + - name: cpu + type: group + description: > + CPU usage metrics + fields: + - name: usage + type: group + fields: + - name: core + type: group + fields: + - name: ns + type: long + description: > + CPU Core usage nanoseconds + - name: nanocores + type: long + description: > + CPU used nanocores + - name: memory + type: group + fields: + - name: usage + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Total memory usage + - name: rss + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + RSS memory usage + - name: workingset + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Working set memory usage + - name: pagefaults + type: long + description: > + Number of page faults + - name: majorpagefaults + type: long + description: > + Number of major page faults diff --git a/dev/packages/beats/kubernetes-0.0.1/dataset/volume/fields/fields.yml b/dev/packages/beats/kubernetes-0.0.1/dataset/volume/fields/fields.yml new file mode 100644 index 000000000..ed0ee80a4 --- /dev/null +++ b/dev/packages/beats/kubernetes-0.0.1/dataset/volume/fields/fields.yml @@ -0,0 +1,65 @@ +- key: kubernetes + title: "Kubernetes" + description: > + Kubernetes metrics + release: ga + settings: ["ssl", "http"] + short_config: false + fields: + - name: kubernetes + type: group + description: > + Information and statistics of pods managed by kubernetes. + fields: + - name: volume + type: group + description: > + kubernetes volume metrics + release: ga + fields: + - name: name + type: keyword + description: > + Volume name + - name: fs + type: group + fields: + - name: capacity + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Filesystem total capacity in bytes + - name: available + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Filesystem total available in bytes + - name: used + type: group + fields: + - name: bytes + type: long + format: bytes + description: > + Filesystem total used in bytes + - name: inodes + type: group + fields: + - name: used + type: long + description: > + Used inodes + - name: free + type: long + description: > + Free inodes + - name: count + type: long + description: > + Total inodes diff --git a/dev/packages/beats/kvm-0.0.1/dataset/dommemstat/fields/fields.yml b/dev/packages/beats/kvm-0.0.1/dataset/dommemstat/fields/fields.yml new file mode 100644 index 000000000..b0438c8b1 --- /dev/null +++ b/dev/packages/beats/kvm-0.0.1/dataset/dommemstat/fields/fields.yml @@ -0,0 +1,37 @@ +- key: kvm + title: "kvm" + release: beta + description: > + kvm module + fields: + - name: kvm + type: group + description: > + fields: + - name: dommemstat + type: group + description: > + dommemstat + release: beta + fields: + - name: stat + type: group + description: > + Memory stat + fields: + - name: name + type: keyword + description: > + Memory stat name + - name: value + type: long + description: > + Memory stat value + - name: id + type: long + description: > + Domain id + - name: name + type: keyword + description: > + Domain name diff --git a/dev/packages/beats/logstash-0.0.1/dataset/node/fields/fields.yml b/dev/packages/beats/logstash-0.0.1/dataset/node/fields/fields.yml new file mode 100644 index 000000000..a535fa97f --- /dev/null +++ b/dev/packages/beats/logstash-0.0.1/dataset/node/fields/fields.yml @@ -0,0 +1,44 @@ +- key: logstash + title: "Logstash" + description: > + Logstash module + release: ga + settings: ["ssl", "http"] + fields: + - name: logstash + type: group + description: > + fields: + - name: node + type: group + description: > + node + release: ga + fields: + - name: host + type: alias + path: host.hostname + migration: true + description: > + Host name + - name: version + type: alias + path: service.version + migration: true + description: > + Logstash Version + - name: jvm + type: group + description: > + JVM Info + fields: + - name: version + type: keyword + description: > + Version + - name: pid + type: alias + path: process.pid + migration: true + description: > + Process ID diff --git a/dev/packages/beats/logstash-0.0.1/dataset/node_stats/fields/fields.yml b/dev/packages/beats/logstash-0.0.1/dataset/node_stats/fields/fields.yml new file mode 100644 index 000000000..b1d07d2db --- /dev/null +++ b/dev/packages/beats/logstash-0.0.1/dataset/node_stats/fields/fields.yml @@ -0,0 +1,34 @@ +- key: logstash + title: "Logstash" + description: > + Logstash module + release: ga + settings: ["ssl", "http"] + fields: + - name: logstash + type: group + description: > + fields: + - name: node.stats + type: group + description: > + node_stats metrics. + release: ga + fields: + - name: events + type: group + description: > + Events stats + fields: + - name: in + type: long + description: > + Incoming events counter. + - name: out + type: long + description: > + Outgoing events counter. + - name: filtered + type: long + description: > + Filtered events counter. diff --git a/dev/packages/beats/memcached-0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/memcached-0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 000000000..eee61a626 --- /dev/null +++ b/dev/packages/beats/memcached-0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,108 @@ +- key: memcached + title: "Memcached" + description: > + Memcached module + short_config: false + release: ga + fields: + - name: memcached + type: group + description: > + fields: + - name: stats + type: group + description: > + stats + release: ga + fields: + - name: pid + type: long + description: > + Current process ID of the Memcached task. + + - name: uptime.sec + type: long + description: > + Memcached server uptime. + + - name: threads + type: long + description: > + Number of threads used by the current Memcached server process. + + - name: connections.current + type: long + description: > + Number of open connections to this Memcached server, should be the same + value on all servers during normal operation. + + - name: connections.total + type: long + description: > + Numer of successful connect attempts to this server since it has been started. + + - name: get.hits + type: long + description: > + Number of successful "get" commands (cache hits) since startup, divide them + by the "cmd_get" value to get the cache hitrate. + + - name: get.misses + type: long + description: > + Number of failed "get" requests because nothing was cached for this key + or the cached value was too old. + + - name: cmd.get + type: long + description: > + Number of "get" commands received since server startup not counting if they + were successful or not. + + - name: cmd.set + type: long + description: > + Number of "set" commands serviced since startup. + + - name: read.bytes + type: long + formate: bytes + description: > + Total number of bytes received from the network by this server. + + - name: written.bytes + type: long + formate: bytes + description: > + Total number of bytes send to the network by this server. + + - name: items.current + type: long + description: > + Number of items currently in this server's cache. + + - name: items.total + type: long + formate: bytes + description: > + Number of items stored ever stored on this server. This is no "maximum item + count" value but a counted increased by every new item stored in the cache. + + - name: evictions + type: long + formate: bytes + description: > + Number of objects removed from the cache to free up memory for new items + because Memcached reached it's maximum memory setting (limit_maxbytes). + + - name: bytes.current + type: long + formate: bytes + description: > + Number of bytes currently used for caching items. + + - name: bytes.limit + type: long + formate: bytes + description: > + Number of bytes this server is allowed to use for storage. diff --git a/dev/packages/beats/misp-0.0.1/dataset/threat/fields/fields.yml b/dev/packages/beats/misp-0.0.1/dataset/threat/fields/fields.yml new file mode 100644 index 000000000..478db4072 --- /dev/null +++ b/dev/packages/beats/misp-0.0.1/dataset/threat/fields/fields.yml @@ -0,0 +1,720 @@ +- key: misp + title: MISP + description: > + Module for handling threat information from MISP. + fields: + - name: misp + type: group + description: > + Fields from MISP threat information. + fields: + - name: attack_pattern + title: Attack Pattern + short: Fields that let you store attack patterns + description: > + Fields provide support for specifying information about attack patterns. + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the threat indicator. + + - name: name + level: core + type: keyword + description: > + Name of the attack pattern. + + - name: description + level: extended + type: text + description: > + Description of the attack pattern. + + - name: kill_chain_phases + level: extended + type: keyword + description: > + The kill chain phase(s) to which this attack pattern corresponds. + + - name: campaign + title: Campaign + short: Fields that let you store campaign information + description: > + Fields provide support for specifying information about campaigns. + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the campaign. + + - name: name + level: core + type: keyword + description: > + Name of the campaign. + + - name: description + level: extended + type: text + description: > + Description of the campaign. + + - name: aliases + level: extended + type: text + description: > + Alternative names used to identify this campaign. + + - name: first_seen + level: core + type: date + description: > + The time that this Campaign was first seen, in RFC3339 format. + + - name: last_seen + level: core + type: date + description: > + The time that this Campaign was last seen, in RFC3339 format. + + - name: objective + level: core + type: keyword + description: > + This field defines the Campaign's primary goal, objective, desired outcome, or intended effect. + + - name: course_of_action + title: Course of Action + short: Fields that let you store information about course of action. + description: > + A Course of Action is an action taken either to prevent an attack or to respond to an attack that is in progress. + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Course of Action. + + - name: name + level: core + type: keyword + description: > + The name used to identify the Course of Action. + + - name: description + level: extended + type: text + description: > + Description of the Course of Action. + + - name: identity + title: Identity + short: Fields that let you store information about identity. + description: > + Identity can represent actual individuals, organizations, or groups, as well as classes of individuals, organizations, or groups. + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Identity. + + - name: name + level: core + type: keyword + description: > + The name used to identify the Identity. + + - name: description + level: extended + type: text + description: > + Description of the Identity. + + - name: identity_class + level: core + type: keyword + description: > + The type of entity that this Identity describes, e.g., an individual or organization. Open Vocab - identity-class-ov + + - name: labels + level: extended + type: keyword + description: > + The list of roles that this Identity performs. + example: > + CEO + + - name: sectors + level: extended + type: keyword + description: > + The list of sectors that this Identity belongs to. Open Vocab - industry-sector-ov + + - name: contact_information + level: extended + type: text + description: > + The contact information (e-mail, phone number, etc.) for this Identity. + + - name: intrusion_set + title: Intrusion Set + short: Fields that let you store information about Intrusion Set. + description: > + An Intrusion Set is a grouped set of adversary behavior and resources with common properties that is believed to be orchestrated by a single organization. + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Intrusion Set. + + - name: name + level: core + type: keyword + description: > + The name used to identify the Intrusion Set. + + - name: description + level: extended + type: text + description: > + Description of the Intrusion Set. + + - name: aliases + level: extended + type: text + description: > + Alternative names used to identify the Intrusion Set. + + - name: first_seen + level: extended + type: date + description: > + The time that this Intrusion Set was first seen, in RFC3339 format. + + - name: last_seen + level: extended + type: date + description: > + The time that this Intrusion Set was last seen, in RFC3339 format. + + - name: goals + level: extended + type: text + description: > + The high level goals of this Intrusion Set, namely, what are they trying to do. + + - name: resource_level + level: extended + type: text + description: > + This defines the organizational level at which this Intrusion Set typically works. Open Vocab - attack-resource-level-ov + + - name: primary_motivation + level: extended + type: text + description: > + The primary reason, motivation, or purpose behind this Intrusion Set. Open Vocab - attack-motivation-ov + + - name: secondary_motivations + level: extended + type: text + description: > + The secondary reasons, motivations, or purposes behind this Intrusion Set. Open Vocab - attack-motivation-ov + + - name: malware + title: Malware + short: Fields that let you store information about Malware. + description: > + Malware is a type of TTP that is also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim. + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Malware. + + - name: name + level: core + type: keyword + description: > + The name used to identify the Malware. + + - name: description + level: extended + type: text + description: > + Description of the Malware. + + - name: labels + level: core + type: keyword + description: > + The type of malware being described. + Open Vocab - malware-label-ov. + adware,backdoor,bot,ddos,dropper,exploit-kit,keylogger,ransomware, remote-access-trojan,resource-exploitation,rogue-security-software,rootkit, screen-capture,spyware,trojan,virus,worm + + - name: kill_chain_phases + format: string + level: extended + type: keyword + description: > + The list of kill chain phases for which this Malware instance can be used. + + - name: note + title: Note + short: Fields that let you store information about Malware. + description: > + A Note is a comment or note containing informative text to help explain the context of one or more STIX Objects (SDOs or SROs) or to provide additional analysis that is not contained in the original object. + + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Note. + + - name: summary + level: extended + type: keyword + description: > + A brief description used as a summary of the Note. + + - name: description + level: extended + type: text + description: > + The content of the Note. + + - name: authors + level: extended + type: keyword + description: > + The name of the author(s) of this Note. + + - name: object_refs + level: extended + type: keyword + description: > + The STIX Objects (SDOs and SROs) that the note is being applied to. + + - name: threat_indicator + title: Threat Indicator + short: Fields that let you store Threat Indicators + description: > + Fields provide support for specifying information about threat indicators, and related matching patterns. + type: group + fields: + + - name: labels + level: core + type: keyword + description: > + list of type open-vocab that specifies the type of indicator. + example: > + Domain Watchlist + + - name: id + level: core + type: keyword + description: > + Identifier of the threat indicator. + + - name: version + level: core + type: keyword + description: > + Version of the threat indicator. + + - name: type + level: core + type: keyword + description: > + Type of the threat indicator. + + - name: description + level: core + type: text + description: > + Description of the threat indicator. + + - name: feed + level: core + type: text + description: > + Name of the threat feed. + + - name: valid_from + level: core + type: date + description: > + The time from which this Indicator should be considered valuable + intelligence, in RFC3339 format. + + - name: valid_until + level: core + type: date + description: > + The time at which this Indicator should no longer be considered valuable intelligence. If the valid_until property is omitted, then there is no constraint on the latest time for which the indicator should be used, in RFC3339 format. + + - name: severity + format: string + level: core + type: keyword + description: > + Threat severity to which this indicator corresponds. + example: high + + - name: confidence + level: core + type: keyword + description: > + Confidence level to which this indicator corresponds. + example: high + + - name: kill_chain_phases + format: string + level: extended + type: keyword + description: > + The kill chain phase(s) to which this indicator corresponds. + + - name: mitre_tactic + format: string + level: extended + type: keyword + description: > + MITRE tactics to which this indicator corresponds. + example: Initial Access + + - name: mitre_technique + format: string + level: extended + type: keyword + description: > + MITRE techniques to which this indicator corresponds. + example: Drive-by Compromise + + - name: attack_pattern + level: core + type: keyword + description: > + The attack_pattern for this indicator is a STIX Pattern as specified in STIX Version 2.0 Part 5 - STIX Patterning. + example: > + [destination:ip = '91.219.29.188/32'] + + - name: attack_pattern_kql + level: core + type: keyword + description: > + The attack_pattern for this indicator is KQL query that matches the attack_pattern specified in the STIX Pattern format. + example: > + destination.ip: "91.219.29.188/32" + + - name: negate + level: core + type: boolean + description: > + When set to true, it specifies the absence of the attack_pattern. + + - name: intrusion_set + level: extended + type: keyword + description: > + Name of the intrusion set if known. + + - name: campaign + level: extended + type: keyword + description: > + Name of the attack campaign if known. + + - name: threat_actor + level: extended + type: keyword + description: > + Name of the threat actor if known. + + - name: observed_data + title: Observed Data + short: Fields that let you store information about Observed Data. + description: > + Observed data conveys information that was observed on systems and networks, such as log data or network traffic, using the Cyber Observable specification. + + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Observed Data. + + - name: first_observed + level: core + type: date + description: > + The beginning of the time window that the data was observed, in RFC3339 format. + + - name: last_observed + level: core + type: date + description: > + The end of the time window that the data was observed, in RFC3339 format. + + - name: number_observed + level: core + type: integer + description: > + The number of times the data represented in the objects property was observed. This MUST be an integer between 1 and 999,999,999 inclusive. + + - name: objects + level: core + type: keyword + description: > + A dictionary of Cyber Observable Objects that describes the single fact that was observed. + + - name: report + title: Report + short: Fields that let you store information about Report. + description: > + Reports are collections of threat intelligence focused on one or more topics, such as a description of a threat actor, malware, or attack technique, including context and related details. + + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Report. + + - name: labels + level: core + type: keyword + description: > + This field is an Open Vocabulary that specifies the primary subject of this report. + Open Vocab - report-label-ov. + threat-report,attack-pattern,campaign,identity,indicator,malware,observed-data,threat-actor,tool,vulnerability + + - name: name + level: core + type: keyword + description: > + The name used to identify the Report. + + - name: description + level: extended + type: text + description: > + A description that provides more details and context about Report. + + - name: published + level: extended + type: date + description: > + The date that this report object was officially published by the creator of this report, in RFC3339 format. + + - name: object_refs + level: core + type: text + description: > + Specifies the STIX Objects that are referred to by this Report. + + - name: threat_actor + title: Threat Actor + short: Fields that let you store information about Threat Actor. + description: > + Threat Actors are actual individuals, groups, or organizations believed to be operating with malicious intent. + + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Threat Actor. + + - name: labels + level: core + type: keyword + description: > + This field specifies the type of threat actor. + Open Vocab - threat-actor-label-ov. + activist,competitor,crime-syndicate,criminal,hacker,insider-accidental,insider-disgruntled,nation-state,sensationalist,spy,terrorist + + - name: name + level: core + type: keyword + description: > + The name used to identify this Threat Actor or Threat Actor group. + + - name: description + level: extended + type: text + description: > + A description that provides more details and context about the Threat Actor. + + - name: aliases + level: extended + type: text + description: > + A list of other names that this Threat Actor is believed to use. + + - name: roles + level: extended + type: text + description: > + This is a list of roles the Threat Actor plays. + Open Vocab - threat-actor-role-ov. + agent,director,independent,sponsor,infrastructure-operator,infrastructure-architect,malware-author + + - name: goals + level: extended + type: text + description: > + The high level goals of this Threat Actor, namely, what are they trying to do. + + - name: sophistication + level: extended + type: text + description: > + The skill, specific knowledge, special training, or expertise a Threat Actor + must have to perform the attack. + Open Vocab - threat-actor-sophistication-ov. + none,minimal,intermediate,advanced,strategic,expert,innovator + + - name: resource_level + level: extended + type: text + description: > + This defines the organizational level at which this Threat Actor typically works. + Open Vocab - attack-resource-level-ov. + individual,club,contest,team,organization,government + + - name: primary_motivation + level: extended + type: text + description: > + The primary reason, motivation, or purpose behind this Threat Actor. + Open Vocab - attack-motivation-ov. + accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable + + - name: secondary_motivations + level: extended + type: text + description: > + The secondary reasons, motivations, or purposes behind this Threat Actor. + Open Vocab - attack-motivation-ov. + accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable + + - name: personal_motivations + level: extended + type: text + description: > + The personal reasons, motivations, or purposes of the Threat Actor regardless of + organizational goals. + Open Vocab - attack-motivation-ov. + accidental,coercion,dominance,ideology,notoriety,organizational-gain,personal-gain,personal-satisfaction,revenge,unpredictable + + - name: tool + title: Tool + short: Fields that let you store information about Tool. + description: > + Tools are legitimate software that can be used by threat actors to perform attacks. + + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Tool. + + - name: labels + level: core + type: keyword + description: > + The kind(s) of tool(s) being described. + Open Vocab - tool-label-ov. + denial-of-service,exploitation,information-gathering,network-capture,credential-exploitation,remote-access,vulnerability-scanning + + - name: name + level: core + type: keyword + description: > + The name used to identify the Tool. + + - name: description + level: extended + type: text + description: > + A description that provides more details and context about the Tool. + + - name: tool_version + level: extended + type: keyword + description: > + The version identifier associated with the Tool. + + - name: kill_chain_phases + level: extended + type: text + description: > + The list of kill chain phases for which this Tool instance can be used. + + - name: vulnerability + title: Vulnerability + short: Fields that let you store information about Vulnerability. + description: > + A Vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network. + + type: group + fields: + + - name: id + level: core + type: keyword + description: > + Identifier of the Vulnerability. + + - name: name + level: core + type: keyword + description: > + The name used to identify the Vulnerability. + + - name: description + level: extended + type: text + description: > + A description that provides more details and context about the Vulnerability. + + + + + + + + + diff --git a/dev/packages/beats/mongodb-0.0.1/dataset/collstats/fields/fields.yml b/dev/packages/beats/mongodb-0.0.1/dataset/collstats/fields/fields.yml new file mode 100644 index 000000000..3911126f7 --- /dev/null +++ b/dev/packages/beats/mongodb-0.0.1/dataset/collstats/fields/fields.yml @@ -0,0 +1,117 @@ +- key: mongodb + title: "MongoDB" + description: > + Metrics collected from MongoDB servers. + short_config: false + release: ga + settings: ["ssl"] + fields: + - name: mongodb + type: group + description: > + MongoDB metrics. + fields: + - name: collstats + type: group + description: > + MongoDB collection statistics metrics. + release: ga + fields: + - name: db + type: keyword + description: > + Database name. + + - name: collection + type: keyword + description: > + Collection name. + + - name: name + type: keyword + description: > + Combination of database and collection name. + + - name: total.time.us + type: long + description: > + Total waiting time for locks in microseconds. + - name: total.count + type: long + description: > + Total number of lock wait events. + + - name: lock + type: group + fields: + - name: read.time.us + type: long + description: > + Time waiting for read locks in microseconds. + - name: read.count + type: long + description: > + Number of read lock wait events. + + - name: write.time.us + type: long + description: > + Time waiting for write locks in microseconds. + - name: write.count + type: long + description: > + Number of write lock wait events. + + - name: queries.time.us + type: long + description: > + Time running queries in microseconds. + - name: queries.count + type: long + description: > + Number of queries executed. + + - name: getmore.time.us + type: long + description: > + Time asking for more cursor rows in microseconds. + - name: getmore.count + type: long + description: > + Number of times a cursor asked for more data. + + - name: insert.time.us + type: long + description: > + Time inserting new documents in microseconds. + - name: insert.count + type: long + description: > + Number of document insert events. + + - name: update.time.us + type: long + description: > + Time updating documents in microseconds. + - name: update.count + type: long + description: > + Number of document update events. + + - name: remove.time.us + type: long + description: > + Time deleting documents in microseconds. + - name: remove.count + type: long + description: > + Number of document delete events. + + - name: commands.time.us + type: long + description: > + Time executing database commands in microseconds. + - name: commands.count + type: long + description: > + Number of database commands executed. diff --git a/dev/packages/beats/mongodb-0.0.1/dataset/dbstats/fields/fields.yml b/dev/packages/beats/mongodb-0.0.1/dataset/dbstats/fields/fields.yml new file mode 100644 index 000000000..b22d55fbd --- /dev/null +++ b/dev/packages/beats/mongodb-0.0.1/dataset/dbstats/fields/fields.yml @@ -0,0 +1,76 @@ +- key: mongodb + title: "MongoDB" + description: > + Metrics collected from MongoDB servers. + short_config: false + release: ga + settings: ["ssl"] + fields: + - name: mongodb + type: group + description: > + MongoDB metrics. + fields: + - name: dbstats + type: group + description: > + dbstats provides an overview of a particular mongo database. This document + is most concerned with data volumes of a database. + release: ga + fields: + - name: avg_obj_size.bytes + type: long + format: bytes + + - name: collections + type: integer + + - name: data_size.bytes + type: long + format: bytes + + - name: db + type: keyword + + - name: file_size.bytes + type: long + format: bytes + + - name: index_size.bytes + type: long + format: bytes + + - name: indexes + type: long + + - name: num_extents + type: long + + - name: objects + type: long + + - name: storage_size.bytes + type: long + format: bytes + + - name: ns_size_mb.mb + type: long + + - name: data_file_version + type: group + fields: + - name: major + type: long + + - name: minor + type: long + + - name: extent_free_list + type: group + fields: + - name: num + type: long + + - name: size.bytes + type: long + format: bytes diff --git a/dev/packages/beats/mongodb-0.0.1/dataset/metrics/fields/fields.yml b/dev/packages/beats/mongodb-0.0.1/dataset/metrics/fields/fields.yml new file mode 100644 index 000000000..d782773f3 --- /dev/null +++ b/dev/packages/beats/mongodb-0.0.1/dataset/metrics/fields/fields.yml @@ -0,0 +1,545 @@ +- key: mongodb + title: "MongoDB" + description: > + Metrics collected from MongoDB servers. + short_config: false + release: ga + settings: ["ssl"] + fields: + - name: mongodb + type: group + description: > + MongoDB metrics. + fields: + - name: metrics + type: group + release: ga + description: > + Statistics that reflect the current use and state of a running `mongod` instance + for more information, take a look at https://docs.mongodb.com/manual/reference/command/serverStatus/#serverstatus.metrics + fields: + - name: commands + type: group + description: > + Reports on the use of database commands. + The fields in metrics.commands are the names of database commands and each value is a document + that reports the total number of commands executed as well as the number of failed executions. + + metrics.commands..failed shows the number of times failed on this mongod. + metrics.commands..total shows the number of times executed on this mongod. + fields: + - name: is_self + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: aggregate + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: build_info + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: coll_stats + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: connection_pool_stats + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: count + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: db_stats + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: distinct + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: find + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: get_cmd_line_opts + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: get_last_error + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: get_log + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: get_more + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: get_parameter + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: host_info + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: insert + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: is_master + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: last_collections + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: last_commands + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: list_databased + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: list_indexes + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: ping + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: profile + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: replset_get_rbid + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: replset_get_status + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: replset_heartbeat + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: replset_update_position + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: server_status + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: update + type: group + fields: + - name: failed + type: long + - name: total + type: long + - name: whatsmyuri + type: group + fields: + - name: failed + type: long + - name: total + type: long + + - name: cursor + type: group + description: > + Contains data regarding cursor state and use. + fields: + - name: timed_out + type: long + description: > + The total number of cursors that have timed out since the server process started. + - name: open + type: group + description: > + Contains data regarding open cursors. + fields: + - name: no_timeout + type: long + description: > + The number of open cursors with the option DBQuery.Option.noTimeout set to prevent timeout. + - name: pinned + type: long + description: > + The number of `pinned` open cursors. + - name: total + type: long + description: > + The number of cursors that MongoDB is maintaining for clients. + + - name: document + type: group + description: > + Reflects document access and modification patterns. + fields: + - name: deleted + type: long + description: > + The total number of documents deleted. + - name: inserted + type: long + description: > + The total number of documents inserted. + - name: returned + type: long + description: > + The total number of documents returned by queries. + - name: updated + type: long + description: > + The total number of documents updated. + + - name: get_last_error + type: group + description: > + Returns the error status of the preceding write operation on the current connection. + fields: + - name: write_wait.ms + type: long + description: > + The total amount of time in milliseconds that the mongod has spent performing getLastError operations + with write concern (i.e. w) greater than 1. + - name: write_wait.count + type: long + description: > + The total number of getLastError operations with a specified write concern (i.e. w) greater than 1. + - name: write_timeouts + type: long + description: > + The number of times that write concern operations have timed out as a result of the wtimeout threshold to getLastError. + + - name: operation + type: group + description: > + Holds counters for several types of update and query operations that MongoDB handles using special operation types. + fields: + - name: scan_and_order + type: long + description: > + The total number of queries that return sorted numbers that cannot perform the sort operation using an index. + - name: write_conflicts + type: long + description: > + The total number of queries that encountered write conflicts. + + - name: query_executor + type: group + description: > + Reports data from the query execution system. + fields: + - name: scanned_indexes.count + type: long + description: > + The total number of index items scanned during queries and query-plan evaluation. + - name: scanned_documents.count + type: long + description: > + The total number of documents scanned during queries and query-plan evaluation. + + - name: replication + type: group + description: > + Reports metrics related to the replication process. + metrics.replication appears on all mongod instances, even those that aren't members of replica sets. + fields: + - name: executor + type: group + description: > + Reports on various statistics for the replication executor. + fields: + - name: counters + type: group + fields: + - name: event_created + type: long + - name: event_wait + type: long + - name: cancels + type: long + - name: waits + type: long + - name: scheduled + type: group + fields: + - name: netcmd + type: long + - name: dbwork + type: long + - name: exclusive + type: long + - name: work_at + type: long + - name: work + type: long + - name: failures + type: long + - name: queues + type: group + fields: + - name: in_progress + type: group + fields: + - name: network + type: long + - name: dbwork + type: long + - name: exclusive + type: long + - name: sleepers + type: long + - name: ready + type: long + - name: free + type: long + - name: unsignaled_events + type: long + - name: event_waiters + type: long + - name: shutting_down + type: boolean + - name: network_interface + type: keyword + - name: apply + type: group + description: > + Reports on the application of operations from the replication oplog. + fields: + - name: attempts_to_become_secondary + type: long + - name: batches + type: group + description: > + Reports on the oplog application process on secondaries members of replica sets. + fields: + - name: count + type: long + description: > + The total number of batches applied across all databases. + - name: time.ms + type: long + description: > + The total amount of time in milliseconds the mongod has spent applying operations from the oplog. + - name: ops + type: long + description: > + The total number of oplog operations applied. + - name: buffer + type: group + description: > + MongoDB buffers oplog operations from the replication sync source buffer before applying oplog entries in a batch. + metrics.replication.buffer provides a way to track the oplog buffer. + fields: + - name: count + type: long + description: > + The current number of operations in the oplog buffer. + - name: max_size.bytes + type: long + description: > + The maximum size of the buffer. This value is a constant setting in the mongod, and is not configurable. + - name: size.bytes + type: long + description: > + The current size of the contents of the oplog buffer. + - name: initial_sync + type: group + description: > + Report initial sync status + fields: + - name: completed + type: long + - name: failed_attempts + type: long + - name: failures + type: long + - name: network + type: group + description: > + Reports network use by the replication process. + fields: + - name: bytes + type: long + description: > + The total amount of data read from the replication sync source. + - name: getmores + type: group + description: > + Reports on the getmore operations, which are requests for additional results from the oplog cursor + as part of the oplog replication process. + fields: + - name: count + type: long + description: > + The total number of getmore operations + - name: time.ms + type: long + description: > + The total amount of time required to collect data from getmore operations. + - name: ops + type: long + description: > + The total number of operations read from the replication source. + - name: reders_created + type: long + description: > + The total number of oplog query processes created. + - name: preload + type: group + description: > + Reports on the `pre-fetch` stage, where MongoDB loads documents and indexes into RAM to improve replication throughput. + fields: + - name: docs + type: group + description: > + Reports on the documents loaded into memory during the pre-fetch stage. + fields: + - name: count + type: long + description: > + The total number of documents loaded during the pre-fetch stage of replication. + - name: time.ms + type: long + decsription: > + The total amount of time spent loading documents as part of the pre-fetch stage of replication. + - name: indexes + type: group + description: > + Reports on the index items loaded into memory during the pre-fetch stage of replication. + fields: + - name: count + type: long + description: > + The total number of index entries loaded by members before updating documents as part of the pre-fetch stage of replication. + - name: time.ms + type: long + description: > + The total amount of time, in milliseconds, spent loading index entries as part of the pre-fetch stage of replication. + + - name: storage.free_list.search + type: group + fields: + - name: bucket_exhausted + type: long + description: > + The number of times that mongod has checked the free list without finding a suitably large record allocation. + - name: requests + type: long + description: > + The number of times mongod has searched for available record allocations. + - name: scanned + type: long + description: > + The number of available record allocations mongod has searched. + + - name: ttl + type: group + description: > + Reports on the operation of the resource use of the ttl index process. + fields: + - name: deleted_documents.count + type: long + description: > + The total number of documents deleted from collections with a ttl index. + - name: passes.count + type: long + description: > + The number of times the background process removes documents from collections with a ttl index. diff --git a/dev/packages/beats/mongodb-0.0.1/dataset/replstatus/fields/fields.yml b/dev/packages/beats/mongodb-0.0.1/dataset/replstatus/fields/fields.yml new file mode 100644 index 000000000..9e3a9e24d --- /dev/null +++ b/dev/packages/beats/mongodb-0.0.1/dataset/replstatus/fields/fields.yml @@ -0,0 +1,189 @@ +- key: mongodb + title: "MongoDB" + description: > + Metrics collected from MongoDB servers. + short_config: false + release: ga + settings: ["ssl"] + fields: + - name: mongodb + type: group + description: > + MongoDB metrics. + fields: + - name: replstatus + type: group + release: ga + description: > + replstatus provides an overview of replica set status. + fields: + - name: oplog + type: group + description: > + oplog provides an overview of replication oplog status, which is retrieved from db.getReplicationInfo(). + fields: + - name: size.allocated + type: long + format: bytes + description: > + The total amount of space used by the replstatus in bytes. + - name: size.used + type: long + format: bytes + description: > + total amount of space allocated to the replstatus in bytes. + + - name: first.timestamp + type: long + description: > + Timestamp of the first (i.e. earliest) operation in the replstatus + + - name: last.timestamp + type: long + description: > + Timestamp of the last (i.e. latest) operation in the replstatus + + - name: window + type: long + description: > + The difference between the first and last operation in the replstatus. + + - name: set_name + type: keyword + description: > + The name of the replica set. + + - name: server_date + type: date + description: > + Reflects the current time according to the server that processed the replSetGetStatus command. + + - name: optimes + type: group + fields: + - name: last_committed + type: long + description: > + Information, from the viewpoint of this member, regarding the most recent operation that has been written to a majority of replica set members. + - name: applied + type: long + description: > + Information, from the viewpoint of this member, regarding the most recent operation that has been applied to this member of the replica set. + - name: durable + type: long + description: > + Information, from the viewpoint of this member, regarding the most recent operation that has been written to the journal of this member of the replica set. + + - name: lag + type: group + description: > + Delay between a write operation on the primary and its copy to a secondary + fields: + - name: max + type: long + format: duration + description: > + Difference between optime of primary and slowest secondary + - name: min + type: long + format: duration + description: > + Difference between optime of primary and fastest secondary + + - name: headroom + type: group + description: > + Difference between the primary's oplog window and the replication lag of the secondary + fields: + - name: max + type: long + format: duration + description: > + Difference between primary's oplog window and the replication lag of the fastest secondary + - name: min + type: long + format: duration + description: > + Difference between primary's oplog window and the replication lag of the slowest secondary + + - name: members + type: group + description: > + Provides information about members of replica set grouped by their state + fields: + - name: primary.host + type: keyword + description: > + Host address of the primary + - name: primary.optime + type: keyword + description: > + Optime of primary + - name: secondary.hosts + type: keyword + description: > + List of secondary hosts + - name: secondary.optimes + type: keyword + description: > + Optimes of secondaries + - name: secondary.count + type: long + descriprtion: > + Count of secondaries + - name: recovering.hosts + type: keyword + description: > + List of recovering members hosts + - name: recovering.count + type: long + description: > + Count of members in the `recovering` state + - name: unknown.hosts + type: keyword + description: > + List of members' hosts in the `unknown` state + - name: unknown.count + type: long + description: > + Count of members with `unknown` state + - name: startup2.hosts + type: keyword + description: > + List of initializing members hosts + - name: startup2.count + type: long + description: > + Count of members in the `startup2` state + - name: arbiter.hosts + type: keyword + description: > + List of arbiters hosts + - name: arbiter.count + type: long + description: > + Count of arbiters + - name: down.hosts + type: keyword + description: > + List of `down` members hosts + - name: down.count + type: long + description: > + Count of `down` members + - name: rollback.hosts + type: keyword + description: > + List of members in the `rollback` state + - name: rollback.count + type: long + description: > + Count of members in the `rollback` state + - name: unhealthy.hosts + type: keyword + description: > + List of members' hosts with healthy = false + - name: unhealthy.count + type: long + description: > + Count of unhealthy members diff --git a/dev/packages/beats/mongodb-0.0.1/dataset/status/fields/fields.yml b/dev/packages/beats/mongodb-0.0.1/dataset/status/fields/fields.yml new file mode 100644 index 000000000..264b364b0 --- /dev/null +++ b/dev/packages/beats/mongodb-0.0.1/dataset/status/fields/fields.yml @@ -0,0 +1,711 @@ +- key: mongodb + title: "MongoDB" + description: > + Metrics collected from MongoDB servers. + short_config: false + release: ga + settings: ["ssl"] + fields: + - name: mongodb + type: group + description: > + MongoDB metrics. + fields: + - name: status + type: group + description: > + MongoDB server status metrics. + release: ga + fields: + - name: version + type: alias + path: service.version + description: > + Instance version. + - name: process + type: alias + path: process.name + description: > + The current MongoDB process. Possible values are mongos or mongod. + - name: uptime.ms + type: long + description: > + Instance uptime in milliseconds. + - name: local_time + type: date + description: > + Local time as reported by the MongoDB instance. + + - name: asserts.regular + type: long + description: > + Number of regular assertions produced by the server. + - name: asserts.warning + type: long + description: > + Number of warning assertions produced by the server. + - name: asserts.msg + type: long + description: > + Number of msg assertions produced by the server. + - name: asserts.user + type: long + description: > + Number of user assertions produced by the server. + - name: asserts.rollovers + type: long + description: > + Number of rollovers assertions produced by the server. + + - name: connections + type: group + description: > + Data regarding the current status of incoming connections and + availability of the database server. + fields: + - name: current + type: long + description: > + The number of connections to the database server from clients. This + number includes the current shell session. Consider the value of + `available` to add more context to this datum. + - name: available + type: long + description: > + The number of unused available incoming connections the database + can provide. + - name: total_created + type: long + description: > + A count of all incoming connections created to the server. This + number includes connections that have since closed. + + - name: extra_info + type: group + description: > + Platform specific data. + fields: + - name: heap_usage.bytes + type: long + format: bytes + description: > + The total size in bytes of heap space used by the database process. + Only available on Unix/Linux. + - name: page_faults + type: long + description: > + The total number of page faults that require disk operations. Page + faults refer to operations that require the database server to + access data that isn't available in active memory. + + - name: global_lock + type: group + description: > + Reports on lock state of the database. + fields: + - name: total_time.us + type: long + description: > + The time, in microseconds, since the database last started and created the globalLock. + This is roughly equivalent to total server uptime. + - name: current_queue + type: group + description: > + The number of operations queued because of a lock. + fields: + - name: total + type: long + description: > + The total number of operations queued waiting for the lock (i.e., the sum of current_queue.readers and current_queue.writers). + - name: readers + type: long + description: > + The number of operations that are currently queued and waiting for the read lock. + - name: writers + type: long + description: > + The number of operations that are currently queued and waiting for the write lock. + - name: active_clients + type: group + description: > + The number of connected clients and the read and write operations performed by these clients. + fields: + - name: total + type: long + description: > + Total number of the active client connections performing read or write operations. + - name: readers + type: long + description: > + The number of the active client connections performing read operations. + - name: writers + type: long + description: > + The number of the active client connections performing write operations. + - name: locks + type: group + description: > + A document that reports for each lock , data on lock s. + The possible lock s are global, database, collection, metadata and oplog. + The possible s are r, w, R and W which respresent shared, exclusive, intent shared and intent exclusive. + + locks..acquire.count. shows the number of times the lock was acquired in the specified mode. + locks..wait.count. shows the number of times the locks.acquireCount lock acquisitions encountered waits + because the locks were held in a conflicting mode. + locks..wait.us. shows the cumulative wait time in microseconds for the lock acquisitions. + locks..deadlock.count. shows the number of times the lock acquisitions encountered deadlocks. + fields: + - name: global + type: group + fields: + - name: acquire.count.r + type: long + - name: acquire.count.w + type: long + - name: acquire.count.R + type: long + - name: acquire.count.W + type: long + - name: wait.count.r + type: long + - name: wait.count.w + type: long + - name: wait.count.R + type: long + - name: wait.count.W + type: long + - name: wait.us.r + type: long + - name: wait.us.w + type: long + - name: wait.us.R + type: long + - name: wait.us.W + type: long + - name: deadlock.count.r + type: long + - name: deadlock.count.w + type: long + - name: deadlock.count.R + type: long + - name: deadlock.count.W + type: long + - name: database + type: group + fields: + - name: acquire.count.r + type: long + - name: acquire.count.w + type: long + - name: acquire.count.R + type: long + - name: acquire.count.W + type: long + - name: wait.count.r + type: long + - name: wait.count.w + type: long + - name: wait.count.R + type: long + - name: wait.count.W + type: long + - name: wait.us.r + type: long + - name: wait.us.w + type: long + - name: wait.us.R + type: long + - name: wait.us.W + type: long + - name: deadlock.count.r + type: long + - name: deadlock.count.w + type: long + - name: deadlock.count.R + type: long + - name: deadlock.count.W + type: long + - name: collection + type: group + fields: + - name: acquire.count.r + type: long + - name: acquire.count.w + type: long + - name: acquire.count.R + type: long + - name: acquire.count.W + type: long + - name: wait.count.r + type: long + - name: wait.count.w + type: long + - name: wait.count.R + type: long + - name: wait.count.W + type: long + - name: wait.us.r + type: long + - name: wait.us.w + type: long + - name: wait.us.R + type: long + - name: wait.us.W + type: long + - name: deadlock.count.r + type: long + - name: deadlock.count.w + type: long + - name: deadlock.count.R + type: long + - name: deadlock.count.W + type: long + - name: meta_data + type: group + fields: + - name: acquire.count.r + type: long + - name: acquire.count.w + type: long + - name: acquire.count.R + type: long + - name: acquire.count.W + type: long + - name: wait.count.r + type: long + - name: wait.count.w + type: long + - name: wait.count.R + type: long + - name: wait.count.W + type: long + - name: wait.us.r + type: long + - name: wait.us.w + type: long + - name: wait.us.R + type: long + - name: wait.us.W + type: long + - name: deadlock.count.r + type: long + - name: deadlock.count.w + type: long + - name: deadlock.count.R + type: long + - name: deadlock.count.W + type: long + - name: oplog + type: group + fields: + - name: acquire.count.r + type: long + - name: acquire.count.w + type: long + - name: acquire.count.R + type: long + - name: acquire.count.W + type: long + - name: wait.count.r + type: long + - name: wait.count.w + type: long + - name: wait.count.R + type: long + - name: wait.count.W + type: long + - name: wait.us.r + type: long + - name: wait.us.w + type: long + - name: wait.us.R + type: long + - name: wait.us.W + type: long + - name: deadlock.count.r + type: long + - name: deadlock.count.w + type: long + - name: deadlock.count.R + type: long + - name: deadlock.count.W + type: long + + - name: network + type: group + description: > + Platform specific data. + fields: + - name: in.bytes + type: long + format: bytes + description: > + The amount of network traffic, in bytes, received by this database. + - name: out.bytes + type: long + format: bytes + description: > + The amount of network traffic, in bytes, sent from this database. + - name: requests + type: long + description: > + The total number of requests received by the server. + + - name: ops.latencies + type: group + description: > + Operation latencies for the database as a whole. + Only mongod instances report this metric. + fields: + - name: reads.latency + type: long + description: > + Total combined latency in microseconds. + - name: reads.count + type: long + description: > + Total number of read operations performed on the collection since startup. + - name: writes.latency + type: long + description: > + Total combined latency in microseconds. + - name: writes.count + type: long + description: > + Total number of write operations performed on the collection since startup. + - name: commands.latency + type: long + description: > + Total combined latency in microseconds. + - name: commands.count + type: long + description: > + Total number of commands performed on the collection since startup. + + - name: ops.counters + type: group + description: > + An overview of database operations by type. + fields: + - name: insert + type: long + description: > + The total number of insert operations received since the mongod + instance last started. + - name: query + type: long + description: > + The total number of queries received since the mongod instance last + started. + - name: update + type: long + description: > + The total number of update operations received since the mongod + instance last started. + - name: delete + type: long + description: > + The total number of delete operations received since the mongod + instance last started. + - name: getmore + type: long + description: > + The total number of getmore operations received since the mongod + instance last started. + - name: command + type: long + description: > + The total number of commands issued to the database since the mongod + instance last started. + + - name: ops.replicated + type: group + description: > + An overview of database replication operations by type. + fields: + - name: insert + type: long + description: > + The total number of replicated insert operations received since the + mongod instance last started. + - name: query + type: long + description: > + The total number of replicated queries received since the mongod + instance last started. + - name: update + type: long + description: > + The total number of replicated update operations received since the + mongod instance last started. + - name: delete + type: long + description: > + The total number of replicated delete operations received since the + mongod instance last started. + - name: getmore + type: long + description: > + The total number of replicated getmore operations received since the + mongod instance last started. + - name: command + type: long + description: > + The total number of replicated commands issued to the database since + the mongod instance last started. + + - name: memory + type: group + description: > + Data about the current memory usage of the mongod server. + fields: + - name: bits + type: long + description: > + Either 64 or 32, depending on which target architecture was specified + during the mongod compilation process. + - name: resident.mb + type: long + description: > + The amount of RAM, in megabytes (MB), currently used by the database + process. + - name: virtual.mb + type: long + description: > + The amount, in megabytes (MB), of virtual memory used by the mongod + process. + - name: mapped.mb + type: long + description: > + The amount of mapped memory, in megabytes (MB), used by the database. + Because MongoDB uses memory-mapped files, this value is likely to be + to be roughly equivalent to the total size of your database or + databases. + - name: mapped_with_journal.mb + type: long + description: > + The amount of mapped memory, in megabytes (MB), including the memory + used for journaling. + - name: write_backs_queued + type: boolean + description: > + True when there are operations from a mongos instance queued for retrying. + - name: storage_engine.name + type: keyword + description: > + A string that represents the name of the current storage engine. + + - name: wired_tiger + type: group + description: > + Statistics about the WiredTiger storage engine. + fields: + - name: concurrent_transactions + type: group + description: > + Statistics about the transactions currently in progress. + fields: + - name: write.out + type: long + description: > + Number of concurrent write transaction in progress. + - name: write.available + type: long + description: > + Number of concurrent write tickets available. + - name: write.total_tickets + type: long + description: > + Number of total write tickets. + - name: read.out + type: long + description: > + Number of concurrent read transaction in progress. + - name: read.available + type: long + description: > + Number of concurrent read tickets available. + - name: read.total_tickets + type: long + description: > + Number of total read tickets. + - name: cache + type: group + description: > + Statistics about the cache and page evictions from the cache. + fields: + - name: maximum.bytes + type: long + format: bytes + description: > + Maximum cache size. + - name: used.bytes + type: long + format: bytes + description: > + Size in byte of the data currently in cache. + - name: dirty.bytes + type: long + format: bytes + description: > + Size in bytes of the dirty data in the cache. + - name: pages.read + type: long + description: > + Number of pages read into the cache. + - name: pages.write + type: long + description: > + Number of pages written from the cache. + - name: pages.evicted + type: long + description: > + Number of pages evicted from the cache. + - name: log + type: group + description: > + Statistics about the write ahead log used by WiredTiger. + fields: + - name: size.bytes + type: long + format: bytes + description: > + Total log size in bytes. + - name: write.bytes + type: long + format: bytes + description: > + Number of bytes written into the log. + - name: max_file_size.bytes + type: long + format: bytes + description: > + Maximum file size. + - name: flushes + type: long + description: > + Number of flush operations. + - name: writes + type: long + description: > + Number of write operations. + - name: scans + type: long + description: > + Number of scan operations. + - name: syncs + type: long + description: > + Number of sync operations. + + - name: background_flushing + type: group + description: > + Data about the process MongoDB uses to write data to disk. This data is + only available for instances that use the MMAPv1 storage engine. + fields: + - name: flushes + type: long + description: > + A counter that collects the number of times the database has + flushed all writes to disk. + - name: total.ms + type: long + description: > + The total number of milliseconds (ms) that the mongod processes have + spent writing (i.e. flushing) data to disk. Because this is an + absolute value, consider the value of `flushes` and `average_ms` to + provide better context for this datum. + - name: average.ms + type: long + description: > + The average time spent flushing to disk per flush event. + - name: last.ms + type: long + description: > + The amount of time, in milliseconds, that the last flush operation + took to complete. + - name: last_finished + type: date + description: > + A timestamp of the last completed flush operation. + + - name: journaling + type: group + description: > + Data about the journaling-related operations and performance. Journaling + information only appears for mongod instances that use the MMAPv1 + storage engine and have journaling enabled. + fields: + - name: commits + type: long + description: > + The number of transactions written to the journal during the last + journal group commit interval. + - name: journaled.mb + type: long + description: > + The amount of data in megabytes (MB) written to journal during the + last journal group commit interval. + - name: write_to_data_files.mb + type: long + description: > + The amount of data in megabytes (MB) written from journal to the + data files during the last journal group commit interval. + - name: compression + type: long + description: > + The compression ratio of the data written to the journal. + - name: commits_in_write_lock + type: long + description: > + Count of the commits that occurred while a write lock was held. + Commits in a write lock indicate a MongoDB node under a heavy write + load and call for further diagnosis. + - name: early_commits + type: long + description: > + The number of times MongoDB requested a commit before the scheduled + journal group commit interval. + - name: times + type: group + description: > + Information about the performance of the mongod instance during the + various phases of journaling in the last journal group commit + interval. + fields: + - name: dt.ms + type: long + description: > + The amount of time over which MongoDB collected the times data. + Use this field to provide context to the other times field values. + - name: prep_log_buffer.ms + type: long + description: > + The amount of time spent preparing to write to the journal. + Smaller values indicate better journal performance. + - name: write_to_journal.ms + type: long + description: > + The amount of time spent actually writing to the journal. File + system speeds and device interfaces can affect performance. + - name: write_to_data_files.ms + type: long + description: > + The amount of time spent writing to data files after journaling. + File system speeds and device interfaces can affect performance. + - name: remap_private_view.ms + type: long + description: > + The amount of time spent remapping copy-on-write memory mapped + views. Smaller values indicate better journal performance. + - name: commits.ms + type: long + description: > + The amount of time spent for commits. + - name: commits_in_write_lock.ms + type: long + description: > + The amount of time spent for commits that occurred while a write + lock was held. + diff --git a/dev/packages/beats/mssql-0.0.1/dataset/performance/fields/fields.yml b/dev/packages/beats/mssql-0.0.1/dataset/performance/fields/fields.yml new file mode 100644 index 000000000..7a383795f --- /dev/null +++ b/dev/packages/beats/mssql-0.0.1/dataset/performance/fields/fields.yml @@ -0,0 +1,100 @@ +- key: mssql + title: "MSSQL" + description: MS SQL module + release: beta + fields: + - name: mssql + type: group + description: The root field containing all MSSQL fields + fields: + - name: database + type: group + description: The database that the metrics is being referred to + fields: + - name: id + type: long + description: Unique ID of the database inside MSSQL + - name: name + type: keyword + description: Name of the database + - name: performance + type: group + description: performance metricset fetches information about the Performance Counters + release: beta + fields: + - name: page_splits_per_sec + type: long + description: Number of page splits per second that occur as the result of overflowing index pages. + + - name: lock_waits_per_sec + type: long + description: Number of lock requests per second that required the caller to wait. + + - name: user_connections + type: long + description: Total number of user connections + + - name: transactions + description: Total number of transactions + type: long + + - name: active_temp_tables + description: Number of temporary tables/table variables in use. + type: long + + - name: connections_reset_per_sec + type: long + description: Total number of logins started from the connection pool. + + - name: logins_per_sec + description: Total number of logins started per second. This does not include pooled connections. + type: long + + - name: logouts_per_sec + description: Total number of logout operations started per second. + type: long + + - name: recompilations_per_sec + type: long + description: Number of statement recompiles per second. Counts the number of times statement recompiles are triggered. Generally, you want the recompiles to be low. + + - name: compilations_per_sec + description: Number of SQL compilations per second. Indicates the number of times the compile code path is entered. Includes compiles caused by statement-level recompilations in SQL Server. After SQL Server user activity is stable, this value reaches a steady state. + type: long + + - name: batch_requests_per_sec + description: Number of Transact-SQL command batches received per second. This statistic is affected by all constraints (such as I/O, number of users, cache size, complexity of requests, and so on). High batch requests mean good throughput. + type: long + + - name: buffer + type: group + fields: + - name: cache_hit + type: group + description: Indicates the percentage of pages found in the buffer cache without having to read from disk. + fields: + - name: pct + description: The ratio is the total number of cache hits divided by the total number of cache lookups over the last few thousand page accesses. After a long period of time, the ratio moves very little. Because reading from the cache is much less expensive than reading from disk, you want this ratio to be high + type: double + + - name: page_life_expectancy + type: group + description: Indicates the number of seconds a page will stay in the buffer pool without references. + fields: + - name: sec + description: Indicates the number of seconds a page will stay in the buffer pool without references (in seconds). + type: long + + - name: checkpoint_pages_per_sec + description: Indicates the number of pages flushed to disk per second by a checkpoint or other operation that require all dirty pages to be flushed. + type: long + + - name: database_pages + description: Indicates the number of pages in the buffer pool with database content. + fields: + type: long + + - name: target_pages + description: Ideal number of pages in the buffer pool. + fields: + type: long diff --git a/dev/packages/beats/mssql-0.0.1/dataset/transaction_log/fields/fields.yml b/dev/packages/beats/mssql-0.0.1/dataset/transaction_log/fields/fields.yml new file mode 100644 index 000000000..f50b28ce4 --- /dev/null +++ b/dev/packages/beats/mssql-0.0.1/dataset/transaction_log/fields/fields.yml @@ -0,0 +1,87 @@ +- key: mssql + title: "MSSQL" + description: MS SQL module + release: beta + fields: + - name: mssql + type: group + description: The root field containing all MSSQL fields + fields: + - name: database + type: group + description: The database that the metrics is being referred to + fields: + - name: id + type: long + description: Unique ID of the database inside MSSQL + - name: name + type: keyword + description: Name of the database + - name: transaction_log + type: group + description: transaction_log metricset will fetch information about the operation and transaction log of each database from a MSSQL instance + release: beta + fields: + - name: space_usage + type: group + description: Space usage information for the transaction log + fields: + - name: since_last_backup + description: The amount of space used since the last log backup + type: group + fields: + - name: bytes + description: The amount of space used since the last log backup in bytes + type: long + - name: total + type: group + description: The size of the log + fields: + - name: bytes + description: The size of the log in bytes + type: long + - name: used + type: group + description: The occupied size of the log + fields: + - name: bytes + description: The occupied size of the log in bytes + type: long + - name: pct + description: A percentage of the occupied size of the log as a percent of the total log size + type: float + - name: stats + type: group + description: Returns summary level attributes and information on transaction log files of databases. Use this information for monitoring and diagnostics of transaction log health. + fields: + - name: active_size + description: Total active transaction log size. + type: group + fields: + - name: bytes + description: Total active transaction log size in bytes + type: long + - name: backup_time + type: date + description: Last transaction log backup time. + - name: recovery_size + type: group + description: Log size since log recovery log sequence number (LSN). + fields: + - name: bytes + description: Log size in bytes since log recovery log sequence number (LSN). + type: long + - name: since_last_checkpoint + type: group + description: Log size since last checkpoint log sequence number (LSN). + fields: + - name: bytes + description: Log size in bytes since last checkpoint log sequence number (LSN). + type: long + - name: total_size + type: group + description: Total transaction log size. + fields: + - name: bytes + description: Total transaction log size in bytes. + type: long diff --git a/dev/packages/beats/munin-0.0.1/dataset/node/fields/fields.yml b/dev/packages/beats/munin-0.0.1/dataset/node/fields/fields.yml new file mode 100644 index 000000000..ff8ba0230 --- /dev/null +++ b/dev/packages/beats/munin-0.0.1/dataset/node/fields/fields.yml @@ -0,0 +1,20 @@ +- key: munin + title: "Munin" + description: > + Munin node metrics exporter + release: ga + fields: + - name: munin.metrics.* + type: object + object_type: double + object_type_mapping_type: '*' + description: > + Metrics exposed by a plugin of a munin node agent. + - name: munin.plugin.name + type: keyword + description: > + Name of the plugin collecting these metrics. + - name: munin + type: group + fields: + - release: ga diff --git a/dev/packages/beats/mysql-0.0.1/dataset/galera_status/fields/fields.yml b/dev/packages/beats/mysql-0.0.1/dataset/galera_status/fields/fields.yml new file mode 100644 index 000000000..8d7bbc8a8 --- /dev/null +++ b/dev/packages/beats/mysql-0.0.1/dataset/galera_status/fields/fields.yml @@ -0,0 +1,287 @@ +- key: mysql + title: "MySQL" + description: > + MySQL server status metrics collected from MySQL. + short_config: false + release: ga + fields: + - name: mysql + type: group + description: > + `mysql` contains the metrics that were obtained from MySQL + query. + fields: + - name: galera_status + type: group + release: beta + description: > + `galera_status` contains the metrics that were obtained by the status SQL query on Galera. + fields: + - name: apply + type: group + description: > + Apply status fields. + fields: + - name: oooe + type: double + description: > + How often applier started write-set applying out-of-order (parallelization efficiency). + + - name: oool + type: double + description: > + How often write-set was so slow to apply that write-set with higher seqno's were applied earlier. + Values closer to 0 refer to a greater gap between slow and fast write-sets. + + - name: window + type: double + description: > + Average distance between highest and lowest concurrently applied seqno. + + - name: cert + type: group + description: > + Certification status fields. + fields: + - name: deps_distance + type: double + description: > + Average distance between highest and lowest seqno value that can be possibly applied in parallel (potential degree of parallelization). + + - name: index_size + type: long + description: > + The number of entries in the certification index. + + - name: interval + type: double + description: > + Average number of transactions received while a transaction replicates. + + - name: cluster + type: group + description: > + Cluster status fields. + fields: + - name: conf_id + type: long + description: > + Total number of cluster membership changes happened. + + - name: size + type: long + description: > + Current number of members in the cluster. + + - name: status + type: keyword + description: > + Status of this cluster component. That is, whether the node is part of a PRIMARY or NON_PRIMARY component. + + - name: commit + type: group + description: > + Commit status fields. + fields: + - name: oooe + type: double + description: > + How often a transaction was committed out of order. + + - name: window + type: long + description: > + Average distance between highest and lowest concurrently committed seqno. + + - name: connected + type: keyword + description: > + If the value is OFF, the node has not yet connected to any of the cluster components. + This may be due to misconfiguration. Check the error log for proper diagnostics. + + - name: evs + type: group + description: > + Evs Fields. + fields: + - name: evict + type: keyword + description: > + Lists the UUID's of all nodes evicted from the cluster. + Evicted nodes cannot rejoin the cluster until you restart their mysqld processes. + + - name: state + type: keyword + description: > + Shows the internal state of the EVS Protocol. + + - name: flow_ctl + type: group + description: > + Flow Control fields. + fields: + - name: paused + type: double + description: > + The fraction of time since the last FLUSH STATUS command that replication was paused due to flow control. + In other words, how much the slave lag is slowing down the cluster. + + - name: paused_ns + type: long + description: > + The total time spent in a paused state measured in nanoseconds. + + - name: recv + type: long + description: > + Returns the number of FC_PAUSE events the node has received, including those the node has sent. + Unlike most status variables, the counter for this one does not reset every time you run the query. + + - name: sent + type: long + description: > + Returns the number of FC_PAUSE events the node has sent. + Unlike most status variables, the counter for this one does not reset every time you run the query. + + - name: last_committed + type: long + description: > + The sequence number, or seqno, of the last committed transaction. + + - name: local + type: group + description: > + Node specific Cluster status fields. + fields: + - name: bf_aborts + type: long + description: > + Total number of local transactions that were aborted by slave transactions while in execution. + + - name: cert_failures + type: long + description: > + Total number of local transactions that failed certification test. + + - name: commits + type: long + description: > + Total number of local transactions committed. + + - name: recv + type: group + description: > + Node specific recv fields. + fields: + - name: queue + type: long + description: > + Current (instantaneous) length of the recv queue. + + - name: queue_avg + type: double + description: > + Recv queue length averaged over interval since the last FLUSH STATUS command. + Values considerably larger than 0.0 mean that the node cannot apply write-sets as fast + as they are received and will generate a lot of replication throttling. + + - name: queue_max + type: long + description: > + The maximum length of the recv queue since the last FLUSH STATUS command. + + - name: queue_min + type: long + description: > + The minimum length of the recv queue since the last FLUSH STATUS command. + + - name: replays + type: long + description: > + Total number of transaction replays due to asymmetric lock granularity. + + - name: send + type: group + description: > + Node specific sent fields. + fields: + - name: queue + type: long + description: > + Current (instantaneous) length of the send queue. + + - name: queue_avg + type: double + description: > + Send queue length averaged over time since the last FLUSH STATUS command. + Values considerably larger than 0.0 indicate replication throttling or network throughput issue. + + - name: queue_max + type: long + description: > + The maximum length of the send queue since the last FLUSH STATUS command. + + - name: queue_min + type: long + description: > + The minimum length of the send queue since the last FLUSH STATUS command. + + - name: state + type: keyword + description: > + Internal Galera Cluster FSM state number. + + - name: ready + type: keyword + description: > + Whether the server is ready to accept queries. + + - name: received + type: group + description: > + Write-Set receive status fields. + fields: + - name: count + type: long + description: > + Total number of write-sets received from other nodes. + + - name: bytes + type: long + description: > + Total size of write-sets received from other nodes. + + - name: repl + type: group + description: > + Replication status fields. + fields: + - name: data_bytes + type: long + description: > + Total size of data replicated. + + - name: keys + type: long + description: > + Total number of keys replicated. + + - name: keys_bytes + type: long + description: > + Total size of keys replicated. + + - name: other_bytes + type: long + description: > + Total size of other bits replicated. + + - name: count + type: long + description: > + Total number of write-sets replicated (sent to other nodes). + + - name: bytes + type: long + description: > + Total size of write-sets replicated. diff --git a/dev/packages/beats/mysql-0.0.1/dataset/status/fields/fields.yml b/dev/packages/beats/mysql-0.0.1/dataset/status/fields/fields.yml new file mode 100644 index 000000000..8b9cf3295 --- /dev/null +++ b/dev/packages/beats/mysql-0.0.1/dataset/status/fields/fields.yml @@ -0,0 +1,397 @@ +- key: mysql + title: "MySQL" + description: > + MySQL server status metrics collected from MySQL. + short_config: false + release: ga + fields: + - name: mysql + type: group + description: > + `mysql` contains the metrics that were obtained from MySQL + query. + fields: + - name: status + type: group + description: > + `status` contains the metrics that were obtained by the status SQL query. + release: ga + fields: + - name: aborted + type: group + description: > + Aborted status fields. + fields: + - name: clients + type: long + description: > + The number of connections that were aborted because the client died without closing the connection properly. + + - name: connects + type: long + description: > + The number of failed attempts to connect to the MySQL server. + + - name: binlog + type: group + description: > + fields: + - name: cache.disk_use + type: long + description: > + + - name: cache.use + type: long + description: > + + - name: bytes + type: group + description: > + Bytes stats. + fields: + - name: received + format: bytes + type: long + description: > + The number of bytes received from all clients. + + - name: sent + type: long + format: bytes + description: > + The number of bytes sent to all clients. + + - name: threads + type: group + description: > + Threads stats. + fields: + - name: cached + type: long + description: > + The number of cached threads. + + - name: created + type: long + description: > + The number of created threads. + + - name: connected + type: long + description: > + The number of connected threads. + + - name: running + type: long + description: > + The number of running threads. + + - name: connections + type: long + description: > + + - name: created + type: group + description: > + fields: + - name: tmp.disk_tables + type: long + description: > + + - name: tmp.files + type: long + description: > + + - name: tmp.tables + type: long + description: > + + - name: delayed + type: group + description: > + fields: + - name: errors + type: long + description: > + + - name: insert_threads + type: long + description: > + + - name: writes + type: long + description: > + + - name: flush_commands + type: long + description: > + + - name: max_used_connections + type: long + description: > + + - name: open + type: group + description: > + fields: + - name: files + type: long + description: > + + - name: streams + type: long + description: > + + - name: tables + type: long + description: > + + - name: opened_tables + type: long + description: > + + - name: command + type: group + description: > + fields: + - name: delete + type: long + description: > + The number of DELETE queries since startup. + + - name: insert + type: long + description: > + The number of INSERT queries since startup. + + - name: select + type: long + description: > + The number of SELECT queries since startup. + + - name: update + type: long + description: > + The number of UPDATE queries since startup. + + - name: queries + type: long + description: > + The number of statements executed by the server. This variable includes statements executed within stored programs, unlike the Questions variable. It does not count COM_PING or COM_STATISTICS commands. + + - name: questions + type: long + description: > + The number of statements executed by the server. This includes only statements sent to the server by clients and not statements executed within stored programs, unlike the Queries variable. This variable does not count COM_PING, COM_STATISTICS, COM_STMT_PREPARE, COM_STMT_CLOSE, or COM_STMT_RESET commands. + + - name: handler + type: group + description: > + fields: + - name: commit + type: long + description: > + The number of internal COMMIT statements. + + - name: delete + type: long + description: > + The number of times that rows have been deleted from tables. + + - name: external_lock + type: long + description: > + The server increments this variable for each call to its external_lock() function, which generally occurs at the beginning and end of access to a table instance. + + - name: mrr_init + type: long + description: > + The number of times the server uses a storage engine's own Multi-Range Read implementation for table access. + + - name: prepare + type: long + description: > + A counter for the prepare phase of two-phase commit operations. + + - name: read + type: group + description: > + fields: + - name: first + type: long + description: > + The number of times the first entry in an index was read. + + - name: key + type: long + description: > + The number of requests to read a row based on a key. + + - name: last + type: long + description: > + The number of requests to read the last key in an index. + + - name: next + type: long + description: > + The number of requests to read the next row in key order. + + - name: prev + type: long + description: > + The number of requests to read the previous row in key order. + + - name: rnd + type: long + description: > + The number of requests to read a row based on a fixed position. + + - name: rnd_next + type: long + description: > + The number of requests to read the next row in the data file. + + - name: rollback + type: long + description: > + The number of requests for a storage engine to perform a rollback operation. + + - name: savepoint + type: long + description: > + The number of requests for a storage engine to place a savepoint. + + - name: savepoint_rollback + type: long + description: > + The number of requests for a storage engine to roll back to a savepoint. + + - name: update + type: long + description: > + The number of requests to update a row in a table. + + - name: write + type: long + description: > + The number of requests to insert a row in a table. + + - name: innodb + type: group + description: > + fields: + - name: buffer_pool + type: group + description: > + fields: + - name: dump_status + type: long + description: > + The progress of an operation to record the pages held in the InnoDB buffer pool, triggered by the setting of innodb_buffer_pool_dump_at_shutdown or innodb_buffer_pool_dump_now. + + - name: load_status + type: long + description: > + The progress of an operation to warm up the InnoDB buffer pool by reading in a set of pages corresponding to an earlier point in time, triggered by the setting of innodb_buffer_pool_load_at_startup or innodb_buffer_pool_load_now. + + - name: bytes + type: group + description: > + fields: + - name: data + type: long + description: > + The total number of bytes in the InnoDB buffer pool containing data. + + - name: dirty + type: long + description: > + The total current number of bytes held in dirty pages in the InnoDB buffer pool. + + - name: pages + type: group + description: > + fields: + - name: data + type: long + description: > + he number of pages in the InnoDB buffer pool containing data. + + - name: dirty + type: long + description: > + The current number of dirty pages in the InnoDB buffer pool. + + - name: flushed + type: long + description: > + The number of requests to flush pages from the InnoDB buffer pool. + + - name: free + type: long + description: > + The number of free pages in the InnoDB buffer pool. + + - name: latched + type: long + description: > + The number of latched pages in the InnoDB buffer pool. + + - name: misc + type: long + description: > + The number of pages in the InnoDB buffer pool that are busy because they have been allocated for administrative overhead, such as row locks or the adaptive hash index. + + - name: total + type: long + description: > + The total size of the InnoDB buffer pool, in pages. + + - name: read + type: group + description: > + fields: + - name: ahead + type: long + description: > + The number of pages read into the InnoDB buffer pool by the read-ahead background thread. + + - name: ahead_evicted + type: long + description: > + The number of pages read into the InnoDB buffer pool by the read-ahead background thread that were subsequently evicted without having been accessed by queries. + + - name: ahead_rnd + type: long + description: > + The number of "random" read-aheads initiated by InnoDB. + + - name: requests + type: long + description: > + The number of logical read requests. + + - name: pool + type: group + description: > + fields: + - name: reads + type: long + description: > + The number of logical reads that InnoDB could not satisfy from the buffer pool, and had to read directly from disk. + + - name: resize_status + type: long + description: > + The status of an operation to resize the InnoDB buffer pool dynamically, triggered by setting the innodb_buffer_pool_size parameter dynamically. + + - name: wait_free + type: long + description: > + Normally, writes to the InnoDB buffer pool happen in the background. When InnoDB needs to read or create a page and no clean pages are available, InnoDB flushes some dirty pages first and waits for that operation to finish. This counter counts instances of these waits. + + - name: write_requests + type: long + description: > + The number of writes done to the InnoDB buffer pool. diff --git a/dev/packages/beats/nats-0.0.1/dataset/connections/fields/fields.yml b/dev/packages/beats/nats-0.0.1/dataset/connections/fields/fields.yml new file mode 100644 index 000000000..acc0c8b0b --- /dev/null +++ b/dev/packages/beats/nats-0.0.1/dataset/connections/fields/fields.yml @@ -0,0 +1,29 @@ +- key: nats + title: "Nats" + description: > + nats Module + release: ga + fields: + - name: nats + type: group + description: > + `nats` contains statistics that were read from Nats + fields: + - name: server.id + type: keyword + description: > + The server ID + - name: server.time + type: date + description: > + Server time of metric creation + - name: connections + type: group + description: > + Contains nats connection related metrics + release: ga + fields: + - name: total + type: integer + description: > + The number of currently active clients diff --git a/dev/packages/beats/nats-0.0.1/dataset/routes/fields/fields.yml b/dev/packages/beats/nats-0.0.1/dataset/routes/fields/fields.yml new file mode 100644 index 000000000..b108baa5b --- /dev/null +++ b/dev/packages/beats/nats-0.0.1/dataset/routes/fields/fields.yml @@ -0,0 +1,29 @@ +- key: nats + title: "Nats" + description: > + nats Module + release: ga + fields: + - name: nats + type: group + description: > + `nats` contains statistics that were read from Nats + fields: + - name: server.id + type: keyword + description: > + The server ID + - name: server.time + type: date + description: > + Server time of metric creation + - name: routes + type: group + description: > + Contains nats route related metrics + release: ga + fields: + - name: total + type: integer + description: > + The number of registered routes diff --git a/dev/packages/beats/nats-0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/nats-0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 000000000..6a510c397 --- /dev/null +++ b/dev/packages/beats/nats-0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,119 @@ +- key: nats + title: "Nats" + description: > + nats Module + release: ga + fields: + - name: nats + type: group + description: > + `nats` contains statistics that were read from Nats + fields: + - name: server.id + type: keyword + description: > + The server ID + - name: server.time + type: date + description: > + Server time of metric creation + - name: stats + type: group + description: > + Contains nats var related metrics + release: ga + fields: + - name: uptime + type: long + format: duration + description: > + The period the server is up (sec) + - name: mem.bytes + type: long + format: bytes + description: > + The current memory usage of NATS process + - name: cores + type: integer + description: > + The number of logical cores the NATS process runs on + - name: cpu + type: scaled_float + format: percent + description: > + The current cpu usage of NATs process + - name: total_connections + type: long + description: > + The number of totally created clients + - name: remotes + type: integer + description: > + The number of registered remotes + - name: in + type: group + description: > + The amount of incoming data + fields: + - name: messages + type: long + description: > + The amount of incoming messages + - name: bytes + type: long + format: bytes + description: > + The amount of incoming bytes + - name: out + type: group + description: > + The amount of outgoing data + fields: + - name: messages + type: long + description: > + The amount of outgoing messages + - name: bytes + type: long + format: bytes + description: > + The amount of outgoing bytes + - name: slow_consumers + type: long + description: > + The number of slow consumers currently on NATS + - name: http + type: group + description: > + The http metrics of NATS server + fields: + - name: req_stats + type: group + description: > + The requests statistics + fields: + - name: uri + type: group + description: > + The request distribution on monitoring URIS + fields: + - name: routez + type: long + description: > + The number of hits on routez monitoring uri + - name: connz + type: long + description: > + The number of hits on connz monitoring uri + - name: varz + type: long + description: > + The number of hits on varz monitoring uri + - name: subsz + type: long + description: > + The number of hits on subsz monitoring uri + - name: root + type: long + description: > + The number of hits on root monitoring uri diff --git a/dev/packages/beats/nats-0.0.1/dataset/subscriptions/fields/fields.yml b/dev/packages/beats/nats-0.0.1/dataset/subscriptions/fields/fields.yml new file mode 100644 index 000000000..1a4ef5e2a --- /dev/null +++ b/dev/packages/beats/nats-0.0.1/dataset/subscriptions/fields/fields.yml @@ -0,0 +1,58 @@ +- key: nats + title: "Nats" + description: > + nats Module + release: ga + fields: + - name: nats + type: group + description: > + `nats` contains statistics that were read from Nats + fields: + - name: server.id + type: keyword + description: > + The server ID + - name: server.time + type: date + description: > + Server time of metric creation + - name: subscriptions + type: group + description: > + Contains nats subscriptions related metrics + release: ga + fields: + - name: total + type: integer + description: > + The number of active subscriptions + - name: inserts + type: long + description: > + The number of insert operations in subscriptions list + - name: removes + type: long + description: > + The number of remove operations in subscriptions list + - name: matches + type: long + description: > + The number of times a match is found for a subscription + - name: cache.size + type: integer + description: > + The number of result sets in the cache + - name: cache.hit_rate + type: scaled_float + format: percent + description: > + The rate matches are being retrieved from cache + - name: cache.fanout.max + type: integer + description: > + The maximum fanout served by cache + - name: cache.fanout.avg + type: double + description: > + The average fanout served by cache diff --git a/dev/packages/beats/nginx-0.0.1/dataset/stubstatus/fields/fields.yml b/dev/packages/beats/nginx-0.0.1/dataset/stubstatus/fields/fields.yml new file mode 100644 index 000000000..8332545ec --- /dev/null +++ b/dev/packages/beats/nginx-0.0.1/dataset/stubstatus/fields/fields.yml @@ -0,0 +1,59 @@ +- key: nginx + title: "Nginx" + description: > + Nginx server status metrics collected from various modules. + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: nginx + type: group + description: > + `nginx` contains the metrics that were scraped from nginx. + fields: + - name: stubstatus + type: group + description: > + `stubstatus` contains the metrics that were scraped from the ngx_http_stub_status_module status page. + release: ga + fields: + - name: hostname + type: keyword + description: > + Nginx hostname. + - name: active + type: long + description: > + The current number of active client connections including Waiting connections. + - name: accepts + type: long + description: > + The total number of accepted client connections. + - name: handled + type: long + description: > + The total number of handled client connections. + - name: dropped + type: long + description: > + The total number of dropped client connections. + - name: requests + type: long + description: > + The total number of client requests. + - name: current + type: long + description: > + The current number of client requests. + - name: reading + type: long + description: > + The current number of connections where Nginx is reading the request header. + - name: writing + type: long + description: > + The current number of connections where Nginx is writing the response back to the client. + - name: waiting + type: long + description: > + The current number of idle client connections waiting for a request. diff --git a/dev/packages/beats/oracle-0.0.1/dataset/performance/fields/fields.yml b/dev/packages/beats/oracle-0.0.1/dataset/performance/fields/fields.yml new file mode 100644 index 000000000..db49204df --- /dev/null +++ b/dev/packages/beats/oracle-0.0.1/dataset/performance/fields/fields.yml @@ -0,0 +1,92 @@ +- key: oracle + title: "Oracle" + description: Oracle database module + short_config: false + release: beta + fields: + - name: oracle + type: group + description: Oracle module + fields: + - name: performance + type: group + description: Performance related metrics on a single database instance + release: beta + fields: + - name: machine + type: keyword + description: Operating system machine name + - name: buffer_pool + type: keyword + description: Name of the buffer pool in the instance + - name: username + type: keyword + description: Oracle username + - name: io_reloads + type: double + description: Reloads / Pins ratio. A Reload is any PIN of an object that is not the first PIN performed since the object handle was created, and which requires loading the object from disk. Pins are the number of times a PIN was requested for objects of this namespace + - name: lock_requests + type: long + description: Average of the ratio between 'gethits' and 'gets' being 'Gethits' the number of times an object's handle was found in memory and 'gets' the number of times a lock was requested for objects of this namespace. + - name: pin_requests + type: double + description: Average of all pinhits/pins ratios being 'PinHits' the number of times all of the metadata pieces of the library object were found in memory and 'pins' the number of times a PIN was requested for objects of this namespace + - name: cache + type: group + description: Statistics about all buffer pools available for the instance + fields: + - name: buffer.hit.pct + type: double + description: The cache hit ratio of the specified buffer pool. + - name: physical_reads + type: long + description: Physical reads + - name: get + type: group + description: Buffer pool 'get' statistics + fields: + - name: consistent + type: long + description: Consistent gets statistic + - name: db_blocks + type: long + description: Database blocks gotten + - name: cursors + type: group + description: Cursors information + fields: + - name: avg + type: double + description: Average cursors opened by username and machine + - name: max + type: double + description: Max cursors opened by username and machine + - name: total + type: double + description: Total opened cursors by username and machine + - name: opened + type: group + description: Opened cursors statistic + fields: + - name: current + type: long + description: Total number of current open cursors + - name: total + type: long + description: Total number of cursors opened since the instance started + - name: parse + type: group + description: Parses statistic information that occured in the current session + fields: + - name: real + type: long + description: "Real number of parses that occurred: session cursor cache hits - parse count (total)" + - name: total + type: long + description: Total number of parse calls (hard and soft). A soft parse is a check on an object already in the shared pool, to verify that the permissions on the underlying object have not changed. + - name: session.cache_hits + type: long + description: Number of hits in the session cursor cache. A hit means that the SQL statement did not have to be reparsed. + - name: cache_hit.pct + type: double + description: Ratio of session cursor cache hits from total number of cursors diff --git a/dev/packages/beats/oracle-0.0.1/dataset/tablespace/fields/fields.yml b/dev/packages/beats/oracle-0.0.1/dataset/tablespace/fields/fields.yml new file mode 100644 index 000000000..84d740aa6 --- /dev/null +++ b/dev/packages/beats/oracle-0.0.1/dataset/tablespace/fields/fields.yml @@ -0,0 +1,71 @@ +- key: oracle + title: "Oracle" + description: Oracle database module + short_config: false + release: beta + fields: + - name: oracle + type: group + description: Oracle module + fields: + - name: tablespace + type: group + description: tablespace + release: beta + fields: + - name: name + type: keyword + description: Tablespace name + + - name: data_file + type: group + description: Database files information + fields: + - name: id + type: long + description: Tablespace unique identifier + - name: name + type: keyword + description: Filename of the data file + - name: size + type: group + description: Size information about the file + fields: + - name: max.bytes + format: bytes + type: long + description: Maximum file size in bytes + - name: bytes + format: bytes + type: long + description: Size of the file in bytes + - name: free.bytes + format: bytes + type: long + description: > + The size of the file available for user data. The actual size of the file minus this value is used to store file related metadata. + - name: status + type: keyword + description: > + 'File status: AVAILABLE or INVALID (INVALID means that the file number is not in use, for example, a file in + a tablespace that was dropped)' + - name: online_status + type: keyword + description: Last known online status of the data file. One of SYSOFF, SYSTEM, OFFLINE, ONLINE or RECOVER. + + - name: space + type: group + description: Tablespace space usage information + fields: + - name: free.bytes + format: bytes + type: long + description: Tablespace total free space available, in bytes. + - name: used.bytes + format: bytes + type: long + description: Tablespace used space, in bytes. + - name: total.bytes + format: bytes + type: long + description: Tablespace total size, in bytes. diff --git a/dev/packages/beats/osquery-0.0.1/dataset/result/fields/fields.yml b/dev/packages/beats/osquery-0.0.1/dataset/result/fields/fields.yml new file mode 100644 index 000000000..38645c143 --- /dev/null +++ b/dev/packages/beats/osquery-0.0.1/dataset/result/fields/fields.yml @@ -0,0 +1,36 @@ +- key: osquery + title: "Osquery" + description: > + Fields exported by the `osquery` module + fields: + - name: osquery + type: group + description: > + fields: + - name: result + type: group + description: > + Common fields exported by the result metricset. + fields: + - name: name + type: keyword + description: > + The name of the query that generated this event. + - name: action + type: keyword + description: > + For incremental data, marks whether the entry was added + or removed. It can be one of "added", "removed", or "snapshot". + - name: host_identifier + type: keyword + description: > + The identifier for the host on which the osquery agent is running. + Normally the hostname. + - name: unix_time + type: long + description: > + Unix timestamp of the event, in seconds since the epoch. Used for computing the `@timestamp` column. + - name: calendar_time + type: keyword + description: > + String representation of the collection time, as formatted by osquery. diff --git a/dev/packages/beats/panw-0.0.1/dataset/panos/fields/fields.yml b/dev/packages/beats/panw-0.0.1/dataset/panos/fields/fields.yml new file mode 100644 index 000000000..950108e74 --- /dev/null +++ b/dev/packages/beats/panw-0.0.1/dataset/panos/fields/fields.yml @@ -0,0 +1,139 @@ +- key: panw + title: panw + description: > + Module for Palo Alto Networks (PAN-OS) + fields: + - name: panw + type: group + description: > + Fields from the panw module. + fields: + - name: panos + type: group + description: > + Fields for the Palo Alto Networks PAN-OS logs. + fields: + - name: ruleset + type: keyword + description: > + Name of the rule that matched this session. + - name: source + type: group + description: > + Fields to extend the top-level source object. + fields: + - name: zone + type: keyword + description: > + Source zone for this session. + - name: interface + type: keyword + description: > + Source interface for this session. + - name: nat + type: group + description: > + Post-NAT source address, if source NAT is performed. + fields: + - name: ip + type: ip + description: > + Post-NAT source IP. + - name: port + type: long + description: > + Post-NAT source port. + + - name: destination + type: group + description: > + Fields to extend the top-level destination object. + fields: + - name: zone + type: keyword + description: > + Destination zone for this session. + - name: interface + type: keyword + description: > + Destination interface for this session. + - name: nat + type: group + description: > + Post-NAT destination address, if destination NAT is performed. + fields: + - name: ip + type: ip + description: > + Post-NAT destination IP. + - name: port + type: long + description: > + Post-NAT destination port. + + - name: network + type: group + description: > + Fields to extend the top-level network object. + fields: + - name: pcap_id + type: keyword + description: > + Packet capture ID for a threat. + + - name: nat + type: group + fields: + - name: community_id + type: keyword + description: > + Community ID flow-hash for the NAT 5-tuple. + + - name: file + type: group + description: > + Fields to extend the top-level file object. + fields: + - name: hash + description: > + Binary hash for a threat file sent to be analyzed + by the WildFire service. + type: keyword + + - name: url + type: group + description: > + Fields to extend the top-level url object. + fields: + - name: category + type: keyword + description: > + For threat URLs, it's the URL category. + For WildFire, the verdict on the file and is + either 'malicious', 'grayware', or 'benign'. + + - name: flow_id + type: keyword + description: > + Internal numeric identifier for each session. + + - name: sequence_number + type: long + description: > + Log entry identifier that is incremented sequentially. + Unique for each log type. + + - name: threat.resource + type: keyword + description: > + URL or file name for a threat. + + - name: threat.id + type: keyword + description: > + Palo Alto Networks identifier for the threat. + + - name: threat.name + type: keyword + description: > + Palo Alto Networks name for the threat. diff --git a/dev/packages/beats/php_fpm-0.0.1/dataset/pool/fields/fields.yml b/dev/packages/beats/php_fpm-0.0.1/dataset/pool/fields/fields.yml new file mode 100644 index 000000000..d0cd98867 --- /dev/null +++ b/dev/packages/beats/php_fpm-0.0.1/dataset/pool/fields/fields.yml @@ -0,0 +1,108 @@ +- key: php_fpm + title: "PHP_FPM" + description: > + PHP-FPM server status metrics collected from PHP-FPM. + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: php_fpm + type: group + description: > + `php_fpm` contains the metrics that were obtained from PHP-FPM status + page call. + fields: + - name: pool + type: group + description: > + `pool` contains the metrics that were obtained from the PHP-FPM process pool. + fields: + - name: name + type: keyword + description: > + The name of the pool. + - name: pool + type: group + description: > + `pool` contains the metrics that were obtained from the PHP-FPM process + pool. + release: ga + fields: + - name: process_manager + type: keyword + description: > + Static, dynamic or ondemand. + - name: connections + type: group + description: > + Connection state specific statistics. + fields: + - name: accepted + type: long + description: > + The number of incoming requests that the PHP-FPM server has accepted; + when a connection is accepted it is removed from the listen queue. + - name: queued + type: long + description: > + The current number of connections that have been initiated, but not + yet accepted. If this value is non-zero it typically means that all + the available server processes are currently busy, and there are no + processes available to serve the next request. Raising + `pm.max_children` (provided the server can handle it) should help + keep this number low. This property follows from the fact that + PHP-FPM listens via a socket (TCP or file based), and thus inherits + some of the characteristics of sockets. + - name: max_listen_queue + type: long + description: > + The maximum number of requests in the queue of pending + connections since FPM has started. + - name: listen_queue_len + type: long + description: > + The size of the socket queue of pending connections. + - name: processes + type: group + description: > + Process state specific statistics. + fields: + - name: idle + type: long + description: > + The number of servers in the `waiting to process` state (i.e. not + currently serving a page). This value should fall between the + `pm.min_spare_servers` and `pm.max_spare_servers` values when the + process manager is `dynamic`. + - name: active + type: long + description: > + The number of servers current processing a page - the minimum is `1` + (so even on a fully idle server, the result will be not read `0`). + - name: total + type: long + description: > + The number of idle + active processes. + - name: max_active + type: long + description: > + The maximum number of active processes since FPM has started. + - name: max_children_reached + type: long + description: > + Number of times, the process limit has been reached, + when pm tries to start more children (works only for + pm 'dynamic' and 'ondemand'). + - name: slow_requests + type: long + description: > + The number of times a request execution time has exceeded + `request_slowlog_timeout`. + - name: start_since + type: long + description: > + Number of seconds since FPM has started. + - name: start_time + type: date + description: > + The date and time FPM has started. diff --git a/dev/packages/beats/php_fpm-0.0.1/dataset/process/fields/fields.yml b/dev/packages/beats/php_fpm-0.0.1/dataset/process/fields/fields.yml new file mode 100644 index 000000000..4f65db9d2 --- /dev/null +++ b/dev/packages/beats/php_fpm-0.0.1/dataset/process/fields/fields.yml @@ -0,0 +1,91 @@ +- key: php_fpm + title: "PHP_FPM" + description: > + PHP-FPM server status metrics collected from PHP-FPM. + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: php_fpm + type: group + description: > + `php_fpm` contains the metrics that were obtained from PHP-FPM status + page call. + fields: + - name: pool + type: group + description: > + `pool` contains the metrics that were obtained from the PHP-FPM process pool. + fields: + - name: name + type: keyword + description: > + The name of the pool. + - name: process + type: group + description: > + process contains the metrics that were obtained from the PHP-FPM process. + release: ga + fields: + - name: pid + type: alias + path: process.pid + migration: true + description: > + The PID of the process + - name: state + type: keyword + description: > + The state of the process (Idle, Running, etc) + - name: start_time + type: date + description: > + The date and time the process has started + - name: start_since + type: integer + description: > + The number of seconds since the process has started + - name: requests + type: integer + description: > + The number of requests the process has served + - name: request_duration + type: integer + description: > + The duration in microseconds (1 million in a second) of the current request (my own definition) + - name: request_method + type: alias + path: http.request.method + migration: true + description: > + The request method (GET, POST, etc) (of the current request) + - name: request_uri + type: alias + path: url.original + migration: true + description: > + The request URI with the query string (of the current request) + - name: content_length + type: alias + path: http.response.body.bytes + migration: true + description: > + The content length of the request (only with POST) (of the current request) + - name: user + type: alias + path: user.name + migration: true + description: > + The user (PHP_AUTH_USER) (or - if not set) (for the current request) + - name: script + type: keyword + description: > + The main script called (or - if not set) (for the current request) + - name: last_request_cpu + type: long + description: > + The max amount of memory the last request consumed (it is always 0 if the process is not in Idle state because memory calculation is done when the request processing has terminated) + - name: last_request_memory + type: integer + description: > + The content length of the request (only with POST) (of the current request) diff --git a/dev/packages/beats/postgresql-0.0.1/dataset/activity/fields/fields.yml b/dev/packages/beats/postgresql-0.0.1/dataset/activity/fields/fields.yml new file mode 100644 index 000000000..84adf7cce --- /dev/null +++ b/dev/packages/beats/postgresql-0.0.1/dataset/activity/fields/fields.yml @@ -0,0 +1,94 @@ +- key: postgresql + title: "PostgreSQL" + description: > + Metrics collected from PostgreSQL servers. + short_config: false + release: ga + fields: + - name: postgresql + type: group + description: > + PostgreSQL metrics. + fields: + - name: activity + type: group + description: > + One document per server process, showing information related to the current + activity of that process, such as state and current query. Collected by + querying pg_stat_activity. + release: ga + fields: + - name: database.oid + type: long + description: > + OID of the database this backend is connected to. + - name: database.name + type: keyword + description: > + Name of the database this backend is connected to. + - name: pid + type: long + description: > + Process ID of this backend. + - name: user.id + type: long + description: > + OID of the user logged into this backend. + - name: user.name + description: > + Name of the user logged into this backend. + - name: application_name + description: > + Name of the application that is connected to this backend. + - name: client.address + description: > + IP address of the client connected to this backend. + - name: client.hostname + description: > + Host name of the connected client, as reported by a reverse DNS lookup of client_addr. + - name: client.port + type: long + description: > + TCP port number that the client is using for communication with this + backend, or -1 if a Unix socket is used. + - name: backend_start + type: date + description: > + Time when this process was started, i.e., when the client connected to + the server. + - name: transaction_start + type: date + description: > + Time when this process' current transaction was started. + - name: query_start + type: date + description: > + Time when the currently active query was started, or if state is not + active, when the last query was started. + - name: state_change + type: date + description: > + Time when the state was last changed. + - name: waiting + type: boolean + description: > + True if this backend is currently waiting on a lock. + - name: state + description: > + Current overall state of this backend. Possible values are: + + * active: The backend is executing a query. + * idle: The backend is waiting for a new client command. + * idle in transaction: The backend is in a transaction, but is not + currently executing a query. + * idle in transaction (aborted): This state is similar to idle in + transaction, except one of the statements in the transaction caused + an error. + * fastpath function call: The backend is executing a fast-path function. + * disabled: This state is reported if track_activities is disabled in this backend. + - name: query + description: > + Text of this backend's most recent query. If state is active this field + shows the currently executing query. In all other states, it shows the + last query that was executed. + diff --git a/dev/packages/beats/postgresql-0.0.1/dataset/bgwriter/fields/fields.yml b/dev/packages/beats/postgresql-0.0.1/dataset/bgwriter/fields/fields.yml new file mode 100644 index 000000000..951b90b4d --- /dev/null +++ b/dev/packages/beats/postgresql-0.0.1/dataset/bgwriter/fields/fields.yml @@ -0,0 +1,68 @@ +- key: postgresql + title: "PostgreSQL" + description: > + Metrics collected from PostgreSQL servers. + short_config: false + release: ga + fields: + - name: postgresql + type: group + description: > + PostgreSQL metrics. + fields: + - name: bgwriter + type: group + description: > + Statistics about the background writer process's activity. Collected using the + pg_stat_bgwriter query. + release: ga + fields: + - name: checkpoints.scheduled + type: long + description: > + Number of scheduled checkpoints that have been performed. + - name: checkpoints.requested + type: long + description: > + Number of requested checkpoints that have been performed. + - name: checkpoints.times.write.ms + type: float + description: > + Total amount of time that has been spent in the portion of checkpoint + processing where files are written to disk, in milliseconds. + - name: checkpoints.times.sync.ms + type: float + description: > + Total amount of time that has been spent in the portion of checkpoint + processing where files are synchronized to disk, in milliseconds. + - name: buffers.checkpoints + type: long + description: > + Number of buffers written during checkpoints. + - name: buffers.clean + type: long + description: > + Number of buffers written by the background writer. + - name: buffers.clean_full + type: long + description: > + Number of times the background writer stopped a cleaning scan because it + had written too many buffers. + - name: buffers.backend + type: long + description: > + Number of buffers written directly by a backend. + - name: buffers.backend_fsync + type: long + description: > + Number of times a backend had to execute its own fsync call (normally + the background writer handles those even when the backend does its own + write) + - name: buffers.allocated + type: long + description: > + Number of buffers allocated. + - name: stats_reset + type: date + description: > + Time at which these statistics were last reset. diff --git a/dev/packages/beats/postgresql-0.0.1/dataset/database/fields/fields.yml b/dev/packages/beats/postgresql-0.0.1/dataset/database/fields/fields.yml new file mode 100644 index 000000000..5ad1a42e5 --- /dev/null +++ b/dev/packages/beats/postgresql-0.0.1/dataset/database/fields/fields.yml @@ -0,0 +1,107 @@ +- key: postgresql + title: "PostgreSQL" + description: > + Metrics collected from PostgreSQL servers. + short_config: false + release: ga + fields: + - name: postgresql + type: group + description: > + PostgreSQL metrics. + fields: + - name: database + type: group + description: > + One row per database, showing database-wide statistics. Collected by querying + pg_stat_database + release: ga + fields: + - name: oid + type: long + description: > + OID of the database this backend is connected to. + - name: name + type: keyword + description: > + Name of the database this backend is connected to. + - name: number_of_backends + type: long + description: > + Number of backends currently connected to this database. + - name: transactions.commit + type: long + description: > + Number of transactions in this database that have been committed. + - name: transactions.rollback + type: long + description: > + Number of transactions in this database that have been rolled back. + - name: blocks.read + type: long + description: > + Number of disk blocks read in this database. + - name: blocks.hit + type: long + description: > + Number of times disk blocks were found already in the buffer cache, so + that a read was not necessary (this only includes hits in the PostgreSQL + buffer cache, not the operating system's file system cache). + - name: blocks.time.read.ms + type: long + description: > + Time spent reading data file blocks by backends in this database, in + milliseconds. + - name: blocks.time.write.ms + type: long + description: > + Time spent writing data file blocks by backends in this database, in + milliseconds. + - name: rows.returned + type: long + description: > + Number of rows returned by queries in this database. + - name: rows.fetched + type: long + description: > + Number of rows fetched by queries in this database. + - name: rows.inserted + type: long + description: > + Number of rows inserted by queries in this database. + - name: rows.updated + type: long + description: > + Number of rows updated by queries in this database. + - name: rows.deleted + type: long + description: > + Number of rows deleted by queries in this database. + - name: conflicts + type: long + description: > + Number of queries canceled due to conflicts with recovery in this + database. + - name: temporary.files + type: long + description: > + Number of temporary files created by queries in this database. All + temporary files are counted, regardless of why the temporary file was + created (e.g., sorting or hashing), and regardless of the log_temp_files + setting. + - name: temporary.bytes + type: long + description: > + Total amount of data written to temporary files by queries in this + database. All temporary files are counted, regardless of why the + temporary file was created, and regardless of the log_temp_files + setting. + - name: deadlocks + type: long + description: > + Number of deadlocks detected in this database. + - name: stats_reset + type: date + description: > + Time at which these statistics were last reset. + diff --git a/dev/packages/beats/postgresql-0.0.1/dataset/statement/fields/fields.yml b/dev/packages/beats/postgresql-0.0.1/dataset/statement/fields/fields.yml new file mode 100644 index 000000000..8d1bf4f5e --- /dev/null +++ b/dev/packages/beats/postgresql-0.0.1/dataset/statement/fields/fields.yml @@ -0,0 +1,103 @@ +- key: postgresql + title: "PostgreSQL" + description: > + Metrics collected from PostgreSQL servers. + short_config: false + release: ga + fields: + - name: postgresql + type: group + description: > + PostgreSQL metrics. + fields: + - name: statement + type: group + description: > + One document per query per user per database, showing information related + invocation of that query, such as cpu usage and total time. Collected by + querying pg_stat_statements. + release: ga + fields: + - name: user.id + type: long + description: > + OID of the user logged into the backend that ran the query. + - name: database.oid + type: long + description: > + OID of the database the query was run on. + - name: query.id + type: long + description: > + ID of the statement. + - name: query.text + description: > + Query text + - name: query.calls + type: long + description: > + Number of times the query has been run. + - name: query.rows + type: long + description: > + Total number of rows returned by query. + - name: query.time.total.ms + type: float + description: > + Total number of milliseconds spent running query. + - name: query.time.min.ms + type: float + description: > + Minimum number of milliseconds spent running query. + - name: query.time.max.ms + type: float + description: > + Maximum number of milliseconds spent running query. + - name: query.time.mean.ms + type: long + description: > + Mean number of milliseconds spent running query. + - name: query.time.stddev.ms + type: long + description: > + Population standard deviation of time spent running query, in milliseconds. + - name: query.memory.shared.hit + type: long + description: > + Total number of shared block cache hits by the query. + - name: query.memory.shared.read + type: long + description: > + Total number of shared block cache read by the query. + - name: query.memory.shared.dirtied + type: long + description: > + Total number of shared block cache dirtied by the query. + - name: query.memory.shared.written + type: long + description: > + Total number of shared block cache written by the query. + - name: query.memory.local.hit + type: long + description: > + Total number of local block cache hits by the query. + - name: query.memory.local.read + type: long + description: > + Total number of local block cache read by the query. + - name: query.memory.local.dirtied + type: long + description: > + Total number of local block cache dirtied by the query. + - name: query.memory.local.written + type: long + description: > + Total number of local block cache written by the query. + - name: query.memory.temp.read + type: long + description: > + Total number of temp block cache read by the query. + - name: query.memory.temp.written + type: long + description: > + Total number of temp block cache written by the query. diff --git a/dev/packages/beats/prometheus-0.0.1/dataset/collector/fields/fields.yml b/dev/packages/beats/prometheus-0.0.1/dataset/collector/fields/fields.yml new file mode 100644 index 000000000..ebc4b9584 --- /dev/null +++ b/dev/packages/beats/prometheus-0.0.1/dataset/collector/fields/fields.yml @@ -0,0 +1,24 @@ +- key: prometheus + title: "Prometheus" + description: > + Stats scraped from a Prometheus endpoint. + short_config: false + release: ga + settings: ["ssl", "http"] + fields: + - name: prometheus + type: group + fields: + # Order is important here, labels will match first, the rest are double + - name: labels.* + type: object + object_type: keyword + description: > + Prometheus metric labels + - name: metrics.* + type: object + object_type: double + object_type_mapping_type: "*" + description: > + Prometheus metric + - release: ga diff --git a/dev/packages/beats/rabbitmq-0.0.1/dataset/connection/fields/fields.yml b/dev/packages/beats/rabbitmq-0.0.1/dataset/connection/fields/fields.yml new file mode 100644 index 000000000..011a78108 --- /dev/null +++ b/dev/packages/beats/rabbitmq-0.0.1/dataset/connection/fields/fields.yml @@ -0,0 +1,100 @@ +- key: rabbitmq + title: "RabbitMQ" + description: > + RabbitMQ module + release: ga + settings: ["ssl", "http"] + fields: + - name: rabbitmq + type: group + description: > + fields: + - name: vhost + type: keyword + description: > + Virtual host name with non-ASCII characters escaped as in C. + - name: connection + type: group + description: > + connection + release: ga + fields: + - name: name + type: keyword + description: > + The name of the connection with non-ASCII characters escaped as in C. + - name: vhost + type: alias + path: rabbitmq.vhost + migration: true + description: > + Virtual host name with non-ASCII characters escaped as in C. + - name: user + type: alias + path: user.name + migration: true + description: > + User name. + - name: node + type: alias + path: rabbitmq.node.name + migration: true + description: > + Node name. + - name: channels + type: long + description: > + The number of channels on the connection. + - name: channel_max + type: long + description: > + The maximum number of channels allowed on the connection. + - name: frame_max + type: long + description: > + Maximum permissible size of a frame (in bytes) to negotiate with clients. + format: bytes + - name: type + type: keyword + description: > + Type of the connection. + - name: host + type: keyword + description: > + Server hostname obtained via reverse DNS, or its IP address if reverse DNS failed or was disabled. + - name: peer.host + type: keyword + description: > + Peer hostname obtained via reverse DNS, or its IP address if reverse DNS failed or was not enabled. + - name: port + type: long + description: > + Server port. + - name: peer.port + type: long + description: > + Peer port. + - name: packet_count.sent + type: long + description: > + Number of packets sent on the connection. + - name: packet_count.received + type: long + description: > + Number of packets received on the connection. + - name: packet_count.pending + type: long + description: > + Number of packets pending on the connection. + - name: octet_count.sent + type: long + description: > + Number of octets sent on the connection. + - name: octet_count.received + type: long + description: > + Number of octets received on the connection. + - name: client_provided.name + type: keyword + description: > + User specified connection name. diff --git a/dev/packages/beats/rabbitmq-0.0.1/dataset/exchange/fields/fields.yml b/dev/packages/beats/rabbitmq-0.0.1/dataset/exchange/fields/fields.yml new file mode 100644 index 000000000..3bee5fffa --- /dev/null +++ b/dev/packages/beats/rabbitmq-0.0.1/dataset/exchange/fields/fields.yml @@ -0,0 +1,66 @@ +- key: rabbitmq + title: "RabbitMQ" + description: > + RabbitMQ module + release: ga + settings: ["ssl", "http"] + fields: + - name: rabbitmq + type: group + description: > + fields: + - name: vhost + type: keyword + description: > + Virtual host name with non-ASCII characters escaped as in C. + - name: exchange + type: group + description: > + exchange + release: ga + fields: + - name: name + type: keyword + description: > + The name of the queue with non-ASCII characters escaped as in C. + - name: vhost + type: alias + path: rabbitmq.vhost + migration: true + description: > + Virtual host name with non-ASCII characters escaped as in C. + - name: durable + type: boolean + description: > + Whether or not the queue survives server restarts. + - name: auto_delete + type: boolean + description: > + Whether the queue will be deleted automatically when no longer used. + - name: internal + type: boolean + description: > + Whether the exchange is internal, i.e. cannot be directly published to by a client. + - name: user + type: alias + path: user.name + migration: true + description: > + User who created the exchange. + + - name: messages.publish_in.count + type: long + description: > + Count of messages published "in" to an exchange, i.e. not taking account of routing. + - name: messages.publish_in.details.rate + type: float + description: > + How much the exchange publish-in count has changed per second in the most recent sampling interval. + - name: messages.publish_out.count + type: long + description: > + Count of messages published "out" of an exchange, i.e. taking account of routing. + - name: messages.publish_out.details.rate + type: float + description: > + How much the exchange publish-out count has changed per second in the most recent sampling interval. diff --git a/dev/packages/beats/rabbitmq-0.0.1/dataset/node/fields/fields.yml b/dev/packages/beats/rabbitmq-0.0.1/dataset/node/fields/fields.yml new file mode 100644 index 000000000..3ae192f9d --- /dev/null +++ b/dev/packages/beats/rabbitmq-0.0.1/dataset/node/fields/fields.yml @@ -0,0 +1,175 @@ +- key: rabbitmq + title: "RabbitMQ" + description: > + RabbitMQ module + release: ga + settings: ["ssl", "http"] + fields: + - name: rabbitmq + type: group + description: > + fields: + - name: vhost + type: keyword + description: > + Virtual host name with non-ASCII characters escaped as in C. + - name: node + type: group + description: > + node + release: ga + fields: + - name: disk.free.bytes + type: long + description: > + Disk free space in bytes. + format: bytes + - name: disk.free.limit.bytes + type: long + description: > + Point at which the disk alarm will go off. + format: bytes + - name: fd.total + type: long + description: > + File descriptors available. + - name: fd.used + type: long + description: > + Used file descriptors. + - name: gc.num.count + type: long + description: > + Number of GC operations. + - name: gc.reclaimed.bytes + type: long + description: > + GC bytes reclaimed. + format: bytes + - name: io.file_handle.open_attempt.avg.ms + type: long + description: > + File handle open avg time + - name: io.file_handle.open_attempt.count + type: long + description: > + File handle open attempts + - name: io.read.avg.ms + type: long + description: > + File handle read avg time + - name: io.read.bytes + type: long + description: > + Data read in bytes + format: bytes + - name: io.read.count + type: long + description: > + Data read operations + - name: io.reopen.count + type: long + description: > + Data reopen operations + - name: io.seek.avg.ms + type: long + description: > + Data seek avg time + - name: io.seek.count + type: long + description: > + Data seek operations + - name: io.sync.avg.ms + type: long + description: > + Data sync avg time + - name: io.sync.count + type: long + description: > + Data sync operations + - name: io.write.avg.ms + type: long + description: > + Data write avg time + - name: io.write.bytes + type: long + description: > + Data write in bytes + format: bytes + - name: io.write.count + type: long + description: > + Data write operations + - name: mem.limit.bytes + type: long + description: > + Point at which the memory alarm will go off. + format: bytes + - name: mem.used.bytes + type: long + description: > + Memory used in bytes. + - name: mnesia.disk.tx.count + type: long + description: > + Number of Mnesia transactions which have been performed that required writes to disk. + - name: mnesia.ram.tx.count + type: long + description: > + Number of Mnesia transactions which have been performed that did not require writes to disk. + - name: msg.store_read.count + type: long + description: > + Number of messages which have been read from the message store. + - name: msg.store_write.count + type: long + description: > + Number of messages which have been written to the message store. + - name: name + type: keyword + description: + Node name + - name: proc.total + type: long + description: > + Maximum number of Erlang processes. + - name: proc.used + type: long + description: > + Number of Erlang processes in use. + - name: processors + type: long + description: > + Number of cores detected and usable by Erlang. + - name: queue.index.journal_write.count + type: long + description: > + Number of records written to the queue index journal. + - name: queue.index.read.count + type: long + description: > + Number of records read from the queue index. + - name: queue.index.write.count + type: long + description: > + Number of records written to the queue index. + - name: run.queue + type: long + description: > + Average number of Erlang processes waiting to run. + - name: socket.total + type: long + description: > + File descriptors available for use as sockets. + - name: socket.used + type: long + description: > + File descriptors used as sockets. + - name: type + type: keyword + description: > + Node type. + - name: uptime + type: long + description: > + Node uptime. diff --git a/dev/packages/beats/rabbitmq-0.0.1/dataset/queue/fields/fields.yml b/dev/packages/beats/rabbitmq-0.0.1/dataset/queue/fields/fields.yml new file mode 100644 index 000000000..fdb2d2e3e --- /dev/null +++ b/dev/packages/beats/rabbitmq-0.0.1/dataset/queue/fields/fields.yml @@ -0,0 +1,107 @@ +- key: rabbitmq + title: "RabbitMQ" + description: > + RabbitMQ module + release: ga + settings: ["ssl", "http"] + fields: + - name: rabbitmq + type: group + description: > + fields: + - name: vhost + type: keyword + description: > + Virtual host name with non-ASCII characters escaped as in C. + - name: queue + type: group + description: > + queue + release: ga + fields: + - name: name + type: keyword + description: > + The name of the queue with non-ASCII characters escaped as in C. + - name: vhost + type: alias + path: rabbitmq.vhost + migration: true + description: > + Virtual host name with non-ASCII characters escaped as in C. + - name: durable + type: boolean + description: > + Whether or not the queue survives server restarts. + - name: auto_delete + type: boolean + description: > + Whether the queue will be deleted automatically when no longer used. + - name: exclusive + type: boolean + description: > + Whether the queue is exclusive (i.e. has owner_pid). + - name: node + type: alias + path: rabbitmq.node.name + migration: true + description: > + Node name. + - name: state + type: keyword + description: > + The state of the queue. Normally 'running', but may be "{syncing, MsgCount}" if the queue is synchronising. Queues which are located on cluster nodes that are currently down will be shown with a status of 'down'. + - name: arguments.max_priority + type: long + description: > + Maximum number of priority levels for the queue to support. + - name: consumers.count + type: long + description: > + Number of consumers. + - name: consumers.utilisation.pct + type: long + format: percent + description: > + Fraction of the time (between 0.0 and 1.0) that the queue is able to immediately deliver messages to consumers. This can be less than 1.0 if consumers are limited by network congestion or prefetch count. + - name: messages.total.count + type: long + description: > + Sum of ready and unacknowledged messages (queue depth). + - name: messages.total.details.rate + type: float + description: > + How much the queue depth has changed per second in the most recent sampling interval. + - name: messages.ready.count + type: long + description: > + Number of messages ready to be delivered to clients. + - name: messages.ready.details.rate + type: float + description: > + How much the count of messages ready has changed per second in the most recent sampling interval. + - name: messages.unacknowledged.count + type: long + description: > + Number of messages delivered to clients but not yet acknowledged. + - name: messages.unacknowledged.details.rate + type: float + description: > + How much the count of unacknowledged messages has changed per second in the most recent sampling interval. + - name: messages.persistent.count + type: long + description: > + Total number of persistent messages in the queue (will always be 0 for transient queues). + - name: memory.bytes + type: long + format: bytes + description: > + Bytes of memory consumed by the Erlang process associated with the queue, including stack, heap and internal structures. + - name: disk.reads.count + type: long + description: > + Total number of times messages have been read from disk by this queue since it started. + - name: disk.writes.count + type: long + description: > + Total number of times messages have been written to disk by this queue since it started. diff --git a/dev/packages/beats/redis-0.0.1/dataset/info/fields/fields.yml b/dev/packages/beats/redis-0.0.1/dataset/info/fields/fields.yml new file mode 100644 index 000000000..b75c9d303 --- /dev/null +++ b/dev/packages/beats/redis-0.0.1/dataset/info/fields/fields.yml @@ -0,0 +1,581 @@ +- key: redis + title: "Redis" + description: > + Redis metrics collected from Redis. + release: ga + fields: + - name: redis + type: group + description: > + `redis` contains the information and statistics from Redis. + fields: + - name: info + type: group + description: > + `info` contains the information and statistics returned by the `INFO` command. + release: ga + fields: + - name: clients + type: group + description: > + Redis client stats. + fields: + - name: connected + type: long + description: > + Number of client connections (excluding connections from slaves). + - name: longest_output_list + type: long + deprecated: "6.5.0" + description: > + Longest output list among current client connections (replaced by max_output_buffer). + - name: max_output_buffer + type: long + description: > + Longest output list among current client connections. + - name: biggest_input_buf + type: long + deprecated: "6.5.0" + description: > + Biggest input buffer among current client connections (replaced by max_input_buffer). + - name: max_input_buffer + type: long + description: > + Biggest input buffer among current client connections (on redis 5.0). + - name: blocked + type: long + description: > + Number of clients pending on a blocking call (BLPOP, BRPOP, BRPOPLPUSH). + + - name: cluster + type: group + description: > + Redis cluster information. + fields: + - name: enabled + type: boolean + description: > + Indicates that the Redis cluster is enabled. + + - name: cpu + type: group + description: > + Redis CPU stats + fields: + - name: used.sys + type: scaled_float + description: > + System CPU consumed by the Redis server. + - name: used.sys_children + type: scaled_float + description: > + User CPU consumed by the Redis server. + - name: used.user + type: scaled_float + description: > + System CPU consumed by the background processes. + - name: used.user_children + type: scaled_float + description: > + User CPU consumed by the background processes. + + - name: memory + type: group + description: > + Redis memory stats. + fields: + - name: used.value + type: long + format: bytes + description: > + Total number of bytes allocated by Redis. + - name: used.rss + type: long + format: bytes + description: > + Number of bytes that Redis allocated as seen by the operating system (a.k.a resident set size). + - name: used.peak + type: long + format: bytes + description: > + Peak memory consumed by Redis. + - name: used.lua + type: long + format: bytes + description: > + Used memory by the Lua engine. + - name: used.dataset + type: long + format: bytes + description: > + The size in bytes of the dataset + + - name: max.value + type: long + format: bytes + description: > + Memory limit. + - name: max.policy + type: keyword + description: > + Eviction policy to use when memory limit is reached. + + - name: fragmentation.ratio + type: float + description: > + Ratio between used_memory_rss and used_memory + - name: fragmentation.bytes + type: long + format: bytes + description: > + Bytes between used_memory_rss and used_memory + + - name: active_defrag.is_running + type: boolean + description: > + Flag indicating if active defragmentation is active + + - name: allocator + type: keyword + description: > + Memory allocator. + + - name: allocator_stats + type: group + fields: + - name: allocated + type: long + format: bytes + description: > + Allocated memory + - name: active + type: long + format: bytes + description: > + Active memeory + - name: resident + type: long + format: bytes + description: > + Resident memory + - name: fragmentation.ratio + type: float + description: > + Fragmentation ratio + - name: fragmentation.bytes + type: long + format: bytes + description: > + Fragmented bytes + - name: rss.ratio + type: float + description: > + Resident ratio + - name: rss.bytes + type: long + format: bytes + description: > + Resident bytes + + - name: persistence + type: group + description: > + Redis CPU stats. + fields: + - name: loading + type: boolean + description: > + Flag indicating if the load of a dump file is on-going + # ToDo move `loading` to `loading.enabled` and add other loading stats beside that (start time, total bytes, loaded bytes, ...) + + - name: rdb + type: group + description: > + Provides information about RDB persistence + fields: + - name: last_save.changes_since + type: long + description: > + Number of changes since the last dump + - name: last_save.time + type: long + description: > + Epoch-based timestamp of last successful RDB save + + - name: bgsave.in_progress + type: boolean + description: > + Flag indicating a RDB save is on-going + - name: bgsave.last_status + type: keyword + description: > + Status of the last RDB save operation + - name: bgsave.last_time.sec + type: long + format: duration + description: > + Duration of the last RDB save operation in seconds + - name: bgsave.current_time.sec + type: long + format: duration + description: > + Duration of the on-going RDB save operation if any + + - name: copy_on_write.last_size + type: long + format: bytes + description: > + The size in bytes of copy-on-write allocations during the last RBD save operation + + - name: aof + type: group + description: > + Provides information about AOF persitence + fields: + - name: enabled + type: boolean + description: > + Flag indicating AOF logging is activated + + - name: rewrite.in_progress + type: boolean + description: > + Flag indicating a AOF rewrite operation is on-going + - name: rewrite.scheduled + type: boolean + description: > + Flag indicating an AOF rewrite operation will be scheduled once the on-going RDB save is complete. + - name: rewrite.last_time.sec + type: long + format: duration + description: > + Duration of the last AOF rewrite operation in seconds + - name: rewrite.current_time.sec + type: long + format: duration + description: > + Duration of the on-going AOF rewrite operation if any + - name: rewrite.buffer.size + type: long + format: bytes + description: > + Size of the AOF rewrite buffer + + - name: bgrewrite.last_status + type: keyword + description: > + Status of the last AOF rewrite operatio + + - name: write.last_status + type: keyword + description: > + Status of the last write operation to the AOF + + - name: copy_on_write.last_size + type: long + format: bytes + description: > + The size in bytes of copy-on-write allocations during the last RBD save operation + + - name: buffer.size + type: long + format: bytes + description: > + Size of the AOF buffer + + - name: size.current + type: long + format: bytes + description: > + AOF current file size + - name: size.base + type: long + format: bytes + description: > + AOF file size on latest startup or rewrite + + - name: fsync.pending + type: long + description: > + Number of fsync pending jobs in background I/O queue + - name: fsync.delayed + type: long + description: > + Delayed fsync counter + + - name: replication + type: group + description: > + Replication + fields: + - name: role + type: keyword + description: > + Role of the instance (can be "master", or "slave"). + + - name: connected_slaves + type: long + description: > + Number of connected slaves + + - name: master_offset + type: long + deprecated: 6.5 + description: > + The server's current replication offset + + - name: backlog.active + type: long + description: > + Flag indicating replication backlog is active + - name: backlog.size + type: long + format: bytes + description: > + Total size in bytes of the replication backlog buffer + - name: backlog.first_byte_offset + type: long + description: > + The master offset of the replication backlog buffer + - name: backlog.histlen + type: long + description: > + Size in bytes of the data in the replication backlog buffer + + - name: master.offset + type: long + description: > + The server's current replication offset + - name: master.second_offset + type: long + description: > + The offset up to which replication IDs are accepted + - name: master.link_status + type: keyword + description: > + Status of the link (up/down) + - name: master.last_io_seconds_ago + type: long + format: duration + description: > + Number of seconds since the last interaction with master + - name: master.sync.in_progress + type: boolean + description: > + Indicate the master is syncing to the slave + - name: master.sync.left_bytes + type: long + format: bytes + description: > + Number of bytes left before syncing is complete + - name: master.sync.last_io_seconds_ago + type: long + format: duration + description: > + Number of seconds since last transfer I/O during a SYNC operation + + - name: slave.offset + type: long + description: > + The replication offset of the slave instance + - name: slave.priority + type: long + description: > + The priority of the instance as a candidate for failover + - name: slave.is_readonly + type: boolean + description: > + Flag indicating if the slave is read-only + + - name: server + type: group + description: > + Server info + fields: + - name: version + type: alias + path: service.version + migration: true + description: + + - name: git_sha1 + type: keyword + description: + + - name: git_dirty + type: keyword + description: + + - name: build_id + type: keyword + description: + + - name: mode + type: keyword + description: + + - name: os + type: alias + path: os.full + migration: true + description: + + - name: arch_bits + type: keyword + description: + + - name: multiplexing_api + type: keyword + description: + + - name: gcc_version + type: keyword + description: + + - name: process_id + type: alias + path: process.pid + migration: true + description: + + - name: run_id + type: keyword + description: + + - name: tcp_port + type: long + description: + + - name: uptime + type: long + description: + + - name: hz + type: long + description: + + - name: lru_clock + type: long + description: + + - name: config_file + type: keyword + description: + + - name: stats + type: group + description: > + Redis stats. + fields: + - name: connections.received + type: long + description: + Total number of connections received. + - name: connections.rejected + type: long + description: + Total number of connections rejected. + + - name: commands_processed + type: long + description: + Total number of commands processed. + + - name: net.input.bytes + type: long + description: + Total network input in bytes. + - name: net.output.bytes + type: long + description: + Total network output in bytes. + + - name: instantaneous.ops_per_sec + type: long + description: > + Number of commands processed per second + - name: instantaneous.input_kbps + type: scaled_float + description: > + The network's read rate per second in KB/sec + - name: instantaneous.output_kbps + type: scaled_float + description: > + The network's write rate per second in KB/sec + + - name: sync.full + type: long + description: > + The number of full resyncs with slaves + - name: sync.partial.ok + type: long + description: > + The number of accepted partial resync requests + - name: sync.partial.err + type: long + description: > + The number of denied partial resync requests + + - name: keys.expired + type: long + description: > + Total number of key expiration events + - name: keys.evicted + type: long + description: > + Number of evicted keys due to maxmemory limit + + - name: keyspace.hits + type: long + description: > + Number of successful lookup of keys in the main dictionary + - name: keyspace.misses + type: long + description: > + Number of failed lookup of keys in the main dictionary + + - name: pubsub.channels + type: long + description: > + Global number of pub/sub channels with client subscriptions + - name: pubsub.patterns + type: long + description: > + Global number of pub/sub pattern with client subscriptions + + - name: latest_fork_usec + type: long + description: > + Duration of the latest fork operation in microseconds + + - name: migrate_cached_sockets + type: long + description: > + The number of sockets open for MIGRATE purposes + + - name: slave_expires_tracked_keys + type: long + description: > + The number of keys tracked for expiry purposes (applicable only to writable slaves) + + - name: active_defrag.hits + type: long + description: > + Number of value reallocations performed by active the defragmentation process + - name: active_defrag.misses + type: long + description: > + Number of aborted value reallocations started by the active defragmentation process + - name: active_defrag.key_hits + type: long + description: > + Number of keys that were actively defragmented + - name: active_defrag.key_misses + type: long + description: > + Number of keys that were skipped by the active defragmentation process + - name: slowlog.count + type: long + description: > + Count of slow operations + diff --git a/dev/packages/beats/redis-0.0.1/dataset/key/fields/fields.yml b/dev/packages/beats/redis-0.0.1/dataset/key/fields/fields.yml new file mode 100644 index 000000000..c92233d47 --- /dev/null +++ b/dev/packages/beats/redis-0.0.1/dataset/key/fields/fields.yml @@ -0,0 +1,41 @@ +- key: redis + title: "Redis" + description: > + Redis metrics collected from Redis. + release: ga + fields: + - name: redis + type: group + description: > + `redis` contains the information and statistics from Redis. + fields: + - name: key + type: group + description: > + `key` contains information about keys. + release: ga + fields: + - name: name + type: keyword + description: > + Key name. + + - name: id + type: keyword + description: > + Unique id for this key (With the form :). + + - name: type + type: keyword + description: > + Key type as shown by `TYPE` command. + + - name: length + type: long + description: > + Length of the key (Number of elements for lists, length for strings, cardinality for sets). + + - name: expire.ttl + type: long + description: > + Seconds to expire. diff --git a/dev/packages/beats/redis-0.0.1/dataset/keyspace/fields/fields.yml b/dev/packages/beats/redis-0.0.1/dataset/keyspace/fields/fields.yml new file mode 100644 index 000000000..6f4775c0c --- /dev/null +++ b/dev/packages/beats/redis-0.0.1/dataset/keyspace/fields/fields.yml @@ -0,0 +1,35 @@ +- key: redis + title: "Redis" + description: > + Redis metrics collected from Redis. + release: ga + fields: + - name: redis + type: group + description: > + `redis` contains the information and statistics from Redis. + fields: + - name: keyspace + type: group + description: > + `keyspace` contains the information about the keyspaces returned by the `INFO` command. + release: ga + fields: + - name: id + type: keyword + description: > + Keyspace identifier. + + - name: avg_ttl + type: long + description: > + Average ttl. + + - name: keys + type: long + description: > + Number of keys in the keyspace. + + - name: expires + type: long + description: > diff --git a/dev/packages/beats/redisenterprise-0.0.1/dataset/node/fields/fields.yml b/dev/packages/beats/redisenterprise-0.0.1/dataset/node/fields/fields.yml new file mode 100644 index 000000000..ff8f10eaf --- /dev/null +++ b/dev/packages/beats/redisenterprise-0.0.1/dataset/node/fields/fields.yml @@ -0,0 +1,15 @@ +- key: redisenterprise + title: "Redis Enterprise" + description: > + Redis metrics collected from Redis Enterprise Server. + release: beta + fields: + - name: redisenterprise + type: group + description: > + `redisenterprise` contains the information and statistics from Redis Enterprise Server. + fields: + - name: node + type: group + release: beta + fields: diff --git a/dev/packages/beats/redisenterprise-0.0.1/dataset/proxy/fields/fields.yml b/dev/packages/beats/redisenterprise-0.0.1/dataset/proxy/fields/fields.yml new file mode 100644 index 000000000..2a772dee8 --- /dev/null +++ b/dev/packages/beats/redisenterprise-0.0.1/dataset/proxy/fields/fields.yml @@ -0,0 +1,15 @@ +- key: redisenterprise + title: "Redis Enterprise" + description: > + Redis metrics collected from Redis Enterprise Server. + release: beta + fields: + - name: redisenterprise + type: group + description: > + `redisenterprise` contains the information and statistics from Redis Enterprise Server. + fields: + - name: proxy + type: group + release: beta + fields: diff --git a/dev/packages/beats/santa-0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/santa-0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 000000000..fea0b03a7 --- /dev/null +++ b/dev/packages/beats/santa-0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,65 @@ +- key: santa + title: "Google Santa" + description: > + Santa Module + fields: + - name: santa + type: group + description: > + fields: + + - name: action + type: keyword + example: EXEC + description: Action + + - name: decision + type: keyword + example: ALLOW + description: Decision that santad took. + + - name: reason + type: keyword + example: CERT + description: Reason for the decsision. + + - name: mode + type: keyword + example: M + description: Operating mode of Santa. + + - name: disk + type: group + description: Fields for DISKAPPEAR actions. + fields: + - name: volume + description: The volume name. + + - name: bus + description: The disk bus protocol. + + - name: serial + description: The disk serial number. + + - name: bsdname + example: disk1s3 + description: The disk BSD name. + + - name: model + example: APPLE SSD SM0512L + description: The disk model. + + - name: fs + example: apfs + description: The disk volume kind (filesystem type). + + - name: mount + description: The disk volume path. + + - name: certificate.common_name + type: keyword + description: Common name from code signing certificate. + + - name: certificate.sha256 + type: keyword + description: SHA256 hash of code signing certificate. diff --git a/dev/packages/beats/sql-0.0.1/dataset/query/fields/fields.yml b/dev/packages/beats/sql-0.0.1/dataset/query/fields/fields.yml new file mode 100644 index 000000000..fa5b0a79e --- /dev/null +++ b/dev/packages/beats/sql-0.0.1/dataset/query/fields/fields.yml @@ -0,0 +1,28 @@ +- key: sql + title: "sql" + release: beta + description: > + SQL module fetches metrics from a SQL database + fields: + - name: sql + type: group + fields: + - name: driver + type: keyword + description: > + Driver used to execute the query. + - name: query + type: keyword + description: > + Query executed to collect metrics. + - name: metrics.numeric.* + type: object + object_type: double + description: > + Numeric metrics collected. + - name: metrics.string.* + type: object + object_type: keyword + description: > + Non-numeric values collected. + - release: beta diff --git a/dev/packages/beats/stan-0.0.1/dataset/channels/fields/fields.yml b/dev/packages/beats/stan-0.0.1/dataset/channels/fields/fields.yml new file mode 100644 index 000000000..71db0e1ed --- /dev/null +++ b/dev/packages/beats/stan-0.0.1/dataset/channels/fields/fields.yml @@ -0,0 +1,49 @@ +- key: stan + title: "Stan" + description: > + stan Module + release: beta + fields: + - name: stan + type: group + description: > + `stan` contains statistics that were read from Nats Streaming server (STAN) + fields: + - name: server.id + type: keyword + description: > + The server ID + - name: cluster.id + type: keyword + description: > + The cluster ID + - name: channels + type: group + description: > + Contains stan / nats streaming/serverz endpoint metrics + release: beta + fields: + - name: name + type: keyword + description: > + The name of the STAN streaming channel + - name: messages + type: long + description: > + The number of STAN streaming messages + - name: bytes + type: long + description: > + The number of STAN bytes in the channel + - name: first_seq + type: long + description: > + First sequence number stored in the channel. If first_seq > min([seq in subscriptions]) data loss has possibly occurred + - name: last_seq + type: long + description: > + Last sequence number stored in the channel + - name: depth + type: long + description: > + Queue depth based upon current sequence number and highest reported subscriber sequence number diff --git a/dev/packages/beats/stan-0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/stan-0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 000000000..41cf15c7f --- /dev/null +++ b/dev/packages/beats/stan-0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,54 @@ +- key: stan + title: "Stan" + description: > + stan Module + release: beta + fields: + - name: stan + type: group + description: > + `stan` contains statistics that were read from Nats Streaming server (STAN) + fields: + - name: server.id + type: keyword + description: > + The server ID + - name: cluster.id + type: keyword + description: > + The cluster ID + - name: stats + type: group + description: > + Contains only high-level stan / nats streaming server related metrics + release: beta + fields: + - name: state + type: keyword + description: > + The cluster / streaming configuration state (STANDALONE, CLUSTERED) + - name: role + type: keyword + description: > + If clustered, role of this node in the cluster (Leader, Follower, Candidate) + - name: clients + type: integer + description: > + The number of STAN clients + - name: subscriptions + type: integer + description: > + The number of STAN streaming subscriptions + - name: channels + type: integer + description: > + The number of STAN channels + - name: messages + type: long + description: > + Number of messages across all STAN queues + - name: bytes + type: long + description: > + Number of bytes consumed across all STAN queues + diff --git a/dev/packages/beats/stan-0.0.1/dataset/subscriptions/fields/fields.yml b/dev/packages/beats/stan-0.0.1/dataset/subscriptions/fields/fields.yml new file mode 100644 index 000000000..5004662af --- /dev/null +++ b/dev/packages/beats/stan-0.0.1/dataset/subscriptions/fields/fields.yml @@ -0,0 +1,55 @@ +- key: stan + title: "Stan" + description: > + stan Module + release: beta + fields: + - name: stan + type: group + description: > + `stan` contains statistics that were read from Nats Streaming server (STAN) + fields: + - name: server.id + type: keyword + description: > + The server ID + - name: cluster.id + type: keyword + description: > + The cluster ID + - name: subscriptions + type: group + description: > + Contains stan / nats streaming/serverz endpoint subscription metrics + release: beta + fields: + - name: id + type: keyword + description: > + The name of the STAN channel subscription (client_id) + - name: channel + type: keyword + description: > + The name of the STAN channel the subscription is associated with + - name: queue + type: keyword + description: > + The name of the NATS queue that the STAN channel subscription is associated with, if any + # If first_seq > min([seq in subscriptions]) data loss has possibly occurred + - name: last_sent + type: long + description: > + Last known sequence number of the subscription that was acked + - name: pending + type: long + description: > + Number of pending messages from / to the subscriber + - name: offline + type: boolean + description: > + Is the subscriber marked as offline? + - name: stalled + type: boolean + description: > + Is the subscriber known to be stalled? + diff --git a/dev/packages/beats/statsd-0.0.1/dataset/server/fields/fields.yml b/dev/packages/beats/statsd-0.0.1/dataset/server/fields/fields.yml new file mode 100644 index 000000000..2a4d1e988 --- /dev/null +++ b/dev/packages/beats/statsd-0.0.1/dataset/server/fields/fields.yml @@ -0,0 +1,22 @@ +- key: statsd + title: "Statsd" + description: > + Statsd module + release: ga + fields: + - name: statsd + type: group + fields: + - name: '*.count' + type: object + object_type: long + object_type_mapping_type: "long" + description: > + Statsd counters + - name: '*.*' + type: object + object_type: float + object_type_mapping_type: "*" + description: > + Statsd metrics + - release: ga diff --git a/dev/packages/beats/suricata-0.0.1/dataset/eve/fields/fields.yml b/dev/packages/beats/suricata-0.0.1/dataset/eve/fields/fields.yml new file mode 100644 index 000000000..293645ddf --- /dev/null +++ b/dev/packages/beats/suricata-0.0.1/dataset/eve/fields/fields.yml @@ -0,0 +1,746 @@ +- key: suricata + title: Suricata + description: > + Module for handling the EVE JSON logs produced by Suricata. + fields: + - name: suricata + type: group + description: > + Fields from the Suricata EVE log file. + fields: + - name: eve + type: group + description: > + Fields exported by the EVE JSON logs + fields: + - name: event_type + type: keyword + + - name: app_proto_orig + type: keyword + + - name: tcp + type: group + fields: + - name: tcp_flags + type: keyword + + - name: psh + type: boolean + + - name: tcp_flags_tc + type: keyword + + - name: ack + type: boolean + + - name: syn + type: boolean + + - name: state + type: keyword + + - name: tcp_flags_ts + type: keyword + + - name: rst + type: boolean + + - name: fin + type: boolean + + - name: fileinfo + type: group + fields: + - name: sha1 + type: keyword + + - name: filename + type: alias + path: file.path + + - name: tx_id + type: long + + - name: state + type: keyword + + - name: stored + type: boolean + + - name: gaps + type: boolean + + - name: sha256 + type: keyword + + - name: md5 + type: keyword + + - name: size + type: alias + path: file.size + + - name: icmp_type + type: long + + - name: dest_port + type: alias + path: destination.port + + - name: src_port + type: alias + path: source.port + + - name: proto + type: alias + path: network.transport + + - name: pcap_cnt + type: long + + - name: src_ip + type: alias + path: source.ip + + - name: dns + type: group + fields: + - name: type + type: keyword + + - name: rrtype + type: keyword + + - name: rrname + type: keyword + + - name: rdata + type: keyword + + - name: tx_id + type: long + + - name: ttl + type: long + + - name: rcode + type: keyword + + - name: id + type: long + + - name: flow_id + type: keyword + + - name: email + type: group + fields: + - name: status + type: keyword + + - name: dest_ip + type: alias + path: destination.ip + + - name: icmp_code + type: long + + - name: http + type: group + fields: + - name: status + type: alias + path: http.response.status_code + + - name: redirect + type: keyword + + - name: http_user_agent + type: alias + path: user_agent.original + + - name: protocol + type: keyword + + - name: http_refer + type: alias + path: http.request.referrer + + - name: url + type: alias + path: url.original + + - name: hostname + type: alias + path: url.domain + + - name: length + type: alias + path: http.response.body.bytes + + - name: http_method + type: alias + path: http.request.method + + - name: http_content_type + type: keyword + + - name: timestamp + type: alias + path: '@timestamp' + + - name: in_iface + type: keyword + + - name: alert + type: group + fields: + - name: category + type: keyword + + - name: severity + type: alias + path: event.severity + + - name: rev + type: long + + - name: gid + type: long + + - name: signature + type: keyword + + - name: action + type: alias + path: event.outcome + + - name: signature_id + type: long + + - name: ssh + type: group + fields: + - name: client + type: group + fields: + - name: proto_version + type: keyword + + - name: software_version + type: keyword + + - name: server + type: group + fields: + - name: proto_version + type: keyword + + - name: software_version + type: keyword + + - name: stats + type: group + fields: + - name: capture + type: group + fields: + - name: kernel_packets + type: long + + - name: kernel_drops + type: long + + - name: kernel_ifdrops + type: long + + - name: uptime + type: long + + - name: detect + type: group + fields: + - name: alert + type: long + + - name: http + type: group + fields: + - name: memcap + type: long + + - name: memuse + type: long + + - name: file_store + type: group + fields: + - name: open_files + type: long + + - name: defrag + type: group + fields: + - name: max_frag_hits + type: long + + - name: ipv4 + type: group + fields: + - name: timeouts + type: long + + - name: fragments + type: long + + - name: reassembled + type: long + + - name: ipv6 + type: group + fields: + - name: timeouts + type: long + + - name: fragments + type: long + + - name: reassembled + type: long + + - name: flow + type: group + fields: + - name: tcp_reuse + type: long + + - name: udp + type: long + + - name: memcap + type: long + + - name: emerg_mode_entered + type: long + + - name: emerg_mode_over + type: long + + - name: tcp + type: long + + - name: icmpv6 + type: long + + - name: icmpv4 + type: long + + - name: spare + type: long + + - name: memuse + type: long + + - name: tcp + type: group + fields: + - name: pseudo_failed + type: long + + - name: ssn_memcap_drop + type: long + + - name: insert_data_overlap_fail + type: long + + - name: sessions + type: long + + - name: pseudo + type: long + + - name: synack + type: long + + - name: insert_data_normal_fail + type: long + + - name: syn + type: long + + - name: memuse + type: long + + - name: invalid_checksum + type: long + + - name: segment_memcap_drop + type: long + + - name: overlap + type: long + + - name: insert_list_fail + type: long + + - name: rst + type: long + + - name: stream_depth_reached + type: long + + - name: reassembly_memuse + type: long + + - name: reassembly_gap + type: long + + - name: overlap_diff_data + type: long + + - name: no_flow + type: long + + - name: decoder + type: group + fields: + - name: avg_pkt_size + type: long + + - name: bytes + type: long + + - name: tcp + type: long + + - name: raw + type: long + + - name: ppp + type: long + + - name: vlan_qinq + type: long + + - name: 'null' + type: long + + - name: ltnull + type: group + fields: + - name: unsupported_type + type: long + + - name: pkt_too_small + type: long + + - name: invalid + type: long + + - name: gre + type: long + + - name: ipv4 + type: long + + - name: ipv6 + type: long + + - name: pkts + type: long + + - name: ipv6_in_ipv6 + type: long + + - name: ipraw + type: group + fields: + - name: invalid_ip_version + type: long + + - name: pppoe + type: long + + - name: udp + type: long + + - name: dce + type: group + fields: + - name: pkt_too_small + type: long + + - name: vlan + type: long + + - name: sctp + type: long + + - name: max_pkt_size + type: long + + - name: teredo + type: long + + - name: mpls + type: long + + - name: sll + type: long + + - name: icmpv6 + type: long + + - name: icmpv4 + type: long + + - name: erspan + type: long + + - name: ethernet + type: long + + - name: ipv4_in_ipv6 + type: long + + - name: ieee8021ah + type: long + + - name: dns + type: group + fields: + - name: memcap_global + type: long + + - name: memcap_state + type: long + + - name: memuse + type: long + + - name: flow_mgr + type: group + fields: + - name: rows_busy + type: long + + - name: flows_timeout + type: long + + - name: flows_notimeout + type: long + + - name: rows_skipped + type: long + + - name: closed_pruned + type: long + + - name: new_pruned + type: long + + - name: flows_removed + type: long + + - name: bypassed_pruned + type: long + + - name: est_pruned + type: long + + - name: flows_timeout_inuse + type: long + + - name: flows_checked + type: long + + - name: rows_maxlen + type: long + + - name: rows_checked + type: long + + - name: rows_empty + type: long + + - name: app_layer + type: group + fields: + - name: flow + type: group + fields: + - name: tls + type: long + + - name: ftp + type: long + + - name: http + type: long + + - name: failed_udp + type: long + + - name: dns_udp + type: long + + - name: dns_tcp + type: long + + - name: smtp + type: long + + - name: failed_tcp + type: long + + - name: msn + type: long + + - name: ssh + type: long + + - name: imap + type: long + + - name: dcerpc_udp + type: long + + - name: dcerpc_tcp + type: long + + - name: smb + type: long + + - name: tx + type: group + fields: + - name: tls + type: long + + - name: ftp + type: long + + - name: http + type: long + + - name: dns_udp + type: long + + - name: dns_tcp + type: long + + - name: smtp + type: long + + - name: ssh + type: long + + - name: dcerpc_udp + type: long + + - name: dcerpc_tcp + type: long + + - name: smb + type: long + + - name: tls + type: group + fields: + - name: notbefore + type: date + + - name: issuerdn + type: keyword + + - name: sni + type: keyword + + - name: version + type: keyword + + - name: session_resumed + type: boolean + + - name: fingerprint + type: keyword + + - name: serial + type: keyword + + - name: notafter + type: date + + - name: subject + type: keyword + + - name: app_proto_ts + type: keyword + + - name: flow + type: group + fields: + - name: bytes_toclient + type: alias + path: destination.bytes + + - name: start + type: alias + path: event.start + + - name: pkts_toclient + type: alias + path: destination.packets + + - name: age + type: long + + - name: state + type: keyword + + - name: bytes_toserver + type: alias + path: source.bytes + + - name: reason + type: keyword + + - name: pkts_toserver + type: alias + path: source.packets + + - name: end + type: date + + - name: alerted + type: boolean + + - name: app_proto + type: alias + path: network.protocol + + - name: tx_id + type: long + + - name: app_proto_tc + type: keyword + + - name: smtp + type: group + fields: + - name: rcpt_to + type: keyword + + - name: mail_from + type: keyword + + - name: helo + type: keyword + + - name: app_proto_expected + type: keyword + + - name: flags + type: group + fields: diff --git a/dev/packages/beats/system-0.0.1/dataset/core/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/core/fields/fields.yml new file mode 100644 index 000000000..4004ed676 --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/core/fields/fields.yml @@ -0,0 +1,115 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: core + type: group + description: > + `system-core` contains CPU metrics for a single core of a multi-core system. + release: ga + fields: + - name: id + type: long + description: > + CPU Core number. + + # Percentages + - name: user.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent in user space. + + - name: user.ticks + type: long + description: > + The amount of CPU time spent in user space. + + - name: system.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent in kernel space. + + - name: system.ticks + type: long + description: > + The amount of CPU time spent in kernel space. + + - name: nice.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent on low-priority processes. + + - name: nice.ticks + type: long + description: > + The amount of CPU time spent on low-priority processes. + + - name: idle.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent idle. + + - name: idle.ticks + type: long + description: > + The amount of CPU time spent idle. + + - name: iowait.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent in wait (on disk). + + - name: iowait.ticks + type: long + description: > + The amount of CPU time spent in wait (on disk). + + - name: irq.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent servicing and handling hardware interrupts. + + - name: irq.ticks + type: long + description: > + The amount of CPU time spent servicing and handling hardware interrupts. + + - name: softirq.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent servicing and handling software interrupts. + + - name: softirq.ticks + type: long + description: > + The amount of CPU time spent servicing and handling software interrupts. + + - name: steal.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent in involuntary wait by the virtual CPU while the hypervisor + was servicing another processor. + Available only on Unix. + + - name: steal.ticks + type: long + description: > + The amount of CPU time spent in involuntary wait by the virtual CPU while the hypervisor + was servicing another processor. + Available only on Unix. diff --git a/dev/packages/beats/system-0.0.1/dataset/cpu/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/cpu/fields/fields.yml new file mode 100644 index 000000000..de1209133 --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/cpu/fields/fields.yml @@ -0,0 +1,185 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: cpu + type: group + description: > + `cpu` contains local CPU stats. + release: ga + fields: + - name: cores + type: long + description: > + The number of CPU cores present on the host. The non-normalized + percentages will have a maximum value of `100% * cores`. The + normalized percentages already take this value into account and have + a maximum value of 100%. + + # Percentages + - name: user.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent in user space. On multi-core systems, + you can have percentages that are greater than 100%. For example, if 3 + cores are at 60% use, then the `system.cpu.user.pct` will be 180%. + + - name: system.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent in kernel space. + + - name: nice.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent on low-priority processes. + + - name: idle.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent idle. + + - name: iowait.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent in wait (on disk). + + - name: irq.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent servicing and handling hardware interrupts. + + - name: softirq.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent servicing and handling software interrupts. + + - name: steal.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent in involuntary wait by the virtual CPU while the hypervisor + was servicing another processor. + Available only on Unix. + + - name: total.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent in states other than Idle and IOWait. + + # Normalized Percentages + - name: user.norm.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent in user space. + + - name: system.norm.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent in kernel space. + + - name: nice.norm.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent on low-priority processes. + + - name: idle.norm.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent idle. + + - name: iowait.norm.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent in wait (on disk). + + - name: irq.norm.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent servicing and handling hardware interrupts. + + - name: softirq.norm.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent servicing and handling software interrupts. + + - name: steal.norm.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent in involuntary wait by the virtual CPU while the hypervisor + was servicing another processor. + Available only on Unix. + + - name: total.norm.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time in states other than Idle and IOWait, normalised by the number of cores. + + + # Ticks + - name: user.ticks + type: long + description: > + The amount of CPU time spent in user space. + + - name: system.ticks + type: long + description: > + The amount of CPU time spent in kernel space. + + - name: nice.ticks + type: long + description: > + The amount of CPU time spent on low-priority processes. + + - name: idle.ticks + type: long + description: > + The amount of CPU time spent idle. + + - name: iowait.ticks + type: long + description: > + The amount of CPU time spent in wait (on disk). + + - name: irq.ticks + type: long + description: > + The amount of CPU time spent servicing and handling hardware interrupts. + + - name: softirq.ticks + type: long + description: > + The amount of CPU time spent servicing and handling software interrupts. + + - name: steal.ticks + type: long + description: > + The amount of CPU time spent in involuntary wait by the virtual CPU while the hypervisor + was servicing another processor. + Available only on Unix. diff --git a/dev/packages/beats/system-0.0.1/dataset/diskio/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/diskio/fields/fields.yml new file mode 100644 index 000000000..c76245ddb --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/diskio/fields/fields.yml @@ -0,0 +1,136 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: diskio + type: group + description: > + `disk` contains disk IO metrics collected from the operating system. + release: ga + fields: + - name: name + type: keyword + example: sda1 + description: > + The disk name. + + - name: serial_number + type: keyword + description: > + The disk's serial number. This may not be provided by all operating + systems. + + - name: read.count + type: long + description: > + The total number of reads completed successfully. + + - name: write.count + type: long + description: > + The total number of writes completed successfully. + + - name: read.bytes + type: long + format: bytes + description: > + The total number of bytes read successfully. On Linux this is + the number of sectors read multiplied by an assumed sector size of 512. + + - name: write.bytes + type: long + format: bytes + description: > + The total number of bytes written successfully. On Linux this is + the number of sectors written multiplied by an assumed sector size of + 512. + + - name: read.time + type: long + description: > + The total number of milliseconds spent by all reads. + + - name: write.time + type: long + description: > + The total number of milliseconds spent by all writes. + + - name: io.time + type: long + description: > + The total number of of milliseconds spent doing I/Os. + + - name: iostat.read.request.merges_per_sec + type: float + description: > + The number of read requests merged per second that were queued to the device. + + - name: iostat.write.request.merges_per_sec + type: float + description: > + The number of write requests merged per second that were queued to the device. + + - name: iostat.read.request.per_sec + type: float + description: > + The number of read requests that were issued to the device per second + + - name: iostat.write.request.per_sec + type: float + description: > + The number of write requests that were issued to the device per second + + - name: iostat.read.per_sec.bytes + type: float + description: > + The number of Bytes read from the device per second. + format: bytes + + - name: iostat.read.await + type: float + description: > + The average time spent for read requests issued to the device to be served. + + - name: iostat.write.per_sec.bytes + type: float + description: > + The number of Bytes write from the device per second. + format: bytes + + - name: iostat.write.await + type: float + description: > + The average time spent for write requests issued to the device to be served. + + - name: iostat.request.avg_size + type: float + description: > + The average size (in bytes) of the requests that were issued to the device. + + - name: iostat.queue.avg_size + type: float + description: > + The average queue length of the requests that were issued to the device. + + - name: iostat.await + type: float + description: > + The average time spent for requests issued to the device to be served. + + - name: iostat.service_time + type: float + description: > + The average service time (in milliseconds) for I/O requests that were issued to the device. + + - name: iostat.busy + type: float + description: > + Percentage of CPU time during which I/O requests were issued to the device (bandwidth utilization for the device). Device saturation occurs when this value is close to 100%. diff --git a/dev/packages/beats/system-0.0.1/dataset/entropy/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/entropy/fields/fields.yml new file mode 100644 index 000000000..523214939 --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/entropy/fields/fields.yml @@ -0,0 +1,27 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: entropy + type: group + description: > + Available system entropy + release: ga + fields: + - name: available_bits + type: long + description: > + The available bits of entropy + - name: pct + type: scaled_float + format: percent + description: > + The percentage of available entropy, relative to the pool size of 4096 diff --git a/dev/packages/beats/system-0.0.1/dataset/filesystem/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/filesystem/fields/fields.yml new file mode 100644 index 000000000..573598fd9 --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/filesystem/fields/fields.yml @@ -0,0 +1,65 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: filesystem + type: group + description: > + `filesystem` contains local filesystem stats. + release: ga + fields: + - name: available + type: long + format: bytes + description: > + The disk space available to an unprivileged user in bytes. + - name: device_name + type: keyword + description: > + The disk name. For example: `/dev/disk1` + - name: type + type: keyword + description: > + The disk type. For example: `ext4` + - name: mount_point + type: keyword + description: > + The mounting point. For example: `/` + - name: files + type: long + description: > + The total number of file nodes in the file system. + - name: free + type: long + format: bytes + description: > + The disk space available in bytes. + - name: free_files + type: long + description: > + The number of free file nodes in the file system. + - name: total + type: long + format: bytes + description: > + The total disk space in bytes. + - name: used.bytes + type: long + format: bytes + description: > + The used disk space in bytes. + - name: used.pct + type: scaled_float + format: percent + description: > + The percentage of used disk space. + + diff --git a/dev/packages/beats/system-0.0.1/dataset/fsstat/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/fsstat/fields/fields.yml new file mode 100644 index 000000000..afa3cdf9a --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/fsstat/fields/fields.yml @@ -0,0 +1,45 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: fsstat + type: group + description: > + `system.fsstat` contains filesystem metrics aggregated from all mounted + filesystems. + release: ga + fields: + - name: count + type: long + description: Number of file systems found. + - name: total_files + type: long + description: Total number of files. + - name: total_size + format: bytes + type: group + description: Nested file system docs. + fields: + - name: free + type: long + format: bytes + description: > + Total free space. + - name: used + type: long + format: bytes + description: > + Total used space. + - name: total + type: long + format: bytes + description: > + Total space (used plus free). diff --git a/dev/packages/beats/system-0.0.1/dataset/load/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/load/fields/fields.yml new file mode 100644 index 000000000..d8729369b --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/load/fields/fields.yml @@ -0,0 +1,56 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: load + type: group + description: > + CPU load averages. + release: ga + fields: + - name: "1" + type: scaled_float + scaling_factor: 100 + description: > + Load average for the last minute. + - name: "5" + type: scaled_float + scaling_factor: 100 + description: > + Load average for the last 5 minutes. + - name: "15" + type: scaled_float + scaling_factor: 100 + description: > + Load average for the last 15 minutes. + + - name: "norm.1" + type: scaled_float + scaling_factor: 100 + description: > + Load for the last minute divided by the number of cores. + + - name: "norm.5" + type: scaled_float + scaling_factor: 100 + description: > + Load for the last 5 minutes divided by the number of cores. + + - name: "norm.15" + type: scaled_float + scaling_factor: 100 + description: > + Load for the last 15 minutes divided by the number of cores. + + - name: "cores" + type: long + description: > + The number of CPU cores present on the host. diff --git a/dev/packages/beats/system-0.0.1/dataset/memory/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/memory/fields/fields.yml new file mode 100644 index 000000000..c8d1a3f1c --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/memory/fields/fields.yml @@ -0,0 +1,206 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: memory + type: group + description: > + `memory` contains local memory stats. + release: ga + fields: + - name: total + type: long + format: bytes + description: > + Total memory. + + - name: used.bytes + type: long + format: bytes + description: > + Used memory. + + - name: free + type: long + format: bytes + description: > + The total amount of free memory in bytes. This value does not include memory consumed by system caches and + buffers (see system.memory.actual.free). + + - name: used.pct + type: scaled_float + format: percent + description: > + The percentage of used memory. + + - name: actual + type: group + description: > + Actual memory used and free. + fields: + + - name: used.bytes + type: long + format: bytes + description: > + Actual used memory in bytes. It represents the difference between the total and the available memory. The + available memory depends on the OS. For more details, please check `system.actual.free`. + + - name: free + type: long + format: bytes + description: > + Actual free memory in bytes. It is calculated based on the OS. On Linux this value will be MemAvailable from /proc/meminfo, + or calculated from free memory plus caches and buffers if /proc/meminfo is not available. + On OSX it is a sum of free memory and the inactive memory. On Windows, it is equal + to `system.memory.free`. + + - name: used.pct + type: scaled_float + format: percent + description: > + The percentage of actual used memory. + + - name: swap + type: group + prefix: "[float]" + description: This group contains statistics related to the swap memory usage on the system. + fields: + - name: total + type: long + format: bytes + description: > + Total swap memory. + + - name: used.bytes + type: long + format: bytes + description: > + Used swap memory. + + - name: free + type: long + format: bytes + description: > + Available swap memory. + + - name: out.pages + type: long + description: count of pages swapped out + + - name: in.pages + type: long + description: count of pages swapped in + + - name: readahead.pages + type: long + description: swap readahead pages + + - name: readahead.cached + type: long + description: swap readahead cache hits + + - name: used.pct + type: scaled_float + format: percent + description: > + The percentage of used swap memory. + + - name: page_stats + type: group + description: memory page statistics + fields: + - name: pgscan_kswapd.pages + type: long + format: number + description: pages scanned by kswapd + - name: pgscan_direct.pages + type: long + format: number + description: pages scanned directly + - name: pgfree.pages + type: long + format: number + description: pages freed by the system + - name: pgsteal_kswapd.pages + type: long + format: number + description: number of pages reclaimed by kswapd + - name: pgsteal_direct.pages + type: long + format: number + description: number of pages reclaimed directly + - name: direct_efficiency.pct + type: scaled_float + format: percent + description: direct reclaim efficiency percentage. A lower percentage indicates the system is struggling to reclaim memory. + - name: kswapd_efficiency.pct + type: scaled_float + format: percent + description: kswapd reclaim efficiency percentage. A lower percentage indicates the system is struggling to reclaim memory. + + - name: hugepages + type: group + prefix: "[float]" + description: This group contains statistics related to huge pages usage on the system. + fields: + - name: total + type: long + format: number + description: > + Number of huge pages in the pool. + + - name: used.bytes + type: long + format: bytes + description: > + Memory used in allocated huge pages. + + - name: used.pct + type: long + format: percent + description: > + Percentage of huge pages used. + + - name: free + type: long + format: number + description: > + Number of available huge pages in the pool. + + - name: reserved + type: long + format: number + description: > + Number of reserved but not allocated huge pages in the pool. + + - name: surplus + type: long + format: number + description: > + Number of overcommited huge pages. + + - name: default_size + type: long + format: bytes + description: > + Default size for huge pages. + + - name: swap.out + type: group + description: huge pages swapped out + fields: + - name: pages + type: long + description: pages swapped out + - name: fallback + type: long + description: Count of huge pages that must be split before swapout diff --git a/dev/packages/beats/system-0.0.1/dataset/network/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/network/fields/fields.yml new file mode 100644 index 000000000..89b16d469 --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/network/fields/fields.yml @@ -0,0 +1,66 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: network + type: group + description: > + `network` contains network IO metrics for a single network interface. + release: ga + fields: + - name: name + type: keyword + example: eth0 + description: > + The network interface name. + + - name: out.bytes + type: long + format: bytes + description: > + The number of bytes sent. + + - name: in.bytes + type: long + format: bytes + description: > + The number of bytes received. + + - name: out.packets + type: long + description: > + The number of packets sent. + + - name: in.packets + type: long + description: > + The number or packets received. + + - name: in.errors + type: long + description: > + The number of errors while receiving. + + - name: out.errors + type: long + description: > + The number of errors while sending. + + - name: in.dropped + type: long + description: > + The number of incoming packets that were dropped. + + - name: out.dropped + type: long + description: > + The number of outgoing packets that were dropped. This value is always + 0 on Darwin and BSD because it is not reported by the operating system. diff --git a/dev/packages/beats/system-0.0.1/dataset/network_summary/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/network_summary/fields/fields.yml new file mode 100644 index 000000000..2fe823edd --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/network_summary/fields/fields.yml @@ -0,0 +1,38 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: network_summary + type: group + release: beta + description: > + Metrics relating to global network activity + fields: + - name: ip.* + type: object + description: > + IP counters + - name: tcp.* + type: object + description: > + TCP counters + - name: udp.* + type: object + description: > + UDP counters + - name: udp_lite.* + type: object + description: > + UDP Lite counters + - name: icmp.* + type: object + description: > + ICMP counters diff --git a/dev/packages/beats/system-0.0.1/dataset/process/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/process/fields/fields.yml new file mode 100644 index 000000000..46593670e --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/process/fields/fields.yml @@ -0,0 +1,510 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: process + type: group + description: > + `process` contains process metadata, CPU metrics, and memory metrics. + release: ga + fields: + - name: name + type: alias + path: process.name + migration: true + - name: state + type: keyword + description: > + The process state. For example: "running". + - name: pid + type: alias + path: process.pid + migration: true + - name: ppid + type: alias + path: process.ppid + migration: true + - name: pgid + type: alias + path: process.pgid + migration: true + - name: cmdline + type: keyword + description: > + The full command-line used to start the process, including the + arguments separated by space. + ignore_above: 2048 + - name: username + type: alias + path: user.name + migration: true + - name: cwd + type: alias + path: process.working_directory + migration: true + - name: env + type: object + object_type: keyword + description: > + The environment variables used to start the process. The data is + available on FreeBSD, Linux, and OS X. + - name: cpu + type: group + prefix: "[float]" + description: CPU-specific statistics per process. + fields: + - name: user.ticks + type: long + description: > + The amount of CPU time the process spent in user space. + - name: total.value + type: long + description: > + The value of CPU usage since starting the process. + - name: total.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent by the process since the last update. Its value is similar to the + %CPU value of the process displayed by the top command on Unix systems. + - name: total.norm.pct + type: scaled_float + format: percent + description: > + The percentage of CPU time spent by the process since the last event. + This value is normalized by the number of CPU cores and it ranges + from 0 to 100%. + - name: system.ticks + type: long + description: > + The amount of CPU time the process spent in kernel space. + - name: total.ticks + type: long + description: > + The total CPU time spent by the process. + - name: start_time + type: date + description: > + The time when the process was started. + - name: memory + type: group + description: Memory-specific statistics per process. + prefix: "[float]" + fields: + - name: size + type: long + format: bytes + description: > + The total virtual memory the process has. + - name: rss.bytes + type: long + format: bytes + description: > + The Resident Set Size. The amount of memory the process occupied in main memory (RAM). + - name: rss.pct + type: scaled_float + format: percent + description: > + The percentage of memory the process occupied in main memory (RAM). + - name: share + type: long + format: bytes + description: > + The shared memory the process uses. + - name: fd + type: group + description: > + File descriptor usage metrics. This set of metrics is available for + Linux and FreeBSD. + prefix: "[float]" + fields: + - name: open + type: long + description: The number of file descriptors open by the process. + - name: limit.soft + type: long + description: > + The soft limit on the number of file descriptors opened by the + process. The soft limit can be changed by the process at any time. + - name: limit.hard + type: long + description: > + The hard limit on the number of file descriptors opened by the + process. The hard limit can only be raised by root. + - name: cgroup + type: group + description: > + Metrics and limits from the cgroup of which the task is a member. + cgroup metrics are reported when the process has membership in a + non-root cgroup. These metrics are only available on Linux. + fields: + - name: id + type: keyword + description: > + The ID common to all cgroups associated with this task. + If there isn't a common ID used by all cgroups this field will be + absent. + + - name: path + type: keyword + description: > + The path to the cgroup relative to the cgroup subsystem's mountpoint. + If there isn't a common path used by all cgroups this field will be + absent. + + - name: cpu + type: group + description: > + The cpu subsystem schedules CPU access for tasks in the cgroup. + Access can be controlled by two separate schedulers, CFS and RT. + CFS stands for completely fair scheduler which proportionally + divides the CPU time between cgroups based on weight. RT stands for + real time scheduler which sets a maximum amount of CPU time that + processes in the cgroup can consume during a given period. + + fields: + - name: id + type: keyword + description: ID of the cgroup. + + - name: path + type: keyword + description: > + Path to the cgroup relative to the cgroup subsystem's + mountpoint. + + - name: cfs.period.us + type: long + description: > + Period of time in microseconds for how regularly a + cgroup's access to CPU resources should be reallocated. + + - name: cfs.quota.us + type: long + description: > + Total amount of time in microseconds for which all + tasks in a cgroup can run during one period (as defined by + cfs.period.us). + + - name: cfs.shares + type: long + description: > + An integer value that specifies a relative share of CPU time + available to the tasks in a cgroup. The value specified in the + cpu.shares file must be 2 or higher. + + - name: rt.period.us + type: long + description: > + Period of time in microseconds for how regularly a cgroup's + access to CPU resources is reallocated. + + - name: rt.runtime.us + type: long + description: > + Period of time in microseconds for the longest continuous period + in which the tasks in a cgroup have access to CPU resources. + + - name: stats.periods + type: long + description: > + Number of period intervals (as specified in cpu.cfs.period.us) + that have elapsed. + + - name: stats.throttled.periods + type: long + description: > + Number of times tasks in a cgroup have been throttled (that is, + not allowed to run because they have exhausted all of the + available time as specified by their quota). + + - name: stats.throttled.ns + type: long + description: > + The total time duration (in nanoseconds) for which tasks in a + cgroup have been throttled. + + - name: cpuacct + type: group + description: CPU accounting metrics. + fields: + - name: id + type: keyword + description: ID of the cgroup. + + - name: path + type: keyword + description: > + Path to the cgroup relative to the cgroup subsystem's + mountpoint. + + - name: total.ns + type: long + description: > + Total CPU time in nanoseconds consumed by all tasks in the + cgroup. + + - name: stats.user.ns + type: long + description: CPU time consumed by tasks in user mode. + + - name: stats.system.ns + type: long + description: CPU time consumed by tasks in user (kernel) mode. + + - name: percpu + type: object + object_type: long + description: > + CPU time (in nanoseconds) consumed on each CPU by all tasks in + this cgroup. + + - name: memory + type: group + description: Memory limits and metrics. + fields: + - name: id + type: keyword + description: ID of the cgroup. + + - name: path + type: keyword + description: > + Path to the cgroup relative to the cgroup subsystem's mountpoint. + + - name: mem.usage.bytes + type: long + format: bytes + description: > + Total memory usage by processes in the cgroup (in bytes). + + - name: mem.usage.max.bytes + type: long + format: bytes + description: > + The maximum memory used by processes in the cgroup (in bytes). + + - name: mem.limit.bytes + type: long + format: bytes + description: > + The maximum amount of user memory in bytes (including file + cache) that tasks in the cgroup are allowed to use. + + - name: mem.failures + type: long + description: > + The number of times that the memory limit (mem.limit.bytes) was + reached. + + - name: memsw.usage.bytes + type: long + format: bytes + description: > + The sum of current memory usage plus swap space used by + processes in the cgroup (in bytes). + + - name: memsw.usage.max.bytes + type: long + format: bytes + description: > + The maximum amount of memory and swap space used by processes in + the cgroup (in bytes). + + - name: memsw.limit.bytes + type: long + format: bytes + description: > + The maximum amount for the sum of memory and swap usage + that tasks in the cgroup are allowed to use. + + - name: memsw.failures + type: long + description: > + The number of times that the memory plus swap space limit + (memsw.limit.bytes) was reached. + + - name: kmem.usage.bytes + type: long + format: bytes + description: > + Total kernel memory usage by processes in the cgroup (in bytes). + + - name: kmem.usage.max.bytes + type: long + format: bytes + description: > + The maximum kernel memory used by processes in the cgroup (in + bytes). + + - name: kmem.limit.bytes + type: long + format: bytes + description: > + The maximum amount of kernel memory that tasks in the cgroup are + allowed to use. + + - name: kmem.failures + type: long + description: > + The number of times that the memory limit (kmem.limit.bytes) was + reached. + + - name: kmem_tcp.usage.bytes + type: long + format: bytes + description: > + Total memory usage for TCP buffers in bytes. + + - name: kmem_tcp.usage.max.bytes + type: long + format: bytes + description: > + The maximum memory used for TCP buffers by processes in the + cgroup (in bytes). + + - name: kmem_tcp.limit.bytes + type: long + format: bytes + description: > + The maximum amount of memory for TCP buffers that tasks in the + cgroup are allowed to use. + + - name: kmem_tcp.failures + type: long + description: > + The number of times that the memory limit (kmem_tcp.limit.bytes) + was reached. + + - name: stats.active_anon.bytes + type: long + format: bytes + description: > + Anonymous and swap cache on active least-recently-used (LRU) + list, including tmpfs (shmem), in bytes. + + - name: stats.active_file.bytes + type: long + format: bytes + description: File-backed memory on active LRU list, in bytes. + + - name: stats.cache.bytes + type: long + format: bytes + description: Page cache, including tmpfs (shmem), in bytes. + + - name: stats.hierarchical_memory_limit.bytes + type: long + format: bytes + description: > + Memory limit for the hierarchy that contains the memory cgroup, + in bytes. + + - name: stats.hierarchical_memsw_limit.bytes + type: long + format: bytes + description: > + Memory plus swap limit for the hierarchy that contains the + memory cgroup, in bytes. + + - name: stats.inactive_anon.bytes + type: long + format: bytes + description: > + Anonymous and swap cache on inactive LRU list, including tmpfs + (shmem), in bytes + + - name: stats.inactive_file.bytes + type: long + format: bytes + description: > + File-backed memory on inactive LRU list, in bytes. + + - name: stats.mapped_file.bytes + type: long + format: bytes + description: > + Size of memory-mapped mapped files, including tmpfs (shmem), + in bytes. + + - name: stats.page_faults + type: long + description: > + Number of times that a process in the cgroup triggered a page + fault. + + - name: stats.major_page_faults + type: long + description: > + Number of times that a process in the cgroup triggered a major + fault. "Major" faults happen when the kernel actually has to + read the data from disk. + + - name: stats.pages_in + type: long + description: > + Number of pages paged into memory. This is a counter. + + - name: stats.pages_out + type: long + description: > + Number of pages paged out of memory. This is a counter. + + - name: stats.rss.bytes + type: long + format: bytes + description: > + Anonymous and swap cache (includes transparent hugepages), not + including tmpfs (shmem), in bytes. + + - name: stats.rss_huge.bytes + type: long + format: bytes + description: > + Number of bytes of anonymous transparent hugepages. + + - name: stats.swap.bytes + type: long + format: bytes + description: > + Swap usage, in bytes. + + - name: stats.unevictable.bytes + type: long + format: bytes + description: > + Memory that cannot be reclaimed, in bytes. + + - name: blkio + type: group + description: Block IO metrics. + fields: + - name: id + type: keyword + description: ID of the cgroup. + + - name: path + type: keyword + description: > + Path to the cgroup relative to the cgroup subsystems mountpoint. + + - name: total.bytes + type: long + format: bytes + description: > + Total number of bytes transferred to and from all block devices + by processes in the cgroup. + + - name: total.ios + type: long + description: > + Total number of I/O operations performed on all devices + by processes in the cgroup as seen by the throttling policy. diff --git a/dev/packages/beats/system-0.0.1/dataset/process_summary/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/process_summary/fields/fields.yml new file mode 100644 index 000000000..dff2dd2a6 --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/process_summary/fields/fields.yml @@ -0,0 +1,51 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: process.summary + title: Process Summary + type: group + description: > + Summary metrics for the processes running on the host. + release: ga + fields: + - name: total + type: long + description: > + Total number of processes on this host. + - name: running + type: long + description: > + Number of running processes on this host. + - name: idle + type: long + description: > + Number of idle processes on this host. + - name: sleeping + type: long + description: > + Number of sleeping processes on this host. + - name: stopped + type: long + description: > + Number of stopped processes on this host. + - name: zombie + type: long + description: > + Number of zombie processes on this host. + - name: dead + type: long + description: > + Number of dead processes on this host. It's very unlikely that it will appear but in some special situations it may happen. + - name: unknown + type: long + description: > + Number of processes for which the state couldn't be retrieved or is unknown. diff --git a/dev/packages/beats/system-0.0.1/dataset/raid/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/raid/fields/fields.yml new file mode 100644 index 000000000..ba3b11ed4 --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/raid/fields/fields.yml @@ -0,0 +1,63 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: raid + type: group + description: > + raid + release: ga + fields: + - name: name + type: keyword + description: > + Name of the device. + - name: status + type: keyword + description: > + activity-state of the device. + - name: level + type: keyword + description: > + The raid level of the device + - name: sync_action + type: keyword + description: > + Current sync action, if the RAID array is redundant + - name: disks.active + type: long + description: > + Number of active disks. + - name: disks.total + type: long + description: > + Total number of disks the device consists of. + - name: disks.spare + type: long + description: > + Number of spared disks. + - name: disks.failed + type: long + description: > + Number of failed disks. + - name: disks.states.* + type: object + object_type: keyword + description: > + map of raw disk states + - name: blocks.total + type: long + description: > + Number of blocks the device holds, in 1024-byte blocks. + - name: blocks.synced + type: long + description: > + Number of blocks on the device that are in sync, in 1024-byte blocks. diff --git a/dev/packages/beats/system-0.0.1/dataset/service/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/service/fields/fields.yml new file mode 100644 index 000000000..bd588d8b2 --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/service/fields/fields.yml @@ -0,0 +1,68 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: service + type: group + release: beta + description: > + metrics for system services + fields: + - name: name + type: keyword + description: The name of the service + - name: load_state + type: keyword + description: The load state of the service + - name: state + type: keyword + description: The activity state of the service + - name: sub_state + type: keyword + description: The sub-state of the service + - name: state_since + type: date + description: The timestamp of the last state change. If the service is active and running, this is its uptime. + - name: exec_code + type: keyword + description: The SIGCHLD code from the service's main process + - name: resources + type: group + description: system metrics associated with the service + fields: + - name: cpu.usage.ns + type: long + description: CPU usage in nanoseconds + - name: memory.usage.bytes + type: long + description: memory usage in bytes + - name: tasks.count + type: long + description: number of tasks associated with the service + - name: network + type: group + description: network resource usage + fields: + - name: in.bytes + type: long + format: bytes + description: bytes in + - name: in.packets + type: long + format: bytes + description: packets in + - name: out.packets + type: long + description: packets out + - name: out.bytes + type: long + description: bytes out + diff --git a/dev/packages/beats/system-0.0.1/dataset/socket/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/socket/fields/fields.yml new file mode 100644 index 000000000..2ee48ba3b --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/socket/fields/fields.yml @@ -0,0 +1,102 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: socket + type: group + description: > + TCP sockets that are active. + release: ga + fields: + - name: direction + type: alias + path: network.direction + migration: true + + - name: family + type: alias + path: network.type + migration: true + + - name: local.ip + type: ip + example: 192.0.2.1 or 2001:0DB8:ABED:8536::1 + description: > + Local IP address. This can be an IPv4 or IPv6 address. + + - name: local.port + type: long + example: 22 + description: > + Local port. + + - name: remote.ip + type: ip + example: 192.0.2.1 or 2001:0DB8:ABED:8536::1 + description: > + Remote IP address. This can be an IPv4 or IPv6 address. + + - name: remote.port + type: long + example: 22 + description: > + Remote port. + + - name: remote.host + type: keyword + example: 76-211-117-36.nw.example.com. + description: > + PTR record associated with the remote IP. It is obtained via reverse + IP lookup. + + - name: remote.etld_plus_one + type: keyword + example: example.com. + description: > + The effective top-level domain (eTLD) of the remote host plus one more + label. For example, the eTLD+1 for "foo.bar.golang.org." is "golang.org.". + The data for determining the eTLD comes from an embedded copy of the data + from http://publicsuffix.org. + + - name: remote.host_error + type: keyword + description: > + Error describing the cause of the reverse lookup failure. + + - name: process.pid + type: alias + path: process.pid + migration: true + + - name: process.command + type: alias + path: process.name + migration: true + + - name: process.cmdline + type: keyword + description: > + Full command line + + - name: process.exe + type: alias + path: process.executable + migration: true + + - name: user.id + type: alias + path: user.id + migration: true + + - name: user.name + type: alias + path: user.full_name + migration: true diff --git a/dev/packages/beats/system-0.0.1/dataset/socket_summary/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/socket_summary/fields/fields.yml new file mode 100644 index 000000000..202c3a4f7 --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/socket_summary/fields/fields.yml @@ -0,0 +1,93 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: socket.summary + title: Socket summary + type: group + description: > + Summary metrics of open sockets in the host system + release: ga + fields: + - name: all + type: group + description: > + All connections + fields: + - name: count + type: integer + description: > + All open connections + - name: listening + type: integer + description: > + All listening ports + - name: tcp + type: group + description: > + All TCP connections + fields: + - name: memory + type: integer + format: bytes + description: > + Memory used by TCP sockets in bytes, based on number of allocated pages and system page size. Corresponds to limits set in /proc/sys/net/ipv4/tcp_mem. Only available on Linux. + - name: all + type: group + description: > + All TCP connections + fields: + - name: orphan + type: integer + description: > + A count of all orphaned tcp sockets. Only available on Linux. + - name: count + type: integer + description: > + All open TCP connections + - name: listening + type: integer + description: > + All TCP listening ports + - name: established + type: integer + description: > + Number of established TCP connections + - name: close_wait + type: integer + description: > + Number of TCP connections in _close_wait_ state + - name: time_wait + type: integer + description: > + Number of TCP connections in _time_wait_ state + - name: udp + type: group + description: > + All UDP connections + fields: + - name: memory + type: integer + format: bytes + description: > + Memory used by UDP sockets in bytes, based on number of allocated pages and system page size. Corresponds to limits set in /proc/sys/net/ipv4/udp_mem. Only available on Linux. + - name: all + type: group + description: > + All UDP connections + fields: + - name: count + type: integer + description: > + All open UDP connections + + + diff --git a/dev/packages/beats/system-0.0.1/dataset/uptime/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/uptime/fields/fields.yml new file mode 100644 index 000000000..fefd813fb --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/uptime/fields/fields.yml @@ -0,0 +1,24 @@ +- key: system + title: "System" + description: > + System status metrics, like CPU and memory usage, that are collected from the operating system. + short_config: true + release: ga + fields: + - name: system + type: group + description: > + `system` contains local system metrics. + fields: + - name: uptime + type: group + description: > + `uptime` contains the operating system uptime metric. + release: ga + fields: + - name: duration.ms + type: long + format: duration + input_format: milliseconds + description: > + The OS uptime in milliseconds. diff --git a/dev/packages/beats/tomcat-0.0.1/dataset/cache/fields/fields.yml b/dev/packages/beats/tomcat-0.0.1/dataset/cache/fields/fields.yml new file mode 100644 index 000000000..eb5a264f4 --- /dev/null +++ b/dev/packages/beats/tomcat-0.0.1/dataset/cache/fields/fields.yml @@ -0,0 +1,32 @@ +- key: tomcat + title: 'Tomcat' + release: beta + description: > + Tomcat module + fields: + - name: tomcat + type: group + fields: + - name: cache + type: group + description: Catalina Cache metrics from the WebResourceRoot + release: beta + fields: + - name: mbean + description: Mbean that this event is related to + type: keyword + - name: hit.total + description: The number of requests for resources that were served from the cache + type: long + - name: size.total.kb + description: The current estimate of the cache size in kilobytes + type: long + - name: size.max.kb + description: The maximum permitted size of the cache in kilobytes + type: long + - name: lookup.total + description: The number of requests for resources + type: long + - name: ttl.ms + description: The time-to-live for cache entries in milliseconds + type: long diff --git a/dev/packages/beats/tomcat-0.0.1/dataset/memory/fields/fields.yml b/dev/packages/beats/tomcat-0.0.1/dataset/memory/fields/fields.yml new file mode 100644 index 000000000..91dfb8e3c --- /dev/null +++ b/dev/packages/beats/tomcat-0.0.1/dataset/memory/fields/fields.yml @@ -0,0 +1,41 @@ +- key: tomcat + title: 'Tomcat' + release: beta + description: > + Tomcat module + fields: + - name: tomcat + type: group + fields: + - name: memory + type: group + description: Memory metrics from java.lang JMX + release: beta + fields: + - name: mbean + description: Mbean that this event is related to + type: keyword + - name: heap.usage.committed + description: Committed heap memory usage + type: long + - name: heap.usage.max + description: Max heap memory usage + type: long + - name: heap.usage.used + description: Used heap memory usage + type: long + - name: heap.usage.init + description: Initial heap memory usage + type: long + - name: other.usage.committed + description: Committed non-heap memory usage + type: long + - name: other.usage.max + description: Max non-heap memory usage + type: long + - name: other.usage.used + description: Used non-heap memory usage + type: long + - name: other.usage.init + description: Initial non-heap memory usage + type: long diff --git a/dev/packages/beats/tomcat-0.0.1/dataset/requests/fields/fields.yml b/dev/packages/beats/tomcat-0.0.1/dataset/requests/fields/fields.yml new file mode 100644 index 000000000..dc9acc81e --- /dev/null +++ b/dev/packages/beats/tomcat-0.0.1/dataset/requests/fields/fields.yml @@ -0,0 +1,32 @@ +- key: tomcat + title: 'Tomcat' + release: beta + description: > + Tomcat module + fields: + - name: tomcat + type: group + fields: + - name: requests + type: group + description: Requests processor metrics from GlobalRequestProcessor JMX + release: beta + fields: + - name: mbean + description: Mbean that this event is related to + type: keyword + - name: total + description: Number of requests processed + type: long + - name: bytes.received + description: Amount of data received, in bytes + type: long + - name: bytes.sent + description: Amount of data sent, in bytes + type: long + - name: processing.ms + description: Total time to process the requests + type: long + - name: errors.total + description: Number of errors + type: long diff --git a/dev/packages/beats/tomcat-0.0.1/dataset/threading/fields/fields.yml b/dev/packages/beats/tomcat-0.0.1/dataset/threading/fields/fields.yml new file mode 100644 index 000000000..c13da12f5 --- /dev/null +++ b/dev/packages/beats/tomcat-0.0.1/dataset/threading/fields/fields.yml @@ -0,0 +1,44 @@ +- key: tomcat + title: 'Tomcat' + release: beta + description: > + Tomcat module + fields: + - name: tomcat + type: group + fields: + - name: threading + type: group + description: Threading metrics from the Catalina's ThreadPool JMX + release: beta + fields: + - name: busy + description: Current busy threads from the ThreadPool + type: long + - name: max + description: Max threads from the ThreadPool + type: long + - name: current + description: Current number of threads, taken from the ThreadPool + type: long + - name: keep_alive.total + description: Total keep alive on the ThreadPool + type: long + - name: keep_alive.timeout.ms + description: Keep alive timeout on the ThreadPool + type: long + - name: started.total + description: Current started threads at JVM level (from java.lang:type=Threading) + type: long + - name: user.time.ms + description: User time in milliseconds (from java.lang:type=Threading) + type: long + - name: cpu.time.ms + description: CPU time in milliseconds (from java.lang:type=Threading) + type: long + - name: total + description: Total threads at the JVM level (from java.lang:type=Threading) + type: long + - name: peak + description: Peak number of threads at JVM level (from java.lang:type=Threading) + type: long diff --git a/dev/packages/beats/traefik-0.0.1/dataset/health/fields/fields.yml b/dev/packages/beats/traefik-0.0.1/dataset/health/fields/fields.yml new file mode 100644 index 000000000..a4b7ccd7f --- /dev/null +++ b/dev/packages/beats/traefik-0.0.1/dataset/health/fields/fields.yml @@ -0,0 +1,39 @@ +- key: traefik + title: "traefik" + description: > + Traefik reverse proxy / load balancer metrics + release: ga + fields: + - name: traefik + type: group + description: > + Traefik reverse proxy / load balancer metrics + fields: + - name: health + type: group + description: > + Metrics obtained from Traefik's health API endpoint + release: ga + fields: + - name: uptime.sec + type: long + description: > + Uptime of Traefik instance in seconds + - name: response + type: group + description: > + Response metrics + fields: + - name: count + type: long + description: > + Number of responses + - name: avg_time.us + type: long + description: > + Average response time in microseconds + - name: status_codes.* + type: object + object_type: long + description: > + Number of responses per status code diff --git a/dev/packages/beats/uwsgi-0.0.1/dataset/status/fields/fields.yml b/dev/packages/beats/uwsgi-0.0.1/dataset/status/fields/fields.yml new file mode 100644 index 000000000..bc2307b55 --- /dev/null +++ b/dev/packages/beats/uwsgi-0.0.1/dataset/status/fields/fields.yml @@ -0,0 +1,132 @@ +- key: uwsgi + title: "uwsgi" + description: > + uwsgi module + release: ga + fields: + - name: uwsgi + type: group + description: > + fields: + - name: status + type: group + release: ga + description: > + uwsgi.status metricset fields + fields: + - name: total.requests + type: long + description: > + Total requests handled + - name: total.exceptions + type: long + description: > + Total exceptions + - name: total.write_errors + type: long + description: > + Total requests write errors + - name: total.read_errors + type: long + description: > + Total read errors + - name: total.pid + type: long + description: > + Process id + - name: worker.id + type: long + description: > + Worker id + - name: worker.pid + type: long + description: > + Worker process id + - name: worker.accepting + type: long + description: > + State of worker, 1 if still accepting new requests otherwise 0 + - name: worker.requests + type: long + description: > + Number of requests served by this worker + - name: worker.delta_requests + type: long + description: > + Number of requests served by this worker after worker is reloaded when reached MAX_REQUESTS + - name: worker.exceptions + type: long + description: > + Exceptions raised + - name: worker.harakiri_count + type: long + description: > + Dropped requests by timeout + - name: worker.signals + type: long + description: > + Emitted signals count + - name: worker.signal_queue + type: long + description: > + Number of signals waiting to be handled + - name: worker.status + type: keyword + description: > + Worker status (cheap, pause, sig, busy, idle) + - name: worker.rss + type: keyword + description: > + Resident Set Size. memory currently used by a process. if always zero try `--memory-report` option of uwsgi + - name: worker.vsz + type: long + description: > + Virtual Set Size. memory size assigned to a process. if always zero try `--memory-report` option of uwsgi + - name: worker.running_time + type: long + description: > + Process running time + - name: worker.respawn_count + type: long + description: > + Respawn count + - name: worker.tx + type: long + description: > + Transmitted size + - name: worker.avg_rt + type: long + description: > + Average response time + - name: core.id + type: long + description: > + worker ID + - name: core.worker_pid + type: long + description: > + Parent worker PID + - name: core.requests.total + type: long + description: > + Number of total requests served + - name: core.requests.static + type: long + description: > + Number of static file serves + - name: core.requests.routed + type: long + description: > + Routed requests + - name: core.requests.offloaded + type: long + description: > + Offloaded requests + - name: core.write_errors + type: long + description: > + Number of failed writes + - name: core.read_errors + type: long + description: > + Number of failed reads diff --git a/dev/packages/beats/vsphere-0.0.1/dataset/datastore/fields/fields.yml b/dev/packages/beats/vsphere-0.0.1/dataset/datastore/fields/fields.yml new file mode 100644 index 000000000..6a0dd5297 --- /dev/null +++ b/dev/packages/beats/vsphere-0.0.1/dataset/datastore/fields/fields.yml @@ -0,0 +1,45 @@ +- key: vsphere + title: "vSphere" + description: > + vSphere module + release: beta + fields: + - name: vsphere + type: group + description: > + fields: + - name: datastore + type: group + description: > + datastore + release: beta + fields: + - name: name + type: keyword + description: > + Datastore name + - name: fstype + type: keyword + description: > + Filesystem type + - name: capacity.total.bytes + type: long + description: > + Total bytes of the datastore + format: bytes + - name: capacity.free.bytes + type: long + description: > + Free bytes of the datastore + format: bytes + - name: capacity.used.bytes + type: long + description: > + Used bytes of the datastore + format: bytes + - name: capacity.used.pct + type: long + description: > + Used percent of the datastore + format: percent + diff --git a/dev/packages/beats/vsphere-0.0.1/dataset/host/fields/fields.yml b/dev/packages/beats/vsphere-0.0.1/dataset/host/fields/fields.yml new file mode 100644 index 000000000..7b98b1f59 --- /dev/null +++ b/dev/packages/beats/vsphere-0.0.1/dataset/host/fields/fields.yml @@ -0,0 +1,51 @@ +- key: vsphere + title: "vSphere" + description: > + vSphere module + release: beta + fields: + - name: vsphere + type: group + description: > + fields: + - name: host + type: group + description: > + host + release: beta + fields: + - name: name + type: keyword + description: > + Host name + - name: cpu.used.mhz + type: long + description: > + Used CPU in Mhz + - name: cpu.total.mhz + type: long + description: > + Total CPU in Mhz + - name: cpu.free.mhz + type: long + description: > + Free CPU in Mhz + - name: memory.used.bytes + type: long + description: > + Used Memory in bytes + format: bytes + - name: memory.total.bytes + type: long + description: > + Total Memory in bytes + format: bytes + - name: memory.free.bytes + type: long + description: > + Free Memory in bytes + format: bytes + - name: network_names + type: keyword + description: > + Network names diff --git a/dev/packages/beats/vsphere-0.0.1/dataset/virtualmachine/fields/fields.yml b/dev/packages/beats/vsphere-0.0.1/dataset/virtualmachine/fields/fields.yml new file mode 100644 index 000000000..608d72025 --- /dev/null +++ b/dev/packages/beats/vsphere-0.0.1/dataset/virtualmachine/fields/fields.yml @@ -0,0 +1,65 @@ +- key: vsphere + title: "vSphere" + description: > + vSphere module + release: beta + fields: + - name: vsphere + type: group + description: > + fields: + - name: virtualmachine + type: group + description: > + virtualmachine + release: beta + fields: + - name: host.id + type: keyword + description: > + Host id + - name: host.hostname + type: keyword + description: > + Host name of the host + - name: name + type: keyword + description: > + Virtual Machine name + - name: os + type: keyword + description: > + Virtual Machine Operating System name + - name: cpu.used.mhz + type: long + description: > + Used CPU in Mhz + - name: memory.used.guest.bytes + type: long + description: > + Used Memory of Guest in bytes + format: bytes + - name: memory.used.host.bytes + type: long + description: > + Used Memory of Host in bytes + format: bytes + - name: memory.total.guest.bytes + type: long + description: > + Total Memory of Guest in bytes + format: bytes + - name: memory.free.guest.bytes + type: long + description: > + Free Memory of Guest in bytes + format: bytes + - name: custom_fields + type: object + object_type: keyword + description: > + Custom fields + - name: network_names + type: keyword + description: > + Network names diff --git a/dev/packages/beats/windows-0.0.1/dataset/perfmon/fields/fields.yml b/dev/packages/beats/windows-0.0.1/dataset/perfmon/fields/fields.yml new file mode 100644 index 000000000..b47b7ccb6 --- /dev/null +++ b/dev/packages/beats/windows-0.0.1/dataset/perfmon/fields/fields.yml @@ -0,0 +1,12 @@ +- key: windows + title: "Windows" + description: > + Module for Windows + short_config: false + release: ga + fields: + - name: windows + type: group + description: > + fields: + - release: beta diff --git a/dev/packages/beats/windows-0.0.1/dataset/service/fields/fields.yml b/dev/packages/beats/windows-0.0.1/dataset/service/fields/fields.yml new file mode 100644 index 000000000..bb4b0fc17 --- /dev/null +++ b/dev/packages/beats/windows-0.0.1/dataset/service/fields/fields.yml @@ -0,0 +1,80 @@ +- key: windows + title: "Windows" + description: > + Module for Windows + short_config: false + release: ga + fields: + - name: windows + type: group + description: > + fields: + - name: service + type: group + description: > + `service` contains the status for Windows services. + release: ga + fields: + - name: id + type: keyword + example: hW3NJFc1Ap + description: > + A unique ID for the service. It is a hash of the machine's GUID and the + service name. + + - name: name + type: keyword + example: Wecsvc + description: > + The service name. + + - name: display_name + type: keyword + example: Windows Event Collector + description: > + The display name of the service. + + - name: start_type + type: keyword + description: > + The startup type of the service. The possible values are `Automatic`, + `Boot`, `Disabled`, `Manual`, and `System`. + + - name: start_name + type: keyword + example: NT AUTHORITY\LocalService + description: > + Account name under which a service runs. + + - name: path_name + type: keyword + example: C:\WINDOWS\system32\svchost.exe -k LocalService -p + description: > + Fully qualified path to the file that implements the service, + including arguments. + + - name: state + type: keyword + description: > + The actual state of the service. The possible values are `Continuing`, + `Pausing`, `Paused`, `Running`, `Starting`, `Stopping`, and `Stopped`. + + - name: exit_code + type: keyword + description: > + For `Stopped` services this is the error code that service reports + when starting to stopping. This will be the generic Windows service + error code unless the service provides a service-specific error code. + + - name: pid + type: long + example: 1092 + description: > + For `Running` services this is the associated process PID. + + - name: uptime.ms + type: long + format: duration + input_format: milliseconds + description: > + The service's uptime specified in milliseconds. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/capture_loss/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/capture_loss/fields/fields.yml new file mode 100644 index 000000000..dd9c29600 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/capture_loss/fields/fields.yml @@ -0,0 +1,43 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: capture_loss + type: group + description: > + Fields exported by the Zeek capture_loss log + fields: + - name: ts_delta + type: integer + description: | + The time delay between this measurement and the last. + + - name: peer + type: keyword + description: | + In the event that there are multiple Bro instances logging to the same host, this distinguishes each peer with its individual name. + + - name: gaps + type: integer + description: | + Number of missed ACKs from the previous measurement interval. + + - name: acks + type: integer + description: | + Total number of ACKs seen in the previous measurement interval. + + - name: percent_lost + type: double + description: | + Percentage of ACKs seen where the data being ACKed wasn't seen. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/connection/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/connection/fields/fields.yml new file mode 100644 index 000000000..2610bc210 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/connection/fields/fields.yml @@ -0,0 +1,73 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: connection + type: group + default_field: false + description: > + Fields exported by the Zeek Connection log + fields: + - name: local_orig + type: boolean + description: > + Indicates whether the session is originated locally. + + - name: local_resp + type: boolean + description: > + Indicates whether the session is responded locally. + + - name: missed_bytes + type: long + description: > + Missed bytes for the session. + + - name: state + type: keyword + description: > + Code indicating the state of the session. + + - name: state_message + type: keyword + description: > + The state of the session. + + - name: icmp + type: group + fields: + - name: type + type: integer + description: > + ICMP message type. + + - name: code + type: integer + description: > + ICMP message code. + + - name: history + type: keyword + description: > + Flags indicating the history of the session. + + - name: vlan + type: integer + description: > + VLAN identifier. + + - name: inner_vlan + type: integer + description: > + VLAN identifier. + diff --git a/dev/packages/beats/zeek-0.0.1/dataset/dce_rpc/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/dce_rpc/fields/fields.yml new file mode 100644 index 000000000..e767d47ff --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/dce_rpc/fields/fields.yml @@ -0,0 +1,39 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: dce_rpc + type: group + default_field: false + description: > + Fields exported by the Zeek DCE_RPC log + fields: + - name: rtt + type: integer + description: | + Round trip time from the request to the response. If either the request or response wasn't seen, this will be null. + + - name: named_pipe + type: keyword + description: | + Remote pipe name. + + - name: endpoint + type: keyword + description: | + Endpoint name looked up from the uuid. + + - name: operation + type: keyword + description: | + Operation seen in the call. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/dhcp/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/dhcp/fields/fields.yml new file mode 100644 index 000000000..54d1812fe --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/dhcp/fields/fields.yml @@ -0,0 +1,147 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: dhcp + type: group + default_field: false + description: > + Fields exported by the Zeek DHCP log + fields: + - name: domain + type: keyword + description: > + Domain given by the server in option 15. + + - name: duration + type: double + description: | + Duration of the DHCP session representing the time from the first + message to the last, in seconds. + + - name: hostname + type: keyword + description: > + Name given by client in Hostname option 12. + + - name: client_fqdn + type: keyword + description: > + FQDN given by client in Client FQDN option 81. + + - name: lease_time + type: integer + description: > + IP address lease interval in seconds. + + - name: address + type: group + description: > + Addresses seen in this DHCP exchange. + fields: + - name: assigned + type: ip + description: > + IP address assigned by the server. + + - name: client + type: ip + description: | + IP address of the client. If a transaction is only a client sending + INFORM messages then there is no lease information exchanged so this + is helpful to know who sent the messages. Getting an address in this + field does require that the client sources at least one DHCP message + using a non-broadcast address. + + - name: mac + type: keyword + description: > + Client's hardware address. + + - name: requested + type: ip + description: > + IP address requested by the client. + + - name: server + type: ip + description: > + IP address of the DHCP server. + + - name: msg + type: group + fields: + - name: types + type: keyword + description: > + List of DHCP message types seen in this exchange. + + - name: origin + type: ip + description: | + (present if policy/protocols/dhcp/msg-orig.bro is loaded) + The address that originated each message from the msg.types field. + + - name: client + type: keyword + description: | + Message typically accompanied with a DHCP_DECLINE so the client can + tell the server why it rejected an address. + + - name: server + type: keyword + description: | + Message typically accompanied with a DHCP_NAK to let the client know + why it rejected the request. + + - name: software + type: group + fields: + - name: client + type: keyword + description: | + (present if policy/protocols/dhcp/software.bro is loaded) + Software reported by the client in the vendor_class option. + + - name: server + type: keyword + description: | + (present if policy/protocols/dhcp/software.bro is loaded) + Software reported by the client in the vendor_class option. + + - name: id + type: group + fields: + - name: circuit + type: keyword + description: | + (present if policy/protocols/dhcp/sub-opts.bro is loaded) + Added by DHCP relay agents which terminate switched or permanent + circuits. It encodes an agent-local identifier of the circuit from + which a DHCP client-to-server packet was received. Typically it + should represent a router or switch interface number. + + - name: remote_agent + type: keyword + description: | + (present if policy/protocols/dhcp/sub-opts.bro is loaded) + A globally unique identifier added by relay agents to identify the + remote host end of the circuit. + + - name: subscriber + type: keyword + description: | + (present if policy/protocols/dhcp/sub-opts.bro is loaded) + The subscriber ID is a value independent of the physical network + configuration so that a customer's DHCP configuration can be given + to them correctly no matter where they are physically connected. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/dnp3/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/dnp3/fields/fields.yml new file mode 100644 index 000000000..20f2ed820 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/dnp3/fields/fields.yml @@ -0,0 +1,38 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: dnp3 + type: group + default_field: false + description: > + Fields exported by the Zeek SSH log + fields: + - name: function + type: group + fields: + - name: request + type: keyword + description: | + The name of the function message in the request. + + - name: reply + type: keyword + description: | + The name of the function message in the reply. + + - name: id + type: integer + description: | + The response's internal indication number. + diff --git a/dev/packages/beats/zeek-0.0.1/dataset/dns/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/dns/fields/fields.yml new file mode 100644 index 000000000..df519d226 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/dns/fields/fields.yml @@ -0,0 +1,121 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: dns + type: group + description: > + Fields exported by the Zeek DNS log + fields: + - name: trans_id + type: keyword + description: > + DNS transaction identifier. + + - name: rtt + type: double + description: > + Round trip time for the query and response. + + - name: query + type: keyword + description: > + The domain name that is the subject of the DNS query. + + - name: qclass + type: long + description: > + The QCLASS value specifying the class of the query. + + - name: qclass_name + type: keyword + description: > + A descriptive name for the class of the query. + + - name: qtype + type: long + description: > + A QTYPE value specifying the type of the query. + + - name: qtype_name + type: keyword + description: > + A descriptive name for the type of the query. + + - name: rcode + type: long + description: > + The response code value in DNS response messages. + + - name: rcode_name + type: keyword + description: > + A descriptive name for the response code value. + + - name: AA + type: boolean + description: | + The Authoritative Answer bit for response messages specifies that the responding + name server is an authority for the domain name in the question section. + + - name: TC + type: boolean + description: > + The Truncation bit specifies that the message was truncated. + + - name: RD + type: boolean + description: | + The Recursion Desired bit in a request message indicates that the client + wants recursive service for this query. + + - name: RA + type: boolean + description: | + The Recursion Available bit in a response message indicates that the name + server supports recursive queries. + + - name: answers + type: keyword + description: > + The set of resource descriptions in the query answer. + + - name: TTLs + type: double + description: > + The caching intervals of the associated RRs described by the answers field. + + - name: rejected + type: boolean + description: > + Indicates whether the DNS query was rejected by the server. + + - name: total_answers + type: integer + description: > + The total number of resource records in the reply. + + - name: total_replies + type: integer + description: > + The total number of resource records in the reply message. + + - name: saw_query + type: boolean + description: > + Whether the full DNS query has been seen. + + - name: saw_reply + type: boolean + description: > + Whether the full DNS reply has been seen. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/dpd/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/dpd/fields/fields.yml new file mode 100644 index 000000000..5e2ee0bf5 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/dpd/fields/fields.yml @@ -0,0 +1,35 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: dpd + type: group + default_field: false + description: > + Fields exported by the Zeek DPD log + fields: + - name: analyzer + type: keyword + description: > + The analyzer that generated the violation. + + - name: failure_reason + type: keyword + description: > + The textual reason for the analysis failure. + + - name: packet_segment + type: keyword + description: | + (present if policy/frameworks/dpd/packet-segment-logging.bro is loaded) + A chunk of the payload that most likely resulted in the protocol violation. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/files/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/files/fields/fields.yml new file mode 100644 index 000000000..7b4f9a71c --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/files/fields/fields.yml @@ -0,0 +1,152 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: files + type: group + description: > + Fields exported by the Zeek Files log. + fields: + - name: fuid + type: keyword + description: > + A file unique identifier. + + - name: tx_host + type: ip + description: > + The host that transferred the file. + + - name: rx_host + type: ip + description: > + The host that received the file. + + - name: session_ids + type: keyword + description: > + The sessions that have this file. + + - name: source + type: keyword + description: | + An identification of the source of the file data. E.g. it may be a network protocol + over which it was transferred, or a local file path which was read, or some other + input source. + + - name: depth + type: long + description: | + A value to represent the depth of this file in relation to its source. In SMTP, it + is the depth of the MIME attachment on the message. In HTTP, it is the depth of the + request within the TCP connection. + + - name: analyzers + type: keyword + description: > + A set of analysis types done during the file analysis. + + - name: mime_type + type: keyword + description: > + Mime type of the file. + + - name: filename + type: keyword + description: > + Name of the file if available. + + - name: local_orig + type: boolean + description: | + If the source of this file is a network connection, this field indicates if the data + originated from the local network or not. + + - name: is_orig + type: boolean + description: | + If the source of this file is a network connection, this field indicates if the file is + being sent by the originator of the connection or the responder. + + - name: duration + type: double + description: > + The duration the file was analyzed for. Not the duration of the session. + + - name: seen_bytes + type: long + description: > + Number of bytes provided to the file analysis engine for the file. + + - name: total_bytes + type: long + description: > + Total number of bytes that are supposed to comprise the full file. + + - name: missing_bytes + type: long + description: | + The number of bytes in the file stream that were completely missed during the process + of analysis. + + - name: overflow_bytes + type: long + description: | + The number of bytes in the file stream that were not delivered to stream file analyzers. + This could be overlapping bytes or bytes that couldn't be reassembled. + + - name: timedout + type: boolean + description: > + Whether the file analysis timed out at least once for the file. + + - name: parent_fuid + type: keyword + description: | + Identifier associated with a container file from which this one was extracted as part of + the file analysis. + + - name: md5 + type: keyword + description: > + An MD5 digest of the file contents. + + - name: sha1 + type: keyword + description: > + A SHA1 digest of the file contents. + + - name: sha256 + type: keyword + description: > + A SHA256 digest of the file contents. + + - name: extracted + type: keyword + description: > + Local filename of extracted file. + + - name: extracted_cutoff + type: boolean + description: > + Indicate whether the file being extracted was cut off hence not extracted completely. + + - name: extracted_size + type: long + description: > + The number of bytes extracted to disk. + + - name: entropy + type: double + description: > + The information density of the contents of the file. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/ftp/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/ftp/fields/fields.yml new file mode 100644 index 000000000..f98cd56ea --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/ftp/fields/fields.yml @@ -0,0 +1,142 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: ftp + type: group + default_field: false + description: > + Fields exported by the Zeek FTP log + fields: + - name: user + type: keyword + description: | + User name for the current FTP session. + + - name: password + type: keyword + description: | + Password for the current FTP session if captured. + + - name: command + type: keyword + description: | + Command given by the client. + + - name: arg + type: keyword + description: | + Argument for the command if one is given. + + - name: file + type: group + fields: + - name: size + type: long + description: | + Size of the file if the command indicates a file transfer. + + - name: mime_type + type: keyword + description: | + Sniffed mime type of file. + + - name: fuid + type: keyword + description: | + (present if base/protocols/ftp/files.bro is loaded) + File unique ID. + + - name: reply + type: group + fields: + - name: code + type: integer + description: | + Reply code from the server in response to the command. + + - name: msg + type: keyword + description: | + Reply message from the server in response to the command. + + - name: data_channel + type: group + description: | + Expected FTP data channel. + fields: + - name: passive + type: boolean + description: | + Whether PASV mode is toggled for control channel. + + - name: originating_host + type: ip + description: | + The host that will be initiating the data connection. + + - name: response_host + type: ip + description: | + The host that will be accepting the data connection. + + - name: response_port + type: integer + description: | + The port at which the acceptor is listening for the data connection. + + - name: cwd + type: keyword + description: | + Current working directory that this session is in. By making the default value '.', we can indicate that unless something more concrete is discovered that the existing but unknown directory is ok to use. + + - name: cmdarg + type: group + description: | + Command that is currently waiting for a response. + fields: + - name: cmd + type: keyword + description: | + Command. + + - name: arg + type: keyword + description: | + Argument for the command if one was given. + + - name: seq + type: integer + description: | + Counter to track how many commands have been executed. + + - name: pending_commands + type: integer + description: | + Queue for commands that have been sent but not yet responded to are tracked here. + + - name: passive + type: boolean + description: | + Indicates if the session is in active or passive mode. + + - name: capture_password + type: boolean + description: | + Determines if the password will be captured for this request. + + - name: last_auth_requested + type: keyword + description: | + present if base/protocols/ftp/gridftp.bro is loaded. + Last authentication/security mechanism that was used. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/http/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/http/fields/fields.yml new file mode 100644 index 000000000..0f740d12a --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/http/fields/fields.yml @@ -0,0 +1,116 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: http + type: group + description: > + Fields exported by the Zeek HTTP log + fields: + - name: trans_depth + type: integer + description: > + Represents the pipelined depth into the connection of this request/response transaction. + + - name: status_msg + type: keyword + description: > + Status message returned by the server. + + - name: info_code + type: integer + description: > + Last seen 1xx informational reply code returned by the server. + + - name: info_msg + type: keyword + description: > + Last seen 1xx informational reply message returned by the server. + + - name: tags + type: keyword + description: | + A set of indicators of various attributes discovered and related to a particular + request/response pair. + + - name: password + type: keyword + description: > + Password if basic-auth is performed for the request. + + - name: captured_password + type: boolean + description: > + Determines if the password will be captured for this request. + + - name: proxied + type: keyword + description: > + All of the headers that may indicate if the HTTP request was proxied. + + - name: range_request + type: boolean + description: > + Indicates if this request can assume 206 partial content in response. + + - name: client_header_names + type: keyword + description: | + The vector of HTTP header names sent by the client. No header values + are included here, just the header names. + + - name: server_header_names + type: keyword + description: | + The vector of HTTP header names sent by the server. No header values + are included here, just the header names. + + - name: orig_fuids + type: keyword + description: > + An ordered vector of file unique IDs from the originator. + + - name: orig_mime_types + type: keyword + description: > + An ordered vector of mime types from the originator. + + - name: orig_filenames + type: keyword + description: > + An ordered vector of filenames from the originator. + + - name: resp_fuids + type: keyword + description: > + An ordered vector of file unique IDs from the responder. + + - name: resp_mime_types + type: keyword + description: > + An ordered vector of mime types from the responder. + + - name: resp_filenames + type: keyword + description: > + An ordered vector of filenames from the responder. + + - name: orig_mime_depth + type: integer + description: > + Current number of MIME entities in the HTTP request message body. + + - name: resp_mime_depth + type: integer + description: > + Current number of MIME entities in the HTTP response message body. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/intel/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/intel/fields/fields.yml new file mode 100644 index 000000000..3a67cdd17 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/intel/fields/fields.yml @@ -0,0 +1,94 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: intel + type: group + default_field: false + description: > + Fields exported by the Zeek Intel log. + fields: + + - name: seen + type: group + fields: + - name: indicator + type: keyword + description: > + The intelligence indicator. + + - name: indicator_type + type: keyword + description: > + The type of data the indicator represents. + + - name: host + type: keyword + description: > + If the indicator type was Intel::ADDR, then this field will be present. + + - name: conn + type: keyword + description: > + If the data was discovered within a connection, the connection record should go here to give context to the data. + + - name: where + type: keyword + description: > + Where the data was discovered. + + - name: node + type: keyword + description: > + The name of the node where the match was discovered. + + - name: uid + type: keyword + description: > + If the data was discovered within a connection, the connection uid should go here to give context to the data. If the conn field is provided, this will be automatically filled out. + + - name: f + type: object + description: > + If the data was discovered within a file, the file record should go here to provide context to the data. + + - name: fuid + type: keyword + description: > + If the data was discovered within a file, the file uid should go here to provide context to the data. If the file record f is provided, this will be automatically filled out. + + + - name: matched + type: keyword + description: > + Event to represent a match in the intelligence data from data that was seen. + + - name: sources + type: keyword + description: > + Sources which supplied data for this match. + + - name: fuid + type: keyword + description: > + If a file was associated with this intelligence hit, this is the uid for the file. + + - name: file_mime_type + type: keyword + description: > + A mime type if the intelligence hit is related to a file. If the $f field is provided this will be automatically filled out. + + - name: file_desc + type: keyword + description: > + Frequently files can be described to give a bit more context. If the $f field is provided this field will be automatically filled out. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/irc/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/irc/fields/fields.yml new file mode 100644 index 000000000..c026e5763 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/irc/fields/fields.yml @@ -0,0 +1,74 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: irc + type: group + default_field: false + description: > + Fields exported by the Zeek IRC log + fields: + - name: nick + type: keyword + description: | + Nickname given for the connection. + + - name: user + type: keyword + description: | + Username given for the connection. + + - name: command + type: keyword + description: | + Command given by the client. + + - name: value + type: keyword + description: | + Value for the command given by the client. + + - name: addl + type: keyword + description: | + Any additional data for the command. + + - name: dcc + type: group + fields: + - name: file + type: group + fields: + - name: name + type: keyword + description: | + Present if base/protocols/irc/dcc-send.bro is loaded. + DCC filename requested. + + - name: size + type: long + description: | + Present if base/protocols/irc/dcc-send.bro is loaded. + Size of the DCC transfer as indicated by the sender. + + - name: mime_type + type: keyword + description: | + present if base/protocols/irc/dcc-send.bro is loaded. + Sniffed mime type of the file. + + - name: fuid + type: keyword + description: | + present if base/protocols/irc/files.bro is loaded. + File unique ID. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/kerberos/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/kerberos/fields/fields.yml new file mode 100644 index 000000000..e941f7a6a --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/kerberos/fields/fields.yml @@ -0,0 +1,137 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: kerberos + type: group + default_field: false + description: > + Fields exported by the Zeek Kerberos log + fields: + - name: request_type + type: keyword + description: > + Request type - Authentication Service (AS) or Ticket Granting Service (TGS). + + - name: client + type: keyword + description: > + Client name. + + - name: service + type: keyword + description: > + Service name. + + - name: success + type: boolean + description: > + Request result. + + - name: error + type: group + fields: + - name: code + type: integer + description: > + Error code. + + - name: msg + type: keyword + description: > + Error message. + + - name: valid + type: group + fields: + - name: from + type: date + description: > + Ticket valid from. + + - name: until + type: date + description: > + Ticket valid until. + + - name: days + type: integer + description: > + Number of days the ticket is valid for. + + - name: cipher + type: keyword + description: > + Ticket encryption type. + + - name: forwardable + type: boolean + description: > + Forwardable ticket requested. + + - name: renewable + type: boolean + description: > + Renewable ticket requested. + + - name: ticket + type: group + fields: + - name: auth + type: keyword + description: > + Hash of ticket used to authorize request/transaction. + + - name: new + type: keyword + description: > + Hash of ticket returned by the KDC. + + - name: cert + type: group + fields: + - name: client + type: group + fields: + - name: value + type: keyword + description: > + Client certificate. + + - name: fuid + type: keyword + description: > + File unique ID of client cert. + + - name: subject + type: keyword + description: > + Subject of client certificate. + + - name: server + type: group + fields: + - name: value + type: keyword + description: > + Server certificate. + + - name: fuid + type: keyword + description: > + File unique ID of server certificate. + + - name: subject + type: keyword + description: > + Subject of server certificate. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/modbus/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/modbus/fields/fields.yml new file mode 100644 index 000000000..29f2acc72 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/modbus/fields/fields.yml @@ -0,0 +1,35 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: modbus + type: group + default_field: false + description: > + Fields exported by the Zeek modbus log. + fields: + - name: function + type: keyword + description: | + The name of the function message that was sent. + + - name: exception + type: keyword + description: | + The exception if the response was a failure. + + - name: track_address + type: integer + description: | + Present if policy/protocols/modbus/track-memmap.bro is loaded. + Modbus track address. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/mysql/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/mysql/fields/fields.yml new file mode 100644 index 000000000..e0a050e78 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/mysql/fields/fields.yml @@ -0,0 +1,44 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: mysql + type: group + default_field: false + description: > + Fields exported by the Zeek MySQL log. + fields: + - name: cmd + type: keyword + description: | + The command that was issued. + + - name: arg + type: keyword + description: | + The argument issued to the command. + + - name: success + type: boolean + description: | + Whether the command succeeded. + + - name: rows + type: integer + description: | + The number of affected rows, if any. + + - name: response + type: keyword + description: | + Server message, if any. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/notice/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/notice/fields/fields.yml new file mode 100644 index 000000000..5caf02c05 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/notice/fields/fields.yml @@ -0,0 +1,147 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: notice + type: group + description: > + Fields exported by the Zeek Notice log. + fields: + - name: connection_id + type: keyword + description: > + Identifier of the related connection session. + + - name: icmp_id + type: keyword + description: > + Identifier of the related ICMP session. + + - name: file.id + type: keyword + description: > + An identifier associated with a single file that is related to this notice. + + - name: file.parent_id + type: keyword + description: > + Identifier associated with a container file from which this one was extracted. + + - name: file.source + type: keyword + description: | + An identification of the source of the file data. E.g. it may be a network protocol + over which it was transferred, or a local file path which was read, or some other + input source. + + - name: file.mime_type + type: keyword + description: > + A mime type if the notice is related to a file. + + - name: file.is_orig + type: boolean + description: | + If the source of this file is a network connection, this field indicates if the file is + being sent by the originator of the connection or the responder. + + - name: file.seen_bytes + type: long + description: > + Number of bytes provided to the file analysis engine for the file. + + - name: ffile.total_bytes + type: long + description: > + Total number of bytes that are supposed to comprise the full file. + + - name: file.missing_bytes + type: long + description: | + The number of bytes in the file stream that were completely missed during the process + of analysis. + + - name: file.overflow_bytes + type: long + description: | + The number of bytes in the file stream that were not delivered to stream file analyzers. + This could be overlapping bytes or bytes that couldn't be reassembled. + + - name: fuid + type: keyword + description: > + A file unique ID if this notice is related to a file. + + - name: note + type: keyword + description: > + The type of the notice. + + - name: msg + type: keyword + description: > + The human readable message for the notice. + + - name: sub + type: keyword + description: > + The human readable sub-message. + + - name: n + type: long + description: > + Associated count, or a status code. + + - name: peer_name + type: keyword + description: > + Name of remote peer that raised this notice. + + - name: peer_descr + type: text + description: > + Textual description for the peer that raised this notice. + + - name: actions + type: keyword + description: > + The actions which have been applied to this notice. + + - name: email_body_sections + type: text + description: | + By adding chunks of text into this element, other scripts can expand on notices + that are being emailed. + + - name: email_delay_tokens + type: keyword + description: | + Adding a string token to this set will cause the built-in emailing functionality + to delay sending the email either the token has been removed or the email + has been delayed for the specified time duration. + + - name: identifier + type: keyword + description: > + This field is provided when a notice is generated for the purpose of deduplicating notices. + + - name: suppress_for + type: double + description: > + This field indicates the length of time that this unique notice should be suppressed. + + - name: dropped + type: boolean + description: > + Indicate if the source IP address was dropped and denied network access. + diff --git a/dev/packages/beats/zeek-0.0.1/dataset/ntlm/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/ntlm/fields/fields.yml new file mode 100644 index 000000000..621540160 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/ntlm/fields/fields.yml @@ -0,0 +1,60 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: ntlm + type: group + default_field: false + description: > + Fields exported by the Zeek NTLM log. + fields: + - name: domain + type: keyword + description: > + Domain name given by the client. + + - name: hostname + type: keyword + description: > + Hostname given by the client. + + - name: success + type: boolean + description: > + Indicate whether or not the authentication was successful. + + - name: username + type: keyword + description: > + Username given by the client. + + - name: server + type: group + fields: + - name: name + type: group + fields: + - name: dns + type: keyword + description: > + DNS name given by the server in a CHALLENGE. + + - name: netbios + type: keyword + description: > + NetBIOS name given by the server in a CHALLENGE. + + - name: tree + type: keyword + description: > + Tree name given by the server in a CHALLENGE. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/ocsp/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/ocsp/fields/fields.yml new file mode 100644 index 000000000..c341a3dd0 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/ocsp/fields/fields.yml @@ -0,0 +1,82 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: ocsp + type: group + default_field: false + description: | + Fields exported by the Zeek OCSP log + Online Certificate Status Protocol (OCSP). Only created if policy script is loaded. + fields: + - name: file_id + type: keyword + description: | + File id of the OCSP reply. + - name: hash + type: group + fields: + - name: algorithm + type: keyword + description: | + Hash algorithm used to generate issuerNameHash and issuerKeyHash. + + - name: issuer + type: group + fields: + - name: name + type: keyword + description: | + Hash of the issuer's distingueshed name. + + - name: key + type: keyword + description: | + Hash of the issuer's public key. + + - name: serial_number + type: keyword + description: | + Serial number of the affected certificate. + + - name: status + type: keyword + description: | + Status of the affected certificate. + + - name: revoke + type: group + fields: + - name: time + type: date + description: | + Time at which the certificate was revoked. + + - name: reason + type: keyword + description: | + Reason for which the certificate was revoked. + + - name: update + type: group + fields: + - name: this + type: date + description: | + The time at which the status being shows is known to have been correct. + + - name: next + type: date + description: | + The latest time at which new information about the status of the certificate will be available. + diff --git a/dev/packages/beats/zeek-0.0.1/dataset/pe/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/pe/fields/fields.yml new file mode 100644 index 000000000..858c94668 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/pe/fields/fields.yml @@ -0,0 +1,105 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: pe + type: group + default_field: false + description: > + Fields exported by the Zeek pe log. + fields: + - name: client + type: keyword + description: > + The client's version string. + + - name: id + type: keyword + description: > + File id of this portable executable file. + + - name: machine + type: keyword + description: > + The target machine that the file was compiled for. + + - name: compile_time + type: date + description: > + The time that the file was created at. + + - name: os + type: keyword + description: > + The required operating system. + + - name: subsystem + type: keyword + description: > + The subsystem that is required to run this file. + + - name: is_exe + type: boolean + description: > + Is the file an executable, or just an object file? + + - name: is_64bit + type: boolean + description: > + Is the file a 64-bit executable? + + - name: uses_aslr + type: boolean + description: > + Does the file support Address Space Layout Randomization? + + - name: uses_dep + type: boolean + description: > + Does the file support Data Execution Prevention? + + - name: uses_code_integrity + type: boolean + description: > + Does the file enforce code integrity checks? + + - name: uses_seh + type: boolean + description: > + Does the file use structured exception handing? + + - name: has_import_table + type: boolean + description: > + Does the file have an import table? + + - name: has_export_table + type: boolean + description: > + Does the file have an export table? + + - name: has_cert_table + type: boolean + description: > + Does the file have an attribute certificate table? + + - name: has_debug_data + type: boolean + description: > + Does the file have a debug table? + + - name: section_names + type: keyword + description: > + The names of the sections, in order. + diff --git a/dev/packages/beats/zeek-0.0.1/dataset/radius/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/radius/fields/fields.yml new file mode 100644 index 000000000..53fea0cdd --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/radius/fields/fields.yml @@ -0,0 +1,64 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: radius + type: group + default_field: false + description: > + Fields exported by the Zeek Radius log. + fields: + - name: username + type: keyword + description: | + The username, if present. + + - name: mac + type: keyword + description: | + MAC address, if present. + + - name: framed_addr + type: ip + description: | + The address given to the network access server, if present. This is only a hint from the RADIUS server and the network access server is not required to honor the address. + + - name: remote_ip + type: ip + description: | + Remote IP address, if present. This is collected from the Tunnel-Client-Endpoint attribute. + + - name: connect_info + type: keyword + description: | + Connect info, if present. + + - name: reply_msg + type: keyword + description: | + Reply message from the server challenge. This is frequently shown to the user authenticating. + + - name: result + type: keyword + description: | + Successful or failed authentication. + + - name: ttl + type: integer + description: | + The duration between the first request and either the "Access-Accept" message or an error. If the field is empty, it means that either the request or response was not seen. + + - name: logged + type: boolean + description: | + Whether this has already been logged and can be ignored. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/rdp/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/rdp/fields/fields.yml new file mode 100644 index 000000000..f3daea90f --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/rdp/fields/fields.yml @@ -0,0 +1,117 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: rdp + type: group + default_field: false + description: > + Fields exported by the Zeek RDP log. + fields: + - name: cookie + type: keyword + description: | + Cookie value used by the client machine. This is typically a username. + + - name: result + type: keyword + description: | + Status result for the connection. It's a mix between RDP negotation failure messages and GCC server create response messages. + + - name: security_protocol + type: keyword + description: | + Security protocol chosen by the server. + + - name: keyboard_layout + type: keyword + description: | + Keyboard layout (language) of the client machine. + + - name: client + type: group + fields: + - name: build + type: keyword + description: | + RDP client version used by the client machine. + + - name: client_name + type: keyword + description: | + Name of the client machine. + + - name: product_id + type: keyword + description: | + Product ID of the client machine. + + - name: desktop + type: group + fields: + - name: width + type: integer + description: | + Desktop width of the client machine. + + - name: height + type: integer + description: | + Desktop height of the client machine. + + - name: color_depth + type: keyword + description: | + The color depth requested by the client in the high_color_depth field. + + - name: cert + type: group + fields: + - name: type + type: keyword + description: | + If the connection is being encrypted with native RDP encryption, this is the type of cert being used. + + - name: count + type: integer + description: | + The number of certs seen. X.509 can transfer an entire certificate chain. + + - name: permanent + type: boolean + description: | + Indicates if the provided certificate or certificate chain is permanent or temporary. + + - name: encryption + type: group + fields: + - name: level + type: keyword + description: | + Encryption level of the connection. + + - name: method + type: keyword + description: | + Encryption method of the connection. + + - name: done + type: boolean + description: | + Track status of logging RDP connections. + + - name: ssl + type: boolean + description: | + (present if policy/protocols/rdp/indicate_ssl.bro is loaded) + Flag the connection if it was seen over SSL. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/rfb/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/rfb/fields/fields.yml new file mode 100644 index 000000000..8619b7a96 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/rfb/fields/fields.yml @@ -0,0 +1,81 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: rfb + type: group + default_field: false + description: > + Fields exported by the Zeek RFB log. + fields: + - name: version + type: group + fields: + - name: client + type: group + fields: + - name: major + type: keyword + description: | + Major version of the client. + + - name: minor + type: keyword + description: | + Minor version of the client. + + - name: server + type: group + fields: + - name: major + type: keyword + description: | + Major version of the server. + + - name: minor + type: keyword + description: | + Minor version of the server. + + - name: auth + type: group + fields: + - name: success + type: boolean + description: | + Whether or not authentication was successful. + + - name: method + type: keyword + description: | + Identifier of authentication method used. + + - name: share_flag + type: boolean + description: | + Whether the client has an exclusive or a shared session. + + - name: desktop_name + type: keyword + description: | + Name of the screen that is being shared. + + - name: width + type: integer + description: | + Width of the screen that is being shared. + + - name: height + type: integer + description: | + Height of the screen that is being shared. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/sip/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/sip/fields/fields.yml new file mode 100644 index 000000000..7a6719c5d --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/sip/fields/fields.yml @@ -0,0 +1,136 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: sip + type: group + default_field: false + description: > + Fields exported by the Zeek SIP log. + fields: + - name: transaction_depth + type: integer + description: > + Represents the pipelined depth into the connection of this request/response transaction. + + - name: sequence + type: group + fields: + - name: method + type: keyword + description: > + Verb used in the SIP request (INVITE, REGISTER etc.). + + - name: number + type: keyword + description: > + Contents of the CSeq: header from the client. + + - name: uri + type: keyword + description: > + URI used in the request. + + - name: date + type: keyword + description: > + Contents of the Date: header from the client. + + - name: request + type: group + fields: + - name: from + type: keyword + description: > + Contents of the request From: header Note: The tag= value that's usually appended to the sender is stripped off and not logged. + + - name: to + type: keyword + description: > + Contents of the To: header. + + - name: path + type: keyword + description: > + The client message transmission path, as extracted from the headers. + + - name: body_length + type: long + description: > + Contents of the Content-Length: header from the client. + + - name: response + type: group + fields: + - name: from + type: keyword + description: > + Contents of the response From: header Note: The tag= value that's usually appended to the sender is stripped off and not logged. + + - name: to + type: keyword + description: > + Contents of the response To: header. + + - name: path + type: keyword + description: > + The server message transmission path, as extracted from the headers. + + - name: body_length + type: long + description: > + Contents of the Content-Length: header from the server. + + - name: reply_to + type: keyword + description: > + Contents of the Reply-To: header. + + - name: call_id + type: keyword + description: > + Contents of the Call-ID: header from the client. + + - name: subject + type: keyword + description: > + Contents of the Subject: header from the client. + + - name: user_agent + type: keyword + description: > + Contents of the User-Agent: header from the client. + + - name: status + type: group + fields: + - name: code + type: integer + description: > + Status code returned by the server. + + - name: msg + type: keyword + description: > + Status message returned by the server. + + - name: warning + type: keyword + description: > + Contents of the Warning: header. + + - name: content_type + type: keyword + description: > + Contents of the Content-Type: header from the server. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/smb_cmd/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/smb_cmd/fields/fields.yml new file mode 100644 index 000000000..0aceb5baa --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/smb_cmd/fields/fields.yml @@ -0,0 +1,109 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: smb_cmd + type: group + default_field: false + description: > + Fields exported by the Zeek smb_cmd log. + fields: + - name: command + type: keyword + description: | + The command sent by the client. + + - name: sub_command + type: keyword + description: | + The subcommand sent by the client, if present. + + - name: argument + type: keyword + description: | + Command argument sent by the client, if any. + + - name: status + type: keyword + description: | + Server reply to the client's command. + + - name: rtt + type: double + description: | + Round trip time from the request to the response. + + - name: version + type: keyword + description: | + Version of SMB for the command. + + - name: username + type: keyword + description: | + Authenticated username, if available. + + - name: tree + type: keyword + description: | + If this is related to a tree, this is the tree that was used for the current command. + + - name: tree_service + type: keyword + description: | + The type of tree (disk share, printer share, named pipe, etc.). + + - name: file + type: group + description: | + If the command referenced a file, store it here. + fields: + - name: name + type: keyword + description: | + Filename if one was seen. + + - name: action + type: keyword + description: | + Action this log record represents. + + - name: uid + type: keyword + description: | + UID of the referenced file. + + - name: host + type: group + fields: + - name: tx + type: ip + description: | + Address of the transmitting host. + + - name: rx + type: ip + description: | + Address of the receiving host. + + - name: smb1_offered_dialects + type: keyword + description: | + Present if base/protocols/smb/smb1-main.bro is loaded. + Dialects offered by the client. + + - name: smb2_offered_dialects + type: integer + description: | + Present if base/protocols/smb/smb2-main.bro is loaded. + Dialects offered by the client. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/smb_files/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/smb_files/fields/fields.yml new file mode 100644 index 000000000..bd5b20d29 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/smb_files/fields/fields.yml @@ -0,0 +1,79 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: smb_files + type: group + default_field: false + description: > + Fields exported by the Zeek SMB Files log. + fields: + - name: action + type: keyword + description: > + Action this log record represents. + + - name: fid + type: integer + description: > + ID referencing this file. + + - name: name + type: keyword + description: > + Filename if one was seen. + + - name: path + type: keyword + description: > + Path pulled from the tree this file was transferred to or from. + + - name: previous_name + type: keyword + description: > + If the rename action was seen, this will be the file's previous name. + + - name: size + type: long + description: > + Byte size of the file. + + - name: times + type: group + description: > + Timestamps of the file. + fields: + - name: accessed + type: date + description: > + The file's access time. + + - name: changed + type: date + description: > + The file's change time. + + - name: created + type: date + description: > + The file's create time. + + - name: modified + type: date + description: > + The file's modify time. + + - name: uuid + type: keyword + description: > + UUID referencing this file if DCE/RPC. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/smb_mapping/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/smb_mapping/fields/fields.yml new file mode 100644 index 000000000..bfda9c636 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/smb_mapping/fields/fields.yml @@ -0,0 +1,40 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: smb_mapping + type: group + default_field: false + description: > + Fields exported by the Zeek SMB_Mapping log. + fields: + - name: path + type: keyword + description: > + Name of the tree path. + + - name: service + type: keyword + description: > + The type of resource of the tree (disk share, printer share, named pipe, etc.). + + - name: native_file_system + type: keyword + description: > + File system of the tree. + + - name: share_type + type: keyword + description: | + If this is SMB2, a share type will be included. For SMB1, the type of share + will be deduced and included as well. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/smtp/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/smtp/fields/fields.yml new file mode 100644 index 000000000..48da5b63d --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/smtp/fields/fields.yml @@ -0,0 +1,135 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: smtp + type: group + default_field: false + description: > + Fields exported by the Zeek SMTP log. + fields: + - name: transaction_depth + type: integer + description: > + A count to represent the depth of this message transaction in a single connection where multiple messages were transferred. + + - name: helo + type: keyword + description: > + Contents of the Helo header. + + - name: mail_from + type: keyword + description: > + Email addresses found in the MAIL FROM header. + + - name: rcpt_to + type: keyword + description: > + Email addresses found in the RCPT TO header. + + - name: date + type: date + description: > + Contents of the Date header. + + - name: from + type: keyword + description: > + Contents of the From header. + + - name: to + type: keyword + description: > + Contents of the To header. + + - name: cc + type: keyword + description: > + Contents of the CC header. + + - name: reply_to + type: keyword + description: > + Contents of the ReplyTo header. + + - name: msg_id + type: keyword + description: > + Contents of the MsgID header. + + - name: in_reply_to + type: keyword + description: > + Contents of the In-Reply-To header. + + - name: subject + type: keyword + description: > + Contents of the Subject header. + + - name: x_originating_ip + type: keyword + description: > + Contents of the X-Originating-IP header. + + - name: first_received + type: keyword + description: | + Contents of the first Received header. + + - name: second_received + type: keyword + description: | + Contents of the second Received header. + + - name: last_reply + type: keyword + description: | + The last message that the server sent to the client. + + - name: path + type: ip + description: | + The message transmission path, as extracted from the headers. + + - name: user_agent + type: keyword + description: | + Value of the User-Agent header from the client. + + - name: tls + type: boolean + description: | + Indicates that the connection has switched to using TLS. + + - name: process_received_from + type: boolean + description: | + Indicates if the "Received: from" headers should still be processed. + + - name: has_client_activity + type: boolean + description: | + Indicates if client activity has been seen, but not yet logged. + + - name: fuids + type: keyword + description: | + (present if base/protocols/smtp/files.bro is loaded) + An ordered vector of file unique IDs seen attached to the message. + + - name: is_webmail + type: boolean + description: | + Indicates if the message was sent through a webmail interface. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/snmp/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/snmp/fields/fields.yml new file mode 100644 index 000000000..918aea61b --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/snmp/fields/fields.yml @@ -0,0 +1,70 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: snmp + type: group + default_field: false + description: > + Fields exported by the Zeek SNMP log. + fields: + - name: duration + type: double + description: > + The amount of time between the first packet beloning to the SNMP session and the latest one seen. + + - name: version + type: keyword + description: > + The version of SNMP being used. + + - name: community + type: keyword + description: > + The community string of the first SNMP packet associated with the session. This is used as part of SNMP's (v1 and v2c) administrative/security framework. See RFC 1157 or RFC 1901. + + - name: get + type: group + fields: + - name: requests + type: integer + description: > + The number of variable bindings in GetRequest/GetNextRequest PDUs seen for the session. + + - name: bulk_requests + type: integer + description: > + The number of variable bindings in GetBulkRequest PDUs seen for the session. + + - name: responses + type: integer + description: > + The number of variable bindings in GetResponse/Response PDUs seen for the session. + + - name: set + type: group + fields: + - name: requests + type: integer + description: > + The number of variable bindings in SetRequest PDUs seen for the session. + + - name: display_string + type: keyword + description: > + A system description of the SNMP responder endpoint. + + - name: up_since + type: date + description: > + The time at which the SNMP responder endpoint claims it's been up since. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/socks/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/socks/fields/fields.yml new file mode 100644 index 000000000..9c3ed5883 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/socks/fields/fields.yml @@ -0,0 +1,70 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: socks + type: group + default_field: false + description: > + Fields exported by the Zeek SOCKS log. + fields: + - name: version + type: integer + description: | + Protocol version of SOCKS. + + - name: user + type: keyword + description: | + Username used to request a login to the proxy. + + - name: password + type: keyword + description: | + Password used to request a login to the proxy. + + - name: status + type: keyword + description: | + Server status for the attempt at using the proxy. + + - name: request + type: group + fields: + - name: host + type: keyword + description: | + Client requested SOCKS address. Could be an address, a name or both. + + - name: port + type: integer + description: | + Client requested port. + + - name: bound + type: group + fields: + - name: host + type: keyword + description: | + Server bound address. Could be an address, a name or both. + + - name: port + type: integer + description: | + Server bound port. + + - name: capture_password + type: boolean + description: | + Determines if the password will be captured for this request. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/ssh/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/ssh/fields/fields.yml new file mode 100644 index 000000000..14577c000 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/ssh/fields/fields.yml @@ -0,0 +1,92 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: ssh + type: group + default_field: false + description: > + Fields exported by the Zeek SSH log. + fields: + - name: client + type: keyword + description: > + The client's version string. + + - name: direction + type: keyword + description: | + Direction of the connection. If the client was a local host logging into + an external host, this would be OUTBOUND. INBOUND would be set for the + opposite situation. + + - name: host_key + type: keyword + description: > + The server's key thumbprint. + + - name: server + type: keyword + description: > + The server's version string. + + - name: version + type: integer + description: > + SSH major version (1 or 2). + + - name: algorithm + type: group + description: > + Cipher algorithms used in this session. + fields: + - name: cipher + type: keyword + description: > + The encryption algorithm in use. + + - name: compression + type: keyword + description: > + The compression algorithm in use. + + - name: host_key + type: keyword + description: > + The server host key's algorithm. + + - name: key_exchange + type: keyword + description: > + The key exchange algorithm in use. + + - name: mac + type: keyword + description: > + The signing (MAC) algorithm in use. + + - name: auth + type: group + fields: + - name: attempts + type: integer + description: | + The number of authentication attemps we observed. There's always at + least one, since some servers might support no authentication at all. + It's important to note that not all of these are failures, since some + servers require two-factor auth (e.g. password AND pubkey). + + - name: success + type: boolean + description: > + Authentication result. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/ssl/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/ssl/fields/fields.yml new file mode 100644 index 000000000..91808b367 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/ssl/fields/fields.yml @@ -0,0 +1,240 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: ssl + type: group + default_field: false + description: > + Fields exported by the Zeek SSL log. + fields: + - name: version + type: keyword + description: > + SSL/TLS version that was logged. + + - name: cipher + type: keyword + description: > + SSL/TLS cipher suite that was logged. + + - name: curve + type: keyword + description: > + Elliptic curve that was logged when using ECDH/ECDHE. + + - name: resumed + type: boolean + description: | + Flag to indicate if the session was resumed reusing the key material exchanged in an + earlier connection. + + - name: next_protocol + type: keyword + description: > + Next protocol the server chose using the application layer next protocol extension. + + - name: established + type: boolean + description: > + Flag to indicate if this ssl session has been established successfully. + + - name: validation + type: group + fields: + - name: status + type: keyword + description: > + Result of certificate validation for this connection. + + - name: code + type: keyword + description: > + Result of certificate validation for this connection, given as OpenSSL validation code. + + - name: last_alert + type: keyword + description: > + Last alert that was seen during the connection. + + - name: server + type: group + fields: + - name: name + type: keyword + description: | + Value of the Server Name Indicator SSL/TLS extension. It indicates the server name + that the client was requesting. + + - name: cert_chain + type: keyword + description: > + Chain of certificates offered by the server to validate its complete signing chain. + + - name: cert_chain_fuids + type: keyword + description: > + An ordered vector of certificate file identifiers for the certificates offered by the server. + + - name: issuer + type: group + description: > + Subject of the signer of the X.509 certificate offered by the server. + fields: + - name: common_name + type: keyword + description: > + Common name of the signer of the X.509 certificate offered by the server. + + - name: country + type: keyword + description: > + Country code of the signer of the X.509 certificate offered by the server. + + - name: locality + type: keyword + description: > + Locality of the signer of the X.509 certificate offered by the server. + + - name: organization + type: keyword + description: > + Organization of the signer of the X.509 certificate offered by the server. + + - name: organizational_unit + type: keyword + description: > + Organizational unit of the signer of the X.509 certificate offered by the server. + + - name: state + type: keyword + description: > + State or province name of the signer of the X.509 certificate offered by the server. + + - name: subject + type: group + description: > + Subject of the X.509 certificate offered by the server. + fields: + - name: common_name + type: keyword + description: > + Common name of the X.509 certificate offered by the server. + + - name: country + type: keyword + description: > + Country code of the X.509 certificate offered by the server. + + - name: locality + type: keyword + description: > + Locality of the X.509 certificate offered by the server. + + - name: organization + type: keyword + description: > + Organization of the X.509 certificate offered by the server. + + - name: organizational_unit + type: keyword + description: > + Organizational unit of the X.509 certificate offered by the server. + + - name: state + type: keyword + description: > + State or province name of the X.509 certificate offered by the server. + + - name: client + type: group + fields: + - name: cert_chain + type: keyword + description: > + Chain of certificates offered by the client to validate its complete signing chain. + + - name: cert_chain_fuids + type: keyword + description: > + An ordered vector of certificate file identifiers for the certificates offered by the client. + + - name: issuer + type: group + description: > + Subject of the signer of the X.509 certificate offered by the client. + fields: + - name: common_name + type: keyword + description: > + Common name of the signer of the X.509 certificate offered by the client. + + - name: country + type: keyword + description: > + Country code of the signer of the X.509 certificate offered by the client. + + - name: locality + type: keyword + description: > + Locality of the signer of the X.509 certificate offered by the client. + + - name: organization + type: keyword + description: > + Organization of the signer of the X.509 certificate offered by the client. + + - name: organizational_unit + type: keyword + description: > + Organizational unit of the signer of the X.509 certificate offered by the client. + + - name: state + type: keyword + description: > + State or province name of the signer of the X.509 certificate offered by the client. + + - name: subject + type: group + description: > + Subject of the X.509 certificate offered by the client. + fields: + - name: common_name + type: keyword + description: > + Common name of the X.509 certificate offered by the client. + + - name: country + type: keyword + description: > + Country code of the X.509 certificate offered by the client. + + - name: locality + type: keyword + description: > + Locality of the X.509 certificate offered by the client. + + - name: organization + type: keyword + description: > + Organization of the X.509 certificate offered by the client. + + - name: organizational_unit + type: keyword + description: > + Organizational unit of the X.509 certificate offered by the client. + + - name: state + type: keyword + description: > + State or province name of the X.509 certificate offered by the client. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/stats/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/stats/fields/fields.yml new file mode 100644 index 000000000..331c61cd8 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/stats/fields/fields.yml @@ -0,0 +1,177 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: stats + type: group + default_field: false + description: > + Fields exported by the Zeek stats log. + fields: + - name: peer + type: keyword + description: | + Peer that generated this log. Mostly for clusters. + + - name: memory + type: integer + description: | + Amount of memory currently in use in MB. + + - name: packets + type: group + fields: + - name: processed + type: long + description: | + Number of packets processed since the last stats interval. + + - name: dropped + type: long + description: | + Number of packets dropped since the last stats interval if reading live traffic. + + - name: received + type: long + description: | + Number of packets seen on the link since the last stats interval if reading live traffic. + + - name: bytes + type: group + fields: + - name: received + type: long + description: | + Number of bytes received since the last stats interval if reading live traffic. + + - name: connections + type: group + fields: + - name: tcp + type: group + fields: + - name: active + type: integer + description: | + TCP connections currently in memory. + + - name: count + type: integer + description: | + TCP connections seen since last stats interval. + + - name: udp + type: group + fields: + - name: active + type: integer + description: | + UDP connections currently in memory. + + - name: count + type: integer + description: | + UDP connections seen since last stats interval. + + - name: icmp + type: group + fields: + - name: active + type: integer + description: | + ICMP connections currently in memory. + + - name: count + type: integer + description: | + ICMP connections seen since last stats interval. + + - name: events + type: group + fields: + - name: processed + type: integer + description: | + Number of events processed since the last stats interval. + + - name: queued + type: integer + description: | + Number of events that have been queued since the last stats interval. + + - name: timers + type: group + fields: + - name: count + type: integer + description: | + Number of timers scheduled since last stats interval. + + - name: active + type: integer + description: | + Current number of scheduled timers. + + - name: files + type: group + fields: + - name: count + type: integer + description: | + Number of files seen since last stats interval. + + - name: active + type: integer + description: | + Current number of files actively being seen. + + - name: dns_requests + type: group + fields: + - name: count + type: integer + description: | + Number of DNS requests seen since last stats interval. + + - name: active + type: integer + description: | + Current number of DNS requests awaiting a reply. + + - name: reassembly_size + type: group + fields: + - name: tcp + type: integer + description: | + Current size of TCP data in reassembly. + + - name: file + type: integer + description: | + Current size of File data in reassembly. + + - name: frag + type: integer + description: | + Current size of packet fragment data in reassembly. + + - name: unknown + type: integer + description: | + Current size of unknown data in reassembly (this is only PIA buffer right now). + + - name: timestamp_lag + type: integer + description: | + Lag between the wall clock and packet timestamps if reading live traffic. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/syslog/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/syslog/fields/fields.yml new file mode 100644 index 000000000..ea939874f --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/syslog/fields/fields.yml @@ -0,0 +1,34 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: syslog + type: group + default_field: false + description: > + Fields exported by the Zeek syslog log. + fields: + - name: facility + type: keyword + description: > + Syslog facility for the message. + + - name: severity + type: keyword + description: > + Syslog severity for the message. + + - name: message + type: keyword + description: > + The plain text message. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/tunnel/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/tunnel/fields/fields.yml new file mode 100644 index 000000000..b3eb76153 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/tunnel/fields/fields.yml @@ -0,0 +1,29 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: tunnel + type: group + default_field: false + description: > + Fields exported by the Zeek SSH log. + fields: + - name: type + type: keyword + description: > + The type of tunnel. + + - name: action + type: keyword + description: > + The type of activity that occurred. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/weird/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/weird/fields/fields.yml new file mode 100644 index 000000000..99f5127b1 --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/weird/fields/fields.yml @@ -0,0 +1,44 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: weird + type: group + default_field: false + description: > + Fields exported by the Zeek Weird log. + fields: + - name: name + type: keyword + description: | + The name of the weird that occurred. + + - name: additional_info + type: keyword + description: | + Additional information accompanying the weird if any. + + - name: notice + type: boolean + description: | + Indicate if this weird was also turned into a notice. + + - name: peer + type: keyword + description: | + The peer that originated this weird. This is helpful in cluster deployments if a particular cluster node is having trouble to help identify which node is having trouble. + + - name: identifier + type: keyword + description: | + This field is to be provided when a weird is generated for the purpose of deduplicating weirds. The identifier string should be unique for a single instance of the weird. This field is used to define when a weird is conceptually a duplicate of a previous weird. diff --git a/dev/packages/beats/zeek-0.0.1/dataset/x509/fields/fields.yml b/dev/packages/beats/zeek-0.0.1/dataset/x509/fields/fields.yml new file mode 100644 index 000000000..9e6142d6a --- /dev/null +++ b/dev/packages/beats/zeek-0.0.1/dataset/x509/fields/fields.yml @@ -0,0 +1,213 @@ +- key: zeek + title: Zeek + description: > + Module for handling logs produced by Zeek/Bro + fields: + - name: zeek + type: group + description: > + Fields from Zeek/Bro logs after normalization + fields: + - name: session_id + type: keyword + description: > + A unique identifier of the session + - name: x509 + type: group + default_field: false + description: > + Fields exported by the Zeek x509 log. + fields: + - name: id + type: keyword + description: > + File id of this certificate. + + - name: certificate + type: group + description: > + Basic information about the certificate. + fields: + - name: version + type: integer + description: > + Version number. + + - name: serial + type: keyword + description: > + Serial number. + + - name: subject + type: group + description: > + Subject. + fields: + - name: country + type: keyword + description: > + Country provided in the certificate subject. + + - name: common_name + type: keyword + description: > + Common name provided in the certificate subject. + + - name: locality + type: keyword + description: > + Locality provided in the certificate subject. + + - name: organization + type: keyword + description: > + Organization provided in the certificate subject. + + - name: organizational_unit + type: keyword + description: > + Organizational unit provided in the certificate subject. + + - name: state + type: keyword + description: > + State or province provided in the certificate subject. + + - name: issuer + type: group + description: > + Issuer. + fields: + - name: country + type: keyword + description: > + Country provided in the certificate issuer field. + + - name: common_name + type: keyword + description: > + Common name provided in the certificate issuer field. + + - name: locality + type: keyword + description: > + Locality provided in the certificate issuer field. + + - name: organization + type: keyword + description: > + Organization provided in the certificate issuer field. + + - name: organizational_unit + type: keyword + description: > + Organizational unit provided in the certificate issuer field. + + - name: state + type: keyword + description: > + State or province provided in the certificate issuer field. + + - name: common_name + type: keyword + description: > + Last (most specific) common name. + + - name: valid + type: group + description: > + Certificate validity timestamps + fields: + - name: from + type: date + description: > + Timestamp before when certificate is not valid. + + - name: until + type: date + description: > + Timestamp after when certificate is not valid. + + - name: key + type: group + fields: + - name: algorithm + type: keyword + description: > + Name of the key algorithm. + + - name: type + type: keyword + description: > + Key type, if key parseable by openssl (either rsa, dsa or ec). + + - name: length + type: integer + description: > + Key length in bits. + + - name: signature_algorithm + type: keyword + description: > + Name of the signature algorithm. + + - name: exponent + type: keyword + description: > + Exponent, if RSA-certificate. + + - name: curve + type: keyword + description: > + Curve, if EC-certificate. + + - name: san + type: group + description: > + Subject alternative name extension of the certificate. + fields: + - name: dns + type: keyword + description: > + List of DNS entries in SAN. + + - name: uri + type: keyword + description: > + List of URI entries in SAN. + + - name: email + type: keyword + description: > + List of email entries in SAN. + + - name: ip + type: ip + description: > + List of IP entries in SAN. + + - name: other_fields + type: boolean + description: > + True if the certificate contained other, not recognized or parsed name fields. + + - name: basic_constraints + type: group + description: > + Basic constraints extension of the certificate. + fields: + - name: certificate_authority + type: boolean + description: > + CA flag set or not. + + - name: path_length + type: integer + description: > + Maximum path length. + + - name: log_cert + type: boolean + description: | + Present if policy/protocols/ssl/log-hostcerts-only.bro is loaded + Logging of certificate is suppressed if set to F. diff --git a/dev/packages/beats/zookeeper-0.0.1/dataset/connection/fields/fields.yml b/dev/packages/beats/zookeeper-0.0.1/dataset/connection/fields/fields.yml new file mode 100644 index 000000000..47109275f --- /dev/null +++ b/dev/packages/beats/zookeeper-0.0.1/dataset/connection/fields/fields.yml @@ -0,0 +1,35 @@ +- key: zookeeper + title: "ZooKeeper" + description: > + ZooKeeper metrics collected by the four-letter monitoring commands. + short_config: false + release: ga + fields: + - name: zookeeper + type: group + description: > + `zookeeper` contains the metrics reported by ZooKeeper + commands. + fields: + - name: connection + type: group + release: beta + description: > + connections + fields: + - name: interest_ops + type: long + description: > + Interest ops + - name: queued + type: long + description: > + Queued connections + - name: received + type: long + description: > + Received connections + - name: sent + type: long + description: > + Connections sent diff --git a/dev/packages/beats/zookeeper-0.0.1/dataset/mntr/fields/fields.yml b/dev/packages/beats/zookeeper-0.0.1/dataset/mntr/fields/fields.yml new file mode 100644 index 000000000..403fdfc72 --- /dev/null +++ b/dev/packages/beats/zookeeper-0.0.1/dataset/mntr/fields/fields.yml @@ -0,0 +1,97 @@ +- key: zookeeper + title: "ZooKeeper" + description: > + ZooKeeper metrics collected by the four-letter monitoring commands. + short_config: false + release: ga + fields: + - name: zookeeper + type: group + description: > + `zookeeper` contains the metrics reported by ZooKeeper + commands. + fields: + - name: mntr + type: group + description: > + `mntr` contains the metrics reported by the four-letter `mntr` + command. + release: ga + fields: + - name: hostname + type: keyword + description: > + ZooKeeper hostname. + - name: approximate_data_size + type: long + description: > + Approximate size of ZooKeeper data. + - name: latency.avg + type: long + description: > + Average latency between ensemble hosts in milliseconds. + - name: ephemerals_count + type: long + description: > + Number of ephemeral znodes. + - name: followers + type: long + description: > + Number of followers seen by the current host. + - name: max_file_descriptor_count + type: long + description: > + Maximum number of file descriptors allowed for the ZooKeeper process. + - name: latency.max + type: long + description: > + Maximum latency in milliseconds. + - name: latency.min + type: long + description: > + Minimum latency in milliseconds. + - name: num_alive_connections + type: long + description: > + Number of connections to ZooKeeper that are currently alive. + - name: open_file_descriptor_count + type: long + description: > + Number of file descriptors open by the ZooKeeper process. + - name: outstanding_requests + type: long + description: > + Number of outstanding requests that need to be processed by the cluster. + - name: packets.received + type: long + description: > + Number of ZooKeeper network packets received. + - name: packets.sent + type: long + description: > + Number of ZooKeeper network packets sent. + - name: pending_syncs + type: long + description: > + Number of pending syncs to carry out to ZooKeeper ensemble followers. + - name: server_state + type: keyword + description: > + Role in the ZooKeeper ensemble. + - name: synced_followers + type: long + description: > + Number of synced followers reported when a node server_state is leader. + - name: version + type: alias + path: service.version + description: > + ZooKeeper version and build string reported. + - name: watch_count + type: long + description: > + Number of watches currently set on the local ZooKeeper process. + - name: znode_count + type: long + description: > + Number of znodes reported by the local ZooKeeper process. diff --git a/dev/packages/beats/zookeeper-0.0.1/dataset/server/fields/fields.yml b/dev/packages/beats/zookeeper-0.0.1/dataset/server/fields/fields.yml new file mode 100644 index 000000000..b8803ac1b --- /dev/null +++ b/dev/packages/beats/zookeeper-0.0.1/dataset/server/fields/fields.yml @@ -0,0 +1,60 @@ +- key: zookeeper + title: "ZooKeeper" + description: > + ZooKeeper metrics collected by the four-letter monitoring commands. + short_config: false + release: ga + fields: + - name: zookeeper + type: group + description: > + `zookeeper` contains the metrics reported by ZooKeeper + commands. + fields: + - name: server + type: group + description: 'server contains the metrics reported by the four-letter `srvr` command.' + release: ga + fields: + - name: connections + type: long + description: Number of clients currently connected to the server + - name: latency + type: group + fields: + - name: avg + type: long + description: Average amount of time taken for the server to respond to a client request + - name: max + type: long + description: Maximum amount of time taken for the server to respond to a client request + - name: min + type: long + description: Minimum amount of time taken for the server to respond to a client request + - name: mode + type: keyword + description: Mode of the server. In an ensemble, this may either be leader or follower. Otherwise, it is standalone + - name: node_count + type: long + description: Total number of nodes + - name: outstanding + type: long + description: Number of requests queued at the server. This exceeds zero when the server receives more requests than it is able to process + - name: received + type: long + description: Number of requests received by the server + - name: sent + type: long + description: Number of requests sent by the server + - name: version_date + type: date + description: Date of the Zookeeper release currently in use + - name: zxid + type: keyword + description: Unique value of the Zookeeper transaction ID. The zxid consists of an epoch and a counter. It is established by the leader and is used to determine the temporal ordering of changes + - name: count + type: long + description: Total transactions of the leader in epoch + - name: epoch + type: long + description: Epoch value of the Zookeeper transaction ID. An epoch signifies the period in which a server is a leader From 83a228ec6008194c4984705167f304455d5fac82 Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 5 Mar 2020 18:27:39 +0100 Subject: [PATCH 5/6] Fix: join datasets instead of replace --- dev/import-beats/packages.go | 8 +- .../dataset/audit/fields/fields.yml | 27 ++ .../dataset/log/fields/fields.yml | 29 +++ .../dataset/access/fields/fields.yml | 153 ++++++++++++ .../dataset/error/fields/fields.yml | 148 +++++++++++ .../dataset/cloudtrail/fields/fields.yml | 146 +++++++++++ .../dataset/s3access/fields/fields.yml | 109 ++++++++ .../dataset/vpcflow/fields/fields.yml | 65 +++++ .../dataset/activitylogs/fields/fields.yml | 161 ++++++++++++ .../dataset/auditlogs/fields/fields.yml | 213 ++++++++++++++++ .../dataset/signinlogs/fields/fields.yml | 208 ++++++++++++++++ .../dataset/audit/fields/fields.yml | 106 ++++++++ .../dataset/deprecation/fields/fields.yml | 45 ++++ .../dataset/gc/fields/fields.yml | 151 ++++++++++++ .../dataset/server/fields/fields.yml | 77 ++++++ .../dataset/slowlog/fields/fields.yml | 97 ++++++++ .../dataset/audit/fields/fields.yml | 232 ++++++++++++++++++ .../dataset/firewall/fields/fields.yml | 147 +++++++++++ .../dataset/vpcflow/fields/fields.yml | 115 +++++++++ .../dataset/log/fields/fields.yml | 211 ++++++++++++++++ .../dataset/errorlog/fields/fields.yml | 44 ++++ .../dataset/access/fields/fields.yml | 139 +++++++++++ .../iis-0.0.1/dataset/error/fields/fields.yml | 84 +++++++ .../kafka-0.0.1/dataset/log/fields/fields.yml | 44 ++++ .../dataset/log/fields/fields.yml | 54 ++++ .../dataset/log/fields/fields.yml | 44 ++++ .../dataset/slowlog/fields/fields.yml | 63 +++++ .../dataset/log/fields/fields.yml | 34 +++ .../mssql-0.0.1/dataset/log/fields/fields.yml | 15 ++ .../dataset/error/fields/fields.yml | 32 +++ .../dataset/slowlog/fields/fields.yml | 225 +++++++++++++++++ .../nats-0.0.1/dataset/log/fields/fields.yml | 64 +++++ .../dataset/access/fields/fields.yml | 107 ++++++++ .../dataset/error/fields/fields.yml | 37 +++ .../ingress_controller/fields/fields.yml | 153 ++++++++++++ .../dataset/log/fields/fields.yml | 66 +++++ .../dataset/log/fields/fields.yml | 18 ++ .../redis-0.0.1/dataset/log/fields/fields.yml | 32 +++ .../dataset/slowlog/fields/fields.yml | 34 +++ .../dataset/auth/fields/fields.yml | 158 ++++++++++++ .../dataset/syslog/fields/fields.yml | 36 +++ .../dataset/access/fields/fields.yml | 110 +++++++++ 42 files changed, 4040 insertions(+), 1 deletion(-) create mode 100644 dev/packages/beats/activemq-0.0.1/dataset/audit/fields/fields.yml create mode 100644 dev/packages/beats/activemq-0.0.1/dataset/log/fields/fields.yml create mode 100644 dev/packages/beats/apache-0.0.1/dataset/access/fields/fields.yml create mode 100644 dev/packages/beats/apache-0.0.1/dataset/error/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/cloudtrail/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/s3access/fields/fields.yml create mode 100644 dev/packages/beats/aws-0.0.1/dataset/vpcflow/fields/fields.yml create mode 100644 dev/packages/beats/azure-0.0.1/dataset/activitylogs/fields/fields.yml create mode 100644 dev/packages/beats/azure-0.0.1/dataset/auditlogs/fields/fields.yml create mode 100644 dev/packages/beats/azure-0.0.1/dataset/signinlogs/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/audit/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/deprecation/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/gc/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/server/fields/fields.yml create mode 100644 dev/packages/beats/elasticsearch-0.0.1/dataset/slowlog/fields/fields.yml create mode 100644 dev/packages/beats/googlecloud-0.0.1/dataset/audit/fields/fields.yml create mode 100644 dev/packages/beats/googlecloud-0.0.1/dataset/firewall/fields/fields.yml create mode 100644 dev/packages/beats/googlecloud-0.0.1/dataset/vpcflow/fields/fields.yml create mode 100644 dev/packages/beats/haproxy-0.0.1/dataset/log/fields/fields.yml create mode 100644 dev/packages/beats/ibmmq-0.0.1/dataset/errorlog/fields/fields.yml create mode 100644 dev/packages/beats/iis-0.0.1/dataset/access/fields/fields.yml create mode 100644 dev/packages/beats/iis-0.0.1/dataset/error/fields/fields.yml create mode 100644 dev/packages/beats/kafka-0.0.1/dataset/log/fields/fields.yml create mode 100644 dev/packages/beats/kibana-0.0.1/dataset/log/fields/fields.yml create mode 100644 dev/packages/beats/logstash-0.0.1/dataset/log/fields/fields.yml create mode 100644 dev/packages/beats/logstash-0.0.1/dataset/slowlog/fields/fields.yml create mode 100644 dev/packages/beats/mongodb-0.0.1/dataset/log/fields/fields.yml create mode 100644 dev/packages/beats/mssql-0.0.1/dataset/log/fields/fields.yml create mode 100644 dev/packages/beats/mysql-0.0.1/dataset/error/fields/fields.yml create mode 100644 dev/packages/beats/mysql-0.0.1/dataset/slowlog/fields/fields.yml create mode 100644 dev/packages/beats/nats-0.0.1/dataset/log/fields/fields.yml create mode 100644 dev/packages/beats/nginx-0.0.1/dataset/access/fields/fields.yml create mode 100644 dev/packages/beats/nginx-0.0.1/dataset/error/fields/fields.yml create mode 100644 dev/packages/beats/nginx-0.0.1/dataset/ingress_controller/fields/fields.yml create mode 100644 dev/packages/beats/postgresql-0.0.1/dataset/log/fields/fields.yml create mode 100644 dev/packages/beats/rabbitmq-0.0.1/dataset/log/fields/fields.yml create mode 100644 dev/packages/beats/redis-0.0.1/dataset/log/fields/fields.yml create mode 100644 dev/packages/beats/redis-0.0.1/dataset/slowlog/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/auth/fields/fields.yml create mode 100644 dev/packages/beats/system-0.0.1/dataset/syslog/fields/fields.yml create mode 100644 dev/packages/beats/traefik-0.0.1/dataset/access/fields/fields.yml diff --git a/dev/import-beats/packages.go b/dev/import-beats/packages.go index 275e4d16c..0b162cbd6 100644 --- a/dev/import-beats/packages.go +++ b/dev/import-beats/packages.go @@ -41,6 +41,12 @@ func newPackageContent(name string) packageContent { } } +func (pc *packageContent) addDatasets(ds map[string]datasetContent) { + for k, v := range ds { + pc.datasets[k] = v + } +} + type packageRepository struct { packages map[string]packageContent } @@ -88,7 +94,7 @@ func (r *packageRepository) createPackagesFromSource(beatsDir, beatName, package return err } - aPackage.datasets = datasets + aPackage.addDatasets(datasets) r.packages[moduleDir.Name()] = aPackage } return nil diff --git a/dev/packages/beats/activemq-0.0.1/dataset/audit/fields/fields.yml b/dev/packages/beats/activemq-0.0.1/dataset/audit/fields/fields.yml new file mode 100644 index 000000000..e9bde2f25 --- /dev/null +++ b/dev/packages/beats/activemq-0.0.1/dataset/audit/fields/fields.yml @@ -0,0 +1,27 @@ +- key: activemq + title: "activemq" + release: beta + description: > + Module for parsing ActiveMQ log files. + fields: + - name: activemq + type: group + description: > + fields: + - name: caller + type: keyword + description: > + Name of the caller issuing the logging request (class or resource). + - name: thread + type: keyword + description: > + Thread that generated the logging event. + - name: user + type: keyword + description: > + User that generated the logging event. + - name: audit + type: group + description: > + Fields from ActiveMQ audit logs. + fields: diff --git a/dev/packages/beats/activemq-0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/activemq-0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 000000000..21979c62e --- /dev/null +++ b/dev/packages/beats/activemq-0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,29 @@ +- key: activemq + title: "activemq" + release: beta + description: > + Module for parsing ActiveMQ log files. + fields: + - name: activemq + type: group + description: > + fields: + - name: caller + type: keyword + description: > + Name of the caller issuing the logging request (class or resource). + - name: thread + type: keyword + description: > + Thread that generated the logging event. + - name: user + type: keyword + description: > + User that generated the logging event. + - name: log + type: group + description: > + Fields from ActiveMQ application logs. + fields: + - name: stack_trace + type: keyword diff --git a/dev/packages/beats/apache-0.0.1/dataset/access/fields/fields.yml b/dev/packages/beats/apache-0.0.1/dataset/access/fields/fields.yml new file mode 100644 index 000000000..bd7599d46 --- /dev/null +++ b/dev/packages/beats/apache-0.0.1/dataset/access/fields/fields.yml @@ -0,0 +1,153 @@ +- key: apache + title: "Apache" + description: > + Apache Module + short_config: true + fields: + - name: apache2 + type: group + description: > + Aliases for backward compatibility with old apache2 fields + fields: + - name: access + type: group + fields: + - name: remote_ip + type: alias + path: source.address + migration: true + - name: ssl.protocol + type: alias + path: apache.access.ssl.protocol + migration: true + - name: ssl.cipher + type: alias + path: apache.access.ssl.cipher + migration: true + - name: body_sent.bytes + type: alias + path: http.response.body.bytes + migration: true + - name: user_name + type: alias + path: user.name + migration: true + - name: method + type: alias + path: http.request.method + migration: true + - name: url + type: alias + path: url.original + migration: true + - name: http_version + type: alias + path: http.version + migration: true + - name: response_code + type: alias + path: http.response.status_code + migration: true + - name: referrer + type: alias + path: http.request.referrer + migration: true + - name: agent + type: alias + path: user_agent.original + migration: true + + - name: user_agent + type: group + fields: + - name: device + type: alias + path: user_agent.device.name + migration: true + - name: name + type: alias + path: user_agent.name + migration: true + - name: os + type: alias + path: user_agent.os.full_name + migration: true + - name: os_name + type: alias + path: user_agent.os.name + migration: true + - name: original + type: alias + path: user_agent.original + migration: true + - name: geoip + type: group + fields: + - name: continent_name + type: alias + path: source.geo.continent_name + migration: true + - name: country_iso_code + type: alias + path: source.geo.country_iso_code + migration: true + - name: location + type: alias + path: source.geo.location + migration: true + - name: region_name + type: alias + path: source.geo.region_name + migration: true + - name: city_name + type: alias + path: source.geo.city_name + migration: true + - name: region_iso_code + type: alias + path: source.geo.region_iso_code + migration: true + - name: error + type: group + fields: + - name: level + type: alias + path: log.level + migration: true + - name: message + type: alias + path: message + migration: true + - name: pid + type: alias + path: process.pid + migration: true + - name: tid + type: alias + path: process.thread.id + migration: true + - name: module + type: alias + path: apache.error.module + migration: true + + + - name: apache + type: group + description: > + Apache fields. + fields: + - name: access + type: group + description: > + Contains fields for the Apache HTTP Server access logs. + fields: + - name: ssl.protocol + type: keyword + description: > + SSL protocol version. + + - name: ssl.cipher + type: keyword + description: > + SSL cipher name. diff --git a/dev/packages/beats/apache-0.0.1/dataset/error/fields/fields.yml b/dev/packages/beats/apache-0.0.1/dataset/error/fields/fields.yml new file mode 100644 index 000000000..7fa9bf588 --- /dev/null +++ b/dev/packages/beats/apache-0.0.1/dataset/error/fields/fields.yml @@ -0,0 +1,148 @@ +- key: apache + title: "Apache" + description: > + Apache Module + short_config: true + fields: + - name: apache2 + type: group + description: > + Aliases for backward compatibility with old apache2 fields + fields: + - name: access + type: group + fields: + - name: remote_ip + type: alias + path: source.address + migration: true + - name: ssl.protocol + type: alias + path: apache.access.ssl.protocol + migration: true + - name: ssl.cipher + type: alias + path: apache.access.ssl.cipher + migration: true + - name: body_sent.bytes + type: alias + path: http.response.body.bytes + migration: true + - name: user_name + type: alias + path: user.name + migration: true + - name: method + type: alias + path: http.request.method + migration: true + - name: url + type: alias + path: url.original + migration: true + - name: http_version + type: alias + path: http.version + migration: true + - name: response_code + type: alias + path: http.response.status_code + migration: true + - name: referrer + type: alias + path: http.request.referrer + migration: true + - name: agent + type: alias + path: user_agent.original + migration: true + + - name: user_agent + type: group + fields: + - name: device + type: alias + path: user_agent.device.name + migration: true + - name: name + type: alias + path: user_agent.name + migration: true + - name: os + type: alias + path: user_agent.os.full_name + migration: true + - name: os_name + type: alias + path: user_agent.os.name + migration: true + - name: original + type: alias + path: user_agent.original + migration: true + - name: geoip + type: group + fields: + - name: continent_name + type: alias + path: source.geo.continent_name + migration: true + - name: country_iso_code + type: alias + path: source.geo.country_iso_code + migration: true + - name: location + type: alias + path: source.geo.location + migration: true + - name: region_name + type: alias + path: source.geo.region_name + migration: true + - name: city_name + type: alias + path: source.geo.city_name + migration: true + - name: region_iso_code + type: alias + path: source.geo.region_iso_code + migration: true + - name: error + type: group + fields: + - name: level + type: alias + path: log.level + migration: true + - name: message + type: alias + path: message + migration: true + - name: pid + type: alias + path: process.pid + migration: true + - name: tid + type: alias + path: process.thread.id + migration: true + - name: module + type: alias + path: apache.error.module + migration: true + + + - name: apache + type: group + description: > + Apache fields. + fields: + - name: error + type: group + description: > + Fields from the Apache error logs. + fields: + - name: module + type: keyword + description: > + The module producing the logged message. diff --git a/dev/packages/beats/aws-0.0.1/dataset/cloudtrail/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/cloudtrail/fields/fields.yml new file mode 100644 index 000000000..8fa5ac3c7 --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/cloudtrail/fields/fields.yml @@ -0,0 +1,146 @@ +- key: aws + title: AWS + release: beta + description: > + Module for handling logs from AWS. + fields: + - name: aws + type: group + description: > + Fields from AWS logs. + fields: + - name: cloudtrail + type: group + release: beta + default_field: false + description: > + Fields for AWS CloudTrail logs. + fields: + - name: event_version + type: keyword + description: > + The CloudTrail version of the log event format. + - name: user_identity + type: group + description: >- + The userIdentity element contains details about the type of + IAM identity that made the request, and which credentials were + used. If temporary credentials were used, the element shows how the + credentials were obtained. + fields: + - name: type + type: keyword + description: > + The type of the identity + - name: arn + type: keyword + description: >- + The Amazon Resource Name (ARN) of the principal that made the call. + - name: access_key_id + type: keyword + description: >- + The access key ID that was used to sign the request. + - name: session_context + type: group + description: >- + If the request was made with temporary security + credentials, an element that provides information about the session + that was created for those credentials + fields: + - name: mfa_authenticated + type: keyword + description: >- + The value is true if the root user or IAM user whose + credentials were used for the request also was authenticated with an + MFA device; otherwise, false. + - name: creation_date + type: date + description: >- + The date and time when the temporary security credentials were issued. + - name: invoked_by + type: keyword + description: >- + The name of the AWS service that made the request, such as + Amazon EC2 Auto Scaling or AWS Elastic Beanstalk. + - name: error_code + type: keyword + description: >- + The AWS service error if the request returns an error. + - name: error_message + type: keyword + description: >- + If the request returns an error, the description of the error. + - name: request_parameters + type: keyword + description: >- + The parameters, if any, that were sent with the request. + - name: response_elements + type: keyword + description: >- + The response element for actions that make changes (create, + update, or delete actions). + - name: additional_eventdata + type: keyword + description: >- + Additional data about the event that was not part of the + request or response. + - name: request_id + type: keyword + description: >- + The value that identifies the request. The service being + called generates this value. + - name: event_type + type: keyword + description: >- + Identifies the type of event that generated the event record. + - name: api_version + type: keyword + description: >- + Identifies the API version associated with the AwsApiCall + eventType value. + - name: management_event + type: keyword + description: >- + A Boolean value that identifies whether the event is a + management event. + - name: read_only + type: keyword + description: >- + Identifies whether this operation is a read-only operation. + - name: resources + type: group + description: >- + A list of resources accessed in the event. + fields: + - name: arn + type: keyword + description: >- + Resource ARNs + - name: account_id + type: keyword + description: >- + Account ID of the resource owner + - name: type + type: keyword + description: >- + Resource type identifier in the format: AWS::aws-service-name::data-type-name + - name: recipient_account_id + type: keyword + description: >- + Represents the account ID that received this event. + - name: service_event_details + type: keyword + description: >- + Identifies the service event, including what triggered the + event and the result. + - name: shared_event_id + type: keyword + description: >- + GUID generated by CloudTrail to uniquely identify CloudTrail + events from the same AWS action that is sent to different AWS + accounts. + - name: vpc_endpoint_id + type: keyword + description: >- + Identifies the VPC endpoint in which requests were made from a + VPC to another AWS service, such as Amazon S3. diff --git a/dev/packages/beats/aws-0.0.1/dataset/s3access/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/s3access/fields/fields.yml new file mode 100644 index 000000000..1a08ab8d3 --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/s3access/fields/fields.yml @@ -0,0 +1,109 @@ +- key: aws + title: AWS + release: beta + description: > + Module for handling logs from AWS. + fields: + - name: aws + type: group + description: > + Fields from AWS logs. + fields: + - name: s3access + type: group + release: ga + description: > + Fields for AWS S3 server access logs. + fields: + - name: bucket_owner + type: keyword + description: > + The canonical user ID of the owner of the source bucket. + - name: bucket + type: keyword + description: > + The name of the bucket that the request was processed against. + - name: remote_ip + type: ip + description: > + The apparent internet address of the requester. + - name: requester + type: keyword + description: > + The canonical user ID of the requester, or a - for unauthenticated requests. + - name: request_id + type: keyword + description: > + A string generated by Amazon S3 to uniquely identify each request. + - name: operation + type: keyword + description: > + The operation listed here is declared as SOAP.operation, REST.HTTP_method.resource_type, WEBSITE.HTTP_method.resource_type, or BATCH.DELETE.OBJECT. + - name: key + type: keyword + description: > + The "key" part of the request, URL encoded, or "-" if the operation does not take a key parameter. + - name: request_uri + type: keyword + description: > + The Request-URI part of the HTTP request message. + - name: http_status + type: long + description: > + The numeric HTTP status code of the response. + - name: error_code + type: keyword + description: > + The Amazon S3 Error Code, or "-" if no error occurred. + - name: bytes_sent + type: long + description: > + The number of response bytes sent, excluding HTTP protocol overhead, or "-" if zero. + - name: object_size + type: long + description: > + The total size of the object in question. + - name: total_time + type: long + description: > + The number of milliseconds the request was in flight from the server's perspective. + - name: turn_around_time + type: long + description: > + The number of milliseconds that Amazon S3 spent processing your request. + - name: referrer + type: keyword + description: > + The value of the HTTP Referrer header, if present. + - name: user_agent + type: keyword + description: > + The value of the HTTP User-Agent header. + - name: version_id + type: keyword + description: > + The version ID in the request, or "-" if the operation does not take a versionId parameter. + - name: host_id + type: keyword + description: > + The x-amz-id-2 or Amazon S3 extended request ID. + - name: signature_version + type: keyword + description: > + The signature version, SigV2 or SigV4, that was used to authenticate the request or a - for unauthenticated requests. + - name: cipher_suite + type: keyword + description: > + The Secure Sockets Layer (SSL) cipher that was negotiated for HTTPS request or a - for HTTP. + - name: authentication_type + type: keyword + description: > + The type of request authentication used, AuthHeader for authentication headers, QueryString for query string (pre-signed URL) or a - for unauthenticated requests. + - name: host_header + type: keyword + description: > + The endpoint used to connect to Amazon S3. + - name: tls_version + type: keyword + description: > + The Transport Layer Security (TLS) version negotiated by the client. diff --git a/dev/packages/beats/aws-0.0.1/dataset/vpcflow/fields/fields.yml b/dev/packages/beats/aws-0.0.1/dataset/vpcflow/fields/fields.yml new file mode 100644 index 000000000..1c0be48a2 --- /dev/null +++ b/dev/packages/beats/aws-0.0.1/dataset/vpcflow/fields/fields.yml @@ -0,0 +1,65 @@ +- key: aws + title: AWS + release: beta + description: > + Module for handling logs from AWS. + fields: + - name: aws + type: group + description: > + Fields from AWS logs. + fields: + - name: vpcflow + type: group + release: beta + description: > + Fields for AWS VPC flow logs. + fields: + - name: version + type: keyword + description: > + The VPC Flow Logs version. If you use the default format, the version is 2. If you specify a custom format, the version is 3. + - name: account_id + type: keyword + description: > + The AWS account ID for the flow log. + - name: interface_id + type: keyword + description: > + The ID of the network interface for which the traffic is recorded. + - name: action + type: keyword + description: > + The action that is associated with the traffic, ACCEPT or REJECT. + - name: log_status + type: keyword + description: > + The logging status of the flow log, OK, NODATA or SKIPDATA. + - name: instance_id + type: keyword + description: > + The ID of the instance that's associated with network interface for which the traffic is recorded, if the instance is owned by you. + - name: pkt_srcaddr + type: ip + description: > + The packet-level (original) source IP address of the traffic. + - name: pkt_dstaddr + type: ip + description: > + The packet-level (original) destination IP address for the traffic. + - name: vpc_id + type: keyword + description: > + The ID of the VPC that contains the network interface for which the traffic is recorded. + - name: subnet_id + type: keyword + description: > + The ID of the subnet that contains the network interface for which the traffic is recorded. + - name: tcp_flags + type: keyword + description: > + The bitmask value for the following TCP flags: 2=SYN,18=SYN-ACK,1=FIN,4=RST + - name: type + type: keyword + description: > + The type of traffic: IPv4, IPv6, or EFA. diff --git a/dev/packages/beats/azure-0.0.1/dataset/activitylogs/fields/fields.yml b/dev/packages/beats/azure-0.0.1/dataset/activitylogs/fields/fields.yml new file mode 100644 index 000000000..fe1ce23cd --- /dev/null +++ b/dev/packages/beats/azure-0.0.1/dataset/activitylogs/fields/fields.yml @@ -0,0 +1,161 @@ +- key: azure + title: "Azure" + release: beta + description: > + Azure Module + fields: + - name: azure + type: group + description: > + fields: + - name: subscription_id + type: keyword + description: > + Azure subscription ID + - name: correlation_id + type: keyword + description: > + Correlation ID + - name: tenant_id + type: keyword + description: > + tenant ID + - name: resource + type: group + description: > + Resource + fields: + - name: id + type: keyword + description: > + Resource ID + - name: group + type: keyword + description: > + Resource group + - name: provider + type: keyword + description: > + Resource type/namespace + - name: namespace + type: keyword + description: > + Resource type/namespace + - name: name + type: keyword + description: > + Name + - name: authorization_rule + type: keyword + description: > + Authorization rule + - name: activitylogs + type: group + release: beta + description: > + Fields for Azure activity logs. + fields: + - name: identity + type: group + description: > + Identity + fields: + - name: claims_initiated_by_user + type: group + description: > + Claims initiated by user + fields: + - name: name + type: keyword + description: > + Name + - name: givenname + type: keyword + description: > + Givenname + - name: surname + type: keyword + description: > + Surname + - name: fullname + type: keyword + description: > + Fullname + - name: schema + type: keyword + description: > + Schema + - name: claims.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Claims + - name: authorization + type: group + description: > + Authorization + fields: + - name: scope + type: keyword + description: > + Scope + - name: action + type: keyword + description: > + Action + - name: evidence + type: group + description: > + Evidence + fields: + - name: role_assignment_scope + type: keyword + description: > + Role assignment scope + - name: role_definition_id + type: keyword + description: > + Role definition ID + - name: role + type: keyword + description: > + Role + - name: role_assignment_id + type: keyword + description: > + Role assignment ID + - name: principal_id + type: keyword + description: > + Principal ID + - name: principal_type + type: keyword + description: > + Principal type + - name: operation_name + type: keyword + description: > + Operation name + - name: result_signature + type: keyword + description: > + Result signature + - name: category + type: keyword + description: > + Category + - name: properties + type: group + description: > + Properties + fields: + - name: service_request_id + type: keyword + description: > + Service Request Id + - name: status_code + type: keyword + description: > + Status code + diff --git a/dev/packages/beats/azure-0.0.1/dataset/auditlogs/fields/fields.yml b/dev/packages/beats/azure-0.0.1/dataset/auditlogs/fields/fields.yml new file mode 100644 index 000000000..ead3f2fed --- /dev/null +++ b/dev/packages/beats/azure-0.0.1/dataset/auditlogs/fields/fields.yml @@ -0,0 +1,213 @@ +- key: azure + title: "Azure" + release: beta + description: > + Azure Module + fields: + - name: azure + type: group + description: > + fields: + - name: subscription_id + type: keyword + description: > + Azure subscription ID + - name: correlation_id + type: keyword + description: > + Correlation ID + - name: tenant_id + type: keyword + description: > + tenant ID + - name: resource + type: group + description: > + Resource + fields: + - name: id + type: keyword + description: > + Resource ID + - name: group + type: keyword + description: > + Resource group + - name: provider + type: keyword + description: > + Resource type/namespace + - name: namespace + type: keyword + description: > + Resource type/namespace + - name: name + type: keyword + description: > + Name + - name: authorization_rule + type: keyword + description: > + Authorization rule + - name: auditlogs + type: group + description: > + Fields for Azure audit logs. + fields: + - name: operation_name + type: keyword + description: > + The operation name + - name: operation_version + type: keyword + description: > + The operation version + - name: identity + type: keyword + description: > + Identity + - name: tenant_id + type: keyword + description: > + Tenant ID + - name: result_signature + type: keyword + description: > + Result signature + - name: properties + type: group + description: > + The audit log properties + fields: + - name: result + type: keyword + description: > + Log result + - name: activity_display_name + type: keyword + description: > + Activity display name + - name: result_reason + type: keyword + description: > + Reason for the log result + - name: correlation_id + type: keyword + description: > + Correlation ID + - name: logged_by_service + type: keyword + description: > + Logged by service + - name: operation_type + type: keyword + description: > + Operation type + - name: id + type: keyword + description: > + ID + - name: activity_datetime + type: date + description: > + Activity timestamp + - name: category + type: keyword + description: > + category + - name: target_resources.* + type: group + object_type_mapping_type: "*" + description: > + Target resources + fields: + - name: display_name + type: keyword + description: > + Display name + - name: id + type: keyword + description: > + ID + - name: type + type: keyword + description: > + Type + - name: ip_address + type: keyword + description: > + ip Address + - name: user_principal_name + type: keyword + description: > + User principal name + - name: modified_properties.* + type: group + object_type: keyword + object_type_mapping_type: "*" + description: > + Modified properties + fields: + - name: new_value + type: keyword + description: > + New value + - name: display_name + type: keyword + description: > + Display value + - name: old_value + type: keyword + description: > + Old value + - name: initiated_by + type: group + description: > + Information regarding the initiator + fields: + - name: app + type: group + description: > + App + fields: + - name: servicePrincipalName + type: keyword + description: > + Service principal name + - name: displayName + type: keyword + description: > + Display name + - name: appId + type: keyword + description: > + App ID + - name: servicePrincipalId + type: keyword + description: > + Service principal ID + - name: user + type: group + description: > + User + fields: + - name: userPrincipalName + type: keyword + description: > + User principal name + - name: displayName + type: keyword + description: > + Display name + - name: id + type: keyword + description: > + ID + - name: ipAddress + type: keyword + description: > + ip Address + + + + diff --git a/dev/packages/beats/azure-0.0.1/dataset/signinlogs/fields/fields.yml b/dev/packages/beats/azure-0.0.1/dataset/signinlogs/fields/fields.yml new file mode 100644 index 000000000..f831c8346 --- /dev/null +++ b/dev/packages/beats/azure-0.0.1/dataset/signinlogs/fields/fields.yml @@ -0,0 +1,208 @@ +- key: azure + title: "Azure" + release: beta + description: > + Azure Module + fields: + - name: azure + type: group + description: > + fields: + - name: subscription_id + type: keyword + description: > + Azure subscription ID + - name: correlation_id + type: keyword + description: > + Correlation ID + - name: tenant_id + type: keyword + description: > + tenant ID + - name: resource + type: group + description: > + Resource + fields: + - name: id + type: keyword + description: > + Resource ID + - name: group + type: keyword + description: > + Resource group + - name: provider + type: keyword + description: > + Resource type/namespace + - name: namespace + type: keyword + description: > + Resource type/namespace + - name: name + type: keyword + description: > + Name + - name: authorization_rule + type: keyword + description: > + Authorization rule + - name: signinlogs + type: group + description: > + Fields for Azure sign-in logs. + fields: + - name: operation_name + type: keyword + description: > + The operation name + - name: operation_version + type: keyword + description: > + The operation version + - name: tenant_id + type: keyword + description: > + Tenant ID + - name: result_signature + type: keyword + description: > + Result signature + - name: result_description + type: keyword + description: > + Result description + - name: identity + type: keyword + description: > + Identity + - name: properties + type: group + description: > + The signin log properties + fields: + - name: id + type: keyword + description: > + ID + - name: created_at + type: date + description: > + Created date time + - name: user_display_name + type: keyword + description: > + User display name + - name: correlation_id + type: keyword + description: > + Correlation ID + - name: user_principal_name + type: keyword + description: > + User principal name + - name: user_id + type: keyword + description: > + User ID + - name: app_id + type: keyword + description: > + App ID + - name: app_display_name + type: keyword + description: > + App display name + - name: ip_address + type: keyword + description: > + Ip address + - name: client_app_used + type: keyword + description: > + Client app used + - name: conditional_access_status + type: keyword + description: > + Conditional access status + - name: original_request_id + type: keyword + description: > + Original request ID + - name: is_interactive + type: keyword + description: > + Is interactive + - name: token_issuer_name + type: keyword + description: > + Token issuer name + - name: token_issuer_type + type: keyword + description: > + Token issuer type + - name: processing_time_ms + type: float + description: > + Processing time in milliseconds + - name: risk_detail + type: keyword + description: > + Risk detail + - name: risk_level_aggregated + type: keyword + description: > + Risk level aggregated + - name: risk_level_during_signin + type: keyword + description: > + Risk level during signIn + - name: risk_state + type: keyword + description: > + Risk state + - name: resource_display_name + type: keyword + description: > + Resource display name + - name: status + type: group + description: > + Status + fields: + - name: error_code + type: keyword + description: > + Error code + - name: device_detail + type: group + description: > + Status + fields: + - name: device_id + type: keyword + description: > + Device ID + - name: operating_system + type: keyword + description: > + Operating system + - name: browser + type: keyword + description: > + Browser + - name: display_name + type: keyword + description: > + Display name + - name: trust_type + type: keyword + description: > + Trust type + - name: service_principal_id + type: keyword + description: > + Status + diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/audit/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/audit/fields/fields.yml new file mode 100644 index 000000000..9983d6c4e --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/audit/fields/fields.yml @@ -0,0 +1,106 @@ +- key: elasticsearch + title: "elasticsearch" + description: > + elasticsearch Module + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: component + description: "Elasticsearch component from where the log event originated" + example: "o.e.c.m.MetaDataCreateIndexService" + type: keyword + - name: cluster.uuid + description: "UUID of the cluster" + example: "GmvrbHlNTiSVYiPf8kxg9g" + type: keyword + - name: cluster.name + description: "Name of the cluster" + example: "docker-cluster" + type: keyword + - name: node.id + description: "ID of the node" + example: "DSiWcTyeThWtUXLB9J0BMw" + type: keyword + - name: node.name + description: "Name of the node" + example: "vWNJsZ3" + type: keyword + - name: index.name + description: "Index name" + example: "filebeat-test-input" + type: keyword + - name: index.id + description: "Index id" + example: "aOGgDwbURfCV57AScqbCgw" + type: keyword + - name: shard.id + description: "Id of the shard" + example: "0" + type: keyword + - name: audit + type: group + description: > + fields: + - name: layer + description: "The layer from which this event originated: rest, transport or ip_filter" + example: "rest" + type: keyword + - name: event_type + description: "The type of event that occurred: anonymous_access_denied, authentication_failed, access_denied, access_granted, connection_granted, connection_denied, tampered_request, run_as_granted, run_as_denied" + example: "access_granted" + type: keyword + - name: origin.type + description: "Where the request originated: rest (request originated from a REST API request), transport (request was received on the transport channel), local_node (the local node issued the request)" + example: "local_node" + type: keyword + - name: realm + description: "The authentication realm the authentication was validated against" + example": "default_file" + type: keyword + - name: user.realm + description: "The user's authentication realm, if authenticated" + example": "active_directory" + type: keyword + - name: user.roles + description: "Roles to which the principal belongs" + example: [ "kibana_user", "beats_admin" ] + type: keyword + - name: action + description: "The name of the action that was executed" + example: "cluster:monitor/main" + type: keyword + - name: url.params + description: "REST URI parameters" + example: "{username=jacknich2}" + - name: indices + description: "Indices accessed by action" + example: [ "foo-2019.01.04", "foo-2019.01.03", "foo-2019.01.06" ] + type: keyword + - name: request.id + description: "Unique ID of request" + example: "WzL_kb6VSvOhAq0twPvHOQ" + type: keyword + - name: request.name + description: "The type of request that was executed" + example: "ClearScrollRequest" + type: keyword + - name: request_body + type: alias + path: http.request.body.content + migration: true + - name: origin_address + type: alias + path: source.ip + migration: true + - name: uri + type: alias + path: url.original + migration: true + - name: principal + type: alias + path: user.name + migration: true + - name: message + type: text diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/deprecation/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/deprecation/fields/fields.yml new file mode 100644 index 000000000..f48cad658 --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/deprecation/fields/fields.yml @@ -0,0 +1,45 @@ +- key: elasticsearch + title: "elasticsearch" + description: > + elasticsearch Module + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: component + description: "Elasticsearch component from where the log event originated" + example: "o.e.c.m.MetaDataCreateIndexService" + type: keyword + - name: cluster.uuid + description: "UUID of the cluster" + example: "GmvrbHlNTiSVYiPf8kxg9g" + type: keyword + - name: cluster.name + description: "Name of the cluster" + example: "docker-cluster" + type: keyword + - name: node.id + description: "ID of the node" + example: "DSiWcTyeThWtUXLB9J0BMw" + type: keyword + - name: node.name + description: "Name of the node" + example: "vWNJsZ3" + type: keyword + - name: index.name + description: "Index name" + example: "filebeat-test-input" + type: keyword + - name: index.id + description: "Index id" + example: "aOGgDwbURfCV57AScqbCgw" + type: keyword + - name: shard.id + description: "Id of the shard" + example: "0" + type: keyword + - name: deprecation + type: group + description: > + fields: diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/gc/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/gc/fields/fields.yml new file mode 100644 index 000000000..8ce21a7be --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/gc/fields/fields.yml @@ -0,0 +1,151 @@ +- key: elasticsearch + title: "elasticsearch" + description: > + elasticsearch Module + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: component + description: "Elasticsearch component from where the log event originated" + example: "o.e.c.m.MetaDataCreateIndexService" + type: keyword + - name: cluster.uuid + description: "UUID of the cluster" + example: "GmvrbHlNTiSVYiPf8kxg9g" + type: keyword + - name: cluster.name + description: "Name of the cluster" + example: "docker-cluster" + type: keyword + - name: node.id + description: "ID of the node" + example: "DSiWcTyeThWtUXLB9J0BMw" + type: keyword + - name: node.name + description: "Name of the node" + example: "vWNJsZ3" + type: keyword + - name: index.name + description: "Index name" + example: "filebeat-test-input" + type: keyword + - name: index.id + description: "Index id" + example: "aOGgDwbURfCV57AScqbCgw" + type: keyword + - name: shard.id + description: "Id of the shard" + example: "0" + type: keyword + - name: gc + type: group + description: > + GC fileset fields. + fields: + - name: phase + type: group + description: > + Fields specific to GC phase. + fields: + - name: name + type: keyword + description: > + Name of the GC collection phase. + - name: duration_sec + type: float + description: > + Collection phase duration according to the Java virtual machine. + - name: scrub_symbol_table_time_sec + type: float + description: > + Pause time in seconds cleaning up symbol tables. + - name: scrub_string_table_time_sec + type: float + description: > + Pause time in seconds cleaning up string tables. + - name: weak_refs_processing_time_sec + type: float + description: > + Time spent processing weak references in seconds. + - name: parallel_rescan_time_sec + type: float + description: > + Time spent in seconds marking live objects while application is stopped. + - name: class_unload_time_sec + type: float + description: > + Time spent unloading unused classes in seconds. + - name: cpu_time + type: group + description: > + Process CPU time spent performing collections. + fields: + - name: user_sec + type: float + description: > + CPU time spent outside the kernel. + - name: sys_sec + type: float + description: > + CPU time spent inside the kernel. + - name: real_sec + type: float + description: > + Total elapsed CPU time spent to complete the collection from start to finish. + - name: jvm_runtime_sec + type: float + description: > + The time from JVM start up in seconds, as a floating point number. + - name: threads_total_stop_time_sec + type: float + description: > + Garbage collection threads total stop time seconds. + - name: stopping_threads_time_sec + type: float + description: > + Time took to stop threads seconds. + - name: tags + type: keyword + description: > + GC logging tags. + - name: heap + type: group + description: > + Heap allocation and total size. + fields: + - name: size_kb + type: integer + description: > + Total heap size in kilobytes. + - name: used_kb + type: integer + description: > + Used heap in kilobytes. + - name: old_gen + type: group + description: > + Old generation occupancy and total size. + fields: + - name: size_kb + type: integer + description: > + Total size of old generation in kilobytes. + - name: used_kb + type: integer + description: > + Old generation occupancy in kilobytes. + - name: young_gen + type: group + description: > + Young generation occupancy and total size. + fields: + - name: size_kb + type: integer + description: > + Total size of young generation in kilobytes. + - name: used_kb + type: integer + description: > + Young generation occupancy in kilobytes. diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/server/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/server/fields/fields.yml new file mode 100644 index 000000000..5d89a586c --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/server/fields/fields.yml @@ -0,0 +1,77 @@ +- key: elasticsearch + title: "elasticsearch" + description: > + elasticsearch Module + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: component + description: "Elasticsearch component from where the log event originated" + example: "o.e.c.m.MetaDataCreateIndexService" + type: keyword + - name: cluster.uuid + description: "UUID of the cluster" + example: "GmvrbHlNTiSVYiPf8kxg9g" + type: keyword + - name: cluster.name + description: "Name of the cluster" + example: "docker-cluster" + type: keyword + - name: node.id + description: "ID of the node" + example: "DSiWcTyeThWtUXLB9J0BMw" + type: keyword + - name: node.name + description: "Name of the node" + example: "vWNJsZ3" + type: keyword + - name: index.name + description: "Index name" + example: "filebeat-test-input" + type: keyword + - name: index.id + description: "Index id" + example: "aOGgDwbURfCV57AScqbCgw" + type: keyword + - name: shard.id + description: "Id of the shard" + example: "0" + type: keyword + - name: server + description: "Server log file" + type: group + fields: + - name: stacktrace + description": Stack trace in case of errors + index: false + - name: gc + description: "GC log" + type: group + fields: + - name: young + description: "Young GC" + example: "" + type: group + fields: + - name: one + description: "" + example: "" + type: long + - name: two + description: "" + example: "" + type: long + - name: overhead_seq + description: "Sequence number" + example: 3449992 + type: long + - name: collection_duration.ms + description: "Time spent in GC, in milliseconds" + example: 1600 + type: float + - name: observation_duration.ms + description: "Total time over which collection was observed, in milliseconds" + example: 1800 + type: float diff --git a/dev/packages/beats/elasticsearch-0.0.1/dataset/slowlog/fields/fields.yml b/dev/packages/beats/elasticsearch-0.0.1/dataset/slowlog/fields/fields.yml new file mode 100644 index 000000000..da42d0fbf --- /dev/null +++ b/dev/packages/beats/elasticsearch-0.0.1/dataset/slowlog/fields/fields.yml @@ -0,0 +1,97 @@ +- key: elasticsearch + title: "elasticsearch" + description: > + elasticsearch Module + fields: + - name: elasticsearch + type: group + description: > + fields: + - name: component + description: "Elasticsearch component from where the log event originated" + example: "o.e.c.m.MetaDataCreateIndexService" + type: keyword + - name: cluster.uuid + description: "UUID of the cluster" + example: "GmvrbHlNTiSVYiPf8kxg9g" + type: keyword + - name: cluster.name + description: "Name of the cluster" + example: "docker-cluster" + type: keyword + - name: node.id + description: "ID of the node" + example: "DSiWcTyeThWtUXLB9J0BMw" + type: keyword + - name: node.name + description: "Name of the node" + example: "vWNJsZ3" + type: keyword + - name: index.name + description: "Index name" + example: "filebeat-test-input" + type: keyword + - name: index.id + description: "Index id" + example: "aOGgDwbURfCV57AScqbCgw" + type: keyword + - name: shard.id + description: "Id of the shard" + example: "0" + type: keyword + - name: slowlog + description: "Slowlog events from Elasticsearch" + example: "[2018-06-29T10:06:14,933][INFO ][index.search.slowlog.query] [v_VJhjV] [metricbeat-6.3.0-2018.06.26][0] took[4.5ms], took_millis[4], total_hits[19435], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{\"query\":{\"match_all\":{\"boost\":1.0}}}]," + type: group + fields: + - name: logger + description: "Logger name" + example: "index.search.slowlog.fetch" + type: keyword + - name: took + description: "Time it took to execute the query" + example: "300ms" + type: keyword + - name: types + description: "Types" + example: "" + type: keyword + - name: stats + description: "Stats groups" + example: "group1" + type: keyword + - name: search_type + description: "Search type" + example: "QUERY_THEN_FETCH" + type: keyword + - name: source_query + description: "Slow query" + example: "{\"query\":{\"match_all\":{\"boost\":1.0}}}" + type: keyword + - name: extra_source + description: "Extra source information" + example: "" + type: keyword + - name: total_hits + description: "Total hits" + example: 42 + type: keyword + - name: total_shards + description: "Total queried shards" + example: 22 + type: keyword + - name: routing + description: "Routing" + example: "s01HZ2QBk9jw4gtgaFtn" + type: keyword + - name: id + description: Id + example: "" + type: keyword + - name: type + description: "Type" + example: "doc" + type: keyword + - name: source + description: Source of document that was indexed + type: keyword diff --git a/dev/packages/beats/googlecloud-0.0.1/dataset/audit/fields/fields.yml b/dev/packages/beats/googlecloud-0.0.1/dataset/audit/fields/fields.yml new file mode 100644 index 000000000..497d8a426 --- /dev/null +++ b/dev/packages/beats/googlecloud-0.0.1/dataset/audit/fields/fields.yml @@ -0,0 +1,232 @@ +- key: googlecloud + title: Google Cloud + description: > + Module for handling logs from Google Cloud. + fields: + - name: googlecloud + type: group + description: > + Fields from Google Cloud logs. + fields: + - name: destination.instance + type: group + description: > + If the destination of the connection was a VM located on the same VPC, + this field is populated with VM instance details. In a Shared VPC + configuration, project_id corresponds to the project that owns the + instance, usually the service project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: region + type: keyword + description: > + Region of the VM. + + - name: zone + type: keyword + description: > + Zone of the VM. + + - name: destination.vpc + type: group + description: > + If the destination of the connection was a VM located on the same VPC, + this field is populated with VPC network details. In a Shared VPC + configuration, project_id corresponds to that of the host project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: vpc_name + type: keyword + description: > + VPC on which the VM is operating. + + - name: subnetwork_name + type: keyword + description: > + Subnetwork on which the VM is operating. + + - name: source.instance + type: group + description: > + If the source of the connection was a VM located on the same VPC, this + field is populated with VM instance details. In a Shared VPC + configuration, project_id corresponds to the project that owns the + instance, usually the service project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: region + type: keyword + description: > + Region of the VM. + + - name: zone + type: keyword + description: > + Zone of the VM. + + - name: source.vpc + type: group + description: > + If the source of the connection was a VM located on the same VPC, this + field is populated with VPC network details. In a Shared VPC + configuration, project_id corresponds to that of the host project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: vpc_name + type: keyword + description: > + VPC on which the VM is operating. + + - name: subnetwork_name + type: keyword + description: > + Subnetwork on which the VM is operating. + - name: audit + type: group + description: > + Fields for Google Cloud audit logs. + fields: + - name: type + type: keyword + description: > + Type property. + - name: authentication_info + type: group + description: > + Authentication information. + fields: + - name: principal_email + type: keyword + description: > + The email address of the authenticated user making the request. + - name: authority_selector + type: keyword + description: > + The authority selector specified by the requestor, if any. It is not guaranteed + that the principal was allowed to use this authority. + - name: authorization_info + type: array + description: > + Authorization information for the operation. + fields: + - name: permission + type: keyword + description: > + The required IAM permission. + - name: granted + type: boolean + description: > + Whether or not authorization for resource and permission was granted. + - name: resource_attributes + type: group + description: > + The attributes of the resource. + fields: + - name: service + type: keyword + description: > + The name of the service. + - name: name + type: keyword + description: > + The name of the resource. + - name: type + type: keyword + description: > + The type of the resource. + - name: method_name + type: keyword + description: > + The name of the service method or operation. For API calls, this + should be the name of the API method. + For example, 'google.datastore.v1.Datastore.RunQuery'. + - name: num_response_items + type: long + description: > + The number of items returned from a List or Query API method, if applicable. + - name: request + type: group + description: > + The operation request. + fields: + - name: proto_name + type: keyword + description: > + Type property of the request. + - name: filter + type: keyword + description: > + Filter of the request. + - name: name + type: keyword + description: > + Name of the request. + - name: resource_name + type: keyword + description: > + Name of the request resource. + - name: request_metadata + type: group + description: > + Metadata about the request. + fields: + - name: caller_ip + type: ip + description: > + The IP address of the caller. + - name: caller_supplied_user_agent + type: keyword + description: > + The user agent of the caller. This information is not authenticated and + should be treated accordingly. + - name: resource_name + type: keyword + description: > + The resource or collection that is the target of the operation. + The name is a scheme-less URI, not including the API service name. + For example, 'shelves/SHELF_ID/books'. + - name: resource_location + type: group + description: > + The location of the resource. + fields: + - name: current_locations + type: keyword + description: > + Current locations of the resource. + - name: service_name + type: keyword + description: > + The name of the API service performing the operation. + For example, datastore.googleapis.com. + - name: status + type: group + description: > + The status of the overall operation. + fields: + - name: code + type: integer + description: > + The status code, which should be an enum value of google.rpc.Code. + - name: message + type: keyword + description: > + A developer-facing error message, which should be in English. Any user-facing + error message should be localized and sent in the google.rpc.Status.details + field, or localized by the client. diff --git a/dev/packages/beats/googlecloud-0.0.1/dataset/firewall/fields/fields.yml b/dev/packages/beats/googlecloud-0.0.1/dataset/firewall/fields/fields.yml new file mode 100644 index 000000000..12684be4e --- /dev/null +++ b/dev/packages/beats/googlecloud-0.0.1/dataset/firewall/fields/fields.yml @@ -0,0 +1,147 @@ +- key: googlecloud + title: Google Cloud + description: > + Module for handling logs from Google Cloud. + fields: + - name: googlecloud + type: group + description: > + Fields from Google Cloud logs. + fields: + - name: destination.instance + type: group + description: > + If the destination of the connection was a VM located on the same VPC, + this field is populated with VM instance details. In a Shared VPC + configuration, project_id corresponds to the project that owns the + instance, usually the service project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: region + type: keyword + description: > + Region of the VM. + + - name: zone + type: keyword + description: > + Zone of the VM. + + - name: destination.vpc + type: group + description: > + If the destination of the connection was a VM located on the same VPC, + this field is populated with VPC network details. In a Shared VPC + configuration, project_id corresponds to that of the host project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: vpc_name + type: keyword + description: > + VPC on which the VM is operating. + + - name: subnetwork_name + type: keyword + description: > + Subnetwork on which the VM is operating. + + - name: source.instance + type: group + description: > + If the source of the connection was a VM located on the same VPC, this + field is populated with VM instance details. In a Shared VPC + configuration, project_id corresponds to the project that owns the + instance, usually the service project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: region + type: keyword + description: > + Region of the VM. + + - name: zone + type: keyword + description: > + Zone of the VM. + + - name: source.vpc + type: group + description: > + If the source of the connection was a VM located on the same VPC, this + field is populated with VPC network details. In a Shared VPC + configuration, project_id corresponds to that of the host project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: vpc_name + type: keyword + description: > + VPC on which the VM is operating. + + - name: subnetwork_name + type: keyword + description: > + Subnetwork on which the VM is operating. + - name: firewall + type: group + description: > + Fields for Google Cloud Firewall logs. + fields: + - name: rule_details + type: group + description: > + Description of the firewall rule that matched this connection. + fields: + - name: priority + type: long + description: The priority for the firewall rule. + - name: action + type: keyword + description: Action that the rule performs on match. + - name: direction + type: keyword + description: Direction of traffic that matches this rule. + - name: reference + type: keyword + description: Reference to the firewall rule. + - name: source_range + type: keyword + description: List of source ranges that the firewall rule applies to. + - name: destination_range + type: keyword + description: List of destination ranges that the firewall applies to. + - name: source_tag + type: keyword + description: > + List of all the source tags that the firewall rule applies to. + - name: target_tag + type: keyword + description: > + List of all the target tags that the firewall rule applies to. + - name: ip_port_info + type: array + description: > + List of ip protocols and applicable port ranges for rules. + - name: source_service_account + type: keyword + description: > + List of all the source service accounts that the firewall rule applies to. + - name: target_service_account + type: keyword + description: > + List of all the target service accounts that the firewall rule applies to. diff --git a/dev/packages/beats/googlecloud-0.0.1/dataset/vpcflow/fields/fields.yml b/dev/packages/beats/googlecloud-0.0.1/dataset/vpcflow/fields/fields.yml new file mode 100644 index 000000000..42d963fba --- /dev/null +++ b/dev/packages/beats/googlecloud-0.0.1/dataset/vpcflow/fields/fields.yml @@ -0,0 +1,115 @@ +- key: googlecloud + title: Google Cloud + description: > + Module for handling logs from Google Cloud. + fields: + - name: googlecloud + type: group + description: > + Fields from Google Cloud logs. + fields: + - name: destination.instance + type: group + description: > + If the destination of the connection was a VM located on the same VPC, + this field is populated with VM instance details. In a Shared VPC + configuration, project_id corresponds to the project that owns the + instance, usually the service project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: region + type: keyword + description: > + Region of the VM. + + - name: zone + type: keyword + description: > + Zone of the VM. + + - name: destination.vpc + type: group + description: > + If the destination of the connection was a VM located on the same VPC, + this field is populated with VPC network details. In a Shared VPC + configuration, project_id corresponds to that of the host project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: vpc_name + type: keyword + description: > + VPC on which the VM is operating. + + - name: subnetwork_name + type: keyword + description: > + Subnetwork on which the VM is operating. + + - name: source.instance + type: group + description: > + If the source of the connection was a VM located on the same VPC, this + field is populated with VM instance details. In a Shared VPC + configuration, project_id corresponds to the project that owns the + instance, usually the service project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: region + type: keyword + description: > + Region of the VM. + + - name: zone + type: keyword + description: > + Zone of the VM. + + - name: source.vpc + type: group + description: > + If the source of the connection was a VM located on the same VPC, this + field is populated with VPC network details. In a Shared VPC + configuration, project_id corresponds to that of the host project. + fields: + - name: project_id + type: keyword + description: > + ID of the project containing the VM. + + - name: vpc_name + type: keyword + description: > + VPC on which the VM is operating. + + - name: subnetwork_name + type: keyword + description: > + Subnetwork on which the VM is operating. + - name: vpcflow + type: group + description: > + Fields for Google Cloud VPC flow logs. + fields: + - name: reporter + type: keyword + description: > + The side which reported the flow. Can be either 'SRC' or 'DEST'. + + - name: rtt.ms + type: long + description: > + Latency as measured (for TCP flows only) during the time interval. This is + the time elapsed between sending a SEQ and receiving a corresponding ACK + and it contains the network RTT as well as the application related delay. diff --git a/dev/packages/beats/haproxy-0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/haproxy-0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 000000000..e72eef525 --- /dev/null +++ b/dev/packages/beats/haproxy-0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,211 @@ +- key: haproxy + title: "haproxy" + description: > + haproxy Module + fields: + - name: haproxy + type: group + description: > + fields: + + - name: frontend_name + description: Name of the frontend (or listener) which received and processed the connection. + + - name: backend_name + description: Name of the backend (or listener) which was selected to manage the connection to the server. + + - name: server_name + description: Name of the last server to which the connection was sent. + + - name: total_waiting_time_ms + description: Total time in milliseconds spent waiting in the various queues + type: long + + - name: connection_wait_time_ms + description: Total time in milliseconds spent waiting for the connection to establish to the final server + type: long + + - name: bytes_read + description: Total number of bytes transmitted to the client when the log is emitted. + type: long + + - name: time_queue + description: Total time in milliseconds spent waiting in the various queues. + type: long + + - name: time_backend_connect + description: Total time in milliseconds spent waiting for the connection to establish to the final server, including retries. + type: long + + - name: server_queue + description: Total number of requests which were processed before this one in the server queue. + type: long + + - name: backend_queue + description: Total number of requests which were processed before this one in the backend's global queue. + type: long + + - name: bind_name + description: Name of the listening address which received the connection. + + - name: error_message + description: Error message logged by HAProxy in case of error. + type: text + + - name: source + type: keyword + description: The HAProxy source of the log + + - name: termination_state + description: Condition the session was in when the session ended. + + - name: mode + type: keyword + description: mode that the frontend is operating (TCP or HTTP) + + - name: connections + description: Contains various counts of connections active in the process. + type: group + fields: + - name: active + description: Total number of concurrent connections on the process when the session was logged. + type: long + + - name: frontend + description: Total number of concurrent connections on the frontend when the session was logged. + type: long + + - name: backend + description: Total number of concurrent connections handled by the backend when the session was logged. + type: long + + - name: server + description: Total number of concurrent connections still active on the server when the session was logged. + type: long + + - name: retries + description: Number of connection retries experienced by this session when trying to connect to the server. + type: long + + - name: client + description: Information about the client doing the request + type: group + fields: + - name: ip + type: alias + path: source.address + migration: true + - name: port + type: alias + path: source.port + migration: true + + - name: process_name + type: alias + path: process.name + migration: true + + - name: pid + type: alias + path: process.pid + migration: true + + - name: destination + description: Destination information + type: group + fields: + - name: port + type: alias + path: destination.port + migration: true + - name: ip + type: alias + path: destination.ip + migration: true + + - name: geoip + type: group + description: > + Contains GeoIP information gathered based on the client.ip field. + Only present if the GeoIP Elasticsearch plugin is available and + used. + fields: + - name: continent_name + type: alias + path: source.geo.continent_name + migration: true + - name: country_iso_code + type: alias + path: source.geo.country_iso_code + migration: true + - name: location + type: alias + path: source.geo.location + migration: true + - name: region_name + type: alias + path: source.geo.region_name + migration: true + - name: city_name + type: alias + path: source.geo.city_name + migration: true + - name: region_iso_code + type: alias + path: source.geo.region_iso_code + migration: true + - name: http + description: Please add description + type: group + fields: + + - name: response + description: Fields related to the HTTP response + type: group + fields: + - name: captured_cookie + description: > + Optional "name=value" entry indicating that the client had this cookie in the response. + + - name: captured_headers + description: > + List of headers captured in the response due to the presence of the "capture response header" statement in the frontend. + type: keyword + + - name: status_code + type: alias + path: http.response.status_code + migration: true + + - name: request + description: Fields related to the HTTP request + type: group + fields: + - name: captured_cookie + description: > + Optional "name=value" entry indicating that the server has returned a cookie with its request. + + - name: captured_headers + description: > + List of headers captured in the request due to the presence of the "capture request header" statement in the frontend. + type: keyword + + - name: raw_request_line + description: Complete HTTP request line, including the method, request and HTTP version string. + type: keyword + + - name: time_wait_without_data_ms + description: Total time in milliseconds spent waiting for the server to send a full HTTP response, not counting data. + type: long + + - name: time_wait_ms + description: Total time in milliseconds spent waiting for a full HTTP request from the client (not counting body) after the first byte was received. + type: long + + - name: tcp + description: TCP log format + type: group + fields: + - name: connection_waiting_time_ms + type: long + description: Total time in milliseconds elapsed between the accept and the last close diff --git a/dev/packages/beats/ibmmq-0.0.1/dataset/errorlog/fields/fields.yml b/dev/packages/beats/ibmmq-0.0.1/dataset/errorlog/fields/fields.yml new file mode 100644 index 000000000..8e6349a1f --- /dev/null +++ b/dev/packages/beats/ibmmq-0.0.1/dataset/errorlog/fields/fields.yml @@ -0,0 +1,44 @@ +- key: ibmmq + title: "ibmmq" + description: > + ibmmq Module + release: ga + fields: + - name: ibmmq + type: group + description: > + fields: + - name: errorlog + description: IBM MQ error logs + type: group + fields: + - name: installation + description: > + This is the installation name which can be given at installation time. + + Each installation of IBM MQ on UNIX, Linux, and Windows, has a unique identifier known as an installation name. The installation name is used to associate things such as queue managers and configuration files with an installation. + + type: keyword + - name: qmgr + description: > + Name of the queue manager. Queue managers provide queuing services to applications, and manages the queues that belong to them. + type: keyword + - name: arithinsert + description: Changing content based on error.id + type: keyword + - name: commentinsert + description: Changing content based on error.id + type: keyword + - name: errordescription + description: Please add description + example: Please add example + type: text + - name: explanation + description: Explaines the error in more detail + type: keyword + - name: action + description: Defines what to do when the error occurs + type: keyword + - name: code + description: Error code. + type: keyword diff --git a/dev/packages/beats/iis-0.0.1/dataset/access/fields/fields.yml b/dev/packages/beats/iis-0.0.1/dataset/access/fields/fields.yml new file mode 100644 index 000000000..1131483d4 --- /dev/null +++ b/dev/packages/beats/iis-0.0.1/dataset/access/fields/fields.yml @@ -0,0 +1,139 @@ +- key: iis + title: "IIS" + description: > + Module for parsing IIS log files. + fields: + - name: iis + type: group + description: > + Fields from IIS log files. + fields: + + - name: access + type: group + description: > + Contains fields for IIS access logs. + fields: + - name: sub_status + type: long + description: > + The HTTP substatus code. + - name: win32_status + type: long + description: > + The Windows status code. + - name: site_name + type: keyword + description: > + The site name and instance number. + - name: server_name + type: keyword + description: > + The name of the server on which the log file entry was generated. + - name: cookie + type: keyword + description: > + The content of the cookie sent or received, if any. + + - name: body_received.bytes + type: alias + path: http.request.body.bytes + migration: true + - name: body_sent.bytes + type: alias + path: http.response.body.bytes + migration: true + - name: server_ip + type: alias + path: destination.address + migration: true + - name: method + type: alias + path: http.request.method + migration: true + - name: url + type: alias + path: url.path + migration: true + - name: query_string + type: alias + path: url.query + migration: true + - name: port + type: alias + path: destination.port + migration: true + - name: user_name + type: alias + path: user.name + migration: true + - name: remote_ip + type: alias + path: source.address + migration: true + - name: referrer + type: alias + path: http.request.referrer + migration: true + - name: response_code + type: alias + path: http.response.status_code + migration: true + - name: http_version + type: alias + path: http.version + migration: true + - name: hostname + type: alias + path: host.hostname + migration: true + - name: user_agent + type: group + fields: + - name: device + type: alias + path: user_agent.device.name + migration: true + - name: name + type: alias + path: user_agent.name + migration: true + - name: os + type: alias + path: user_agent.os.full_name + migration: true + - name: os_name + type: alias + path: user_agent.os.name + migration: true + - name: original + type: alias + path: user_agent.original + migration: true + - name: geoip + type: group + fields: + - name: continent_name + type: alias + path: source.geo.continent_name + migration: true + - name: country_iso_code + type: alias + path: source.geo.country_iso_code + migration: true + - name: location + type: alias + path: source.geo.location + migration: true + - name: region_name + type: alias + path: source.geo.region_name + migration: true + - name: city_name + type: alias + path: source.geo.city_name + migration: true + - name: region_iso_code + type: alias + path: source.geo.region_iso_code + migration: true diff --git a/dev/packages/beats/iis-0.0.1/dataset/error/fields/fields.yml b/dev/packages/beats/iis-0.0.1/dataset/error/fields/fields.yml new file mode 100644 index 000000000..8b26d6b4b --- /dev/null +++ b/dev/packages/beats/iis-0.0.1/dataset/error/fields/fields.yml @@ -0,0 +1,84 @@ +- key: iis + title: "IIS" + description: > + Module for parsing IIS log files. + fields: + - name: iis + type: group + description: > + Fields from IIS log files. + fields: + + - name: error + type: group + description: > + Contains fields for IIS error logs. + fields: + - name: reason_phrase + type: keyword + description: > + The HTTP reason phrase. + - name: queue_name + type: keyword + description: > + The IIS application pool name. + + - name: remote_ip + type: alias + path: source.address + migration: true + - name: remote_port + type: alias + path: source.port + migration: true + - name: server_ip + type: alias + path: destination.address + migration: true + - name: server_port + type: alias + path: destination.port + migration: true + - name: http_version + type: alias + path: http.version + migration: true + - name: method + type: alias + path: http.request.method + migration: true + - name: url + type: alias + path: url.original + migration: true + - name: response_code + type: alias + path: http.response.status_code + migration: true + - name: geoip + type: group + fields: + - name: continent_name + type: alias + path: source.geo.continent_name + migration: true + - name: country_iso_code + type: alias + path: source.geo.country_iso_code + migration: true + - name: location + type: alias + path: source.geo.location + migration: true + - name: region_name + type: alias + path: source.geo.region_name + migration: true + - name: city_name + type: alias + path: source.geo.city_name + migration: true + - name: region_iso_code + type: alias + path: source.geo.region_iso_code + migration: true diff --git a/dev/packages/beats/kafka-0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/kafka-0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 000000000..67ab57123 --- /dev/null +++ b/dev/packages/beats/kafka-0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,44 @@ +- key: kafka + title: "Kafka" + description: > + Kafka module + fields: + - name: kafka + type: group + description: > + fields: + - name: log + type: group + description: > + Kafka log lines. + fields: + - name: level + type: alias + path: log.level + migration: true + - name: message + type: alias + path: message + migration: true + + - name: component + type: keyword + description: > + Component the log is coming from. + - name: class + type: keyword + description: > + Java class the log is coming from. + - name: trace + type: group + description: > + Trace in the log line. + fields: + - name: class + type: keyword + description: > + Java class the trace is coming from. + - name: message + type: text + description: > + Message part of the trace. diff --git a/dev/packages/beats/kibana-0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/kibana-0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 000000000..6a9ae2559 --- /dev/null +++ b/dev/packages/beats/kibana-0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,54 @@ +- key: kibana + title: "kibana" + description: > + kibana Module + fields: + - name: kibana + type: group + description: > + fields: + - name: log + type: group + description: > + Kafka log lines. + fields: + - name: tags + type: keyword + description: > + Kibana logging tags. + - name: state + type: keyword + description: > + Current state of Kibana. + - name: meta + type: object + object_type: keyword + + - name: kibana.log.meta.req.headers.referer + type: alias + path: http.request.referrer + migration: true + - name: kibana.log.meta.req.referer + type: alias + path: http.request.referrer + migration: true + - name: kibana.log.meta.req.headers.user-agent + type: alias + path: user_agent.original + migration: true + - name: kibana.log.meta.req.remoteAddress + type: alias + path: source.address + migration: true + - name: kibana.log.meta.req.url + type: alias + path: url.original + migration: true + - name: kibana.log.meta.statusCode + type: alias + path: http.response.status_code + migration: true + - name: kibana.log.meta.method + type: alias + path: http.request.method + migration: true diff --git a/dev/packages/beats/logstash-0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/logstash-0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 000000000..87a3bc854 --- /dev/null +++ b/dev/packages/beats/logstash-0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,44 @@ +- key: logstash + title: "logstash" + description: > + logstash Module + fields: + - name: logstash + type: group + description: > + fields: + - name: log + title: "Logstash" + type: group + description: > + Fields from the Logstash logs. + fields: + - name: module + type: keyword + description: > + The module or class where the event originate. + - name: thread + type: keyword + description: > + Information about the running thread where the log originate. + multi_fields: + - name: text + type: text + - name: log_event + type: object + description: > + key and value debugging information. + - name: pipeline_id + type: keyword + example: main + description: > + The ID of the pipeline. + + - name: message + type: alias + path: message + migration: true + - name: level + type: alias + path: log.level + migration: true diff --git a/dev/packages/beats/logstash-0.0.1/dataset/slowlog/fields/fields.yml b/dev/packages/beats/logstash-0.0.1/dataset/slowlog/fields/fields.yml new file mode 100644 index 000000000..562e7088e --- /dev/null +++ b/dev/packages/beats/logstash-0.0.1/dataset/slowlog/fields/fields.yml @@ -0,0 +1,63 @@ +- key: logstash + title: "logstash" + description: > + logstash Module + fields: + - name: logstash + type: group + description: > + fields: + - name: slowlog + type: group + description: > + slowlog + fields: + - name: module + type: keyword + description: > + The module or class where the event originate. + - name: thread + type: keyword + description: > + Information about the running thread where the log originate. + multi_fields: + - name: text + type: text + - name: event + type: keyword + description: > + Raw dump of the original event + multi_fields: + - name: text + type: text + - name: plugin_name + type: keyword + description: > + Name of the plugin + - name: plugin_type + type: keyword + description: > + Type of the plugin: Inputs, Filters, Outputs or Codecs. + - name: took_in_millis + type: long + description: > + Execution time for the plugin in milliseconds. + - name: plugin_params + type: keyword + description: > + String value of the plugin configuration + multi_fields: + - name: text + type: text + - name: plugin_params_object + type: object + description: > + key -> value of the configuration used by the plugin. + - name: level + type: alias + path: log.level + migration: true + - name: took_in_nanos + type: alias + path: event.duration + migration: true diff --git a/dev/packages/beats/mongodb-0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/mongodb-0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 000000000..8352e5165 --- /dev/null +++ b/dev/packages/beats/mongodb-0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,34 @@ +- key: mongodb + title: "mongodb" + description: > + Module for parsing MongoDB log files. + fields: + - name: mongodb + type: group + description: > + Fields from MongoDB logs. + fields: + - name: log + type: group + description: > + Contains fields from MongoDB logs. + fields: + - name: component + description: > + Functional categorization of message + example: COMMAND + type: keyword + - name: context + description: > + Context of message + example: initandlisten + type: keyword + + - name: severity + type: alias + path: log.level + migration: true + - name: message + type: alias + path: message + migration: true diff --git a/dev/packages/beats/mssql-0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/mssql-0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 000000000..1fed75b0d --- /dev/null +++ b/dev/packages/beats/mssql-0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,15 @@ +- key: mssql + title: "mssql" + description: MS SQL Filebeat Module + fields: + - name: mssql + type: group + description: Fields from the MSSQL log files + fields: + - name: log + description: Common log fields + type: group + fields: + - name: origin + description: Origin of the message, usually the server but it can also be a recovery process + type: keyword diff --git a/dev/packages/beats/mysql-0.0.1/dataset/error/fields/fields.yml b/dev/packages/beats/mysql-0.0.1/dataset/error/fields/fields.yml new file mode 100644 index 000000000..530ed26fb --- /dev/null +++ b/dev/packages/beats/mysql-0.0.1/dataset/error/fields/fields.yml @@ -0,0 +1,32 @@ +- key: mysql + title: "MySQL" + description: > + Module for parsing the MySQL log files. + short_config: true + fields: + - name: mysql + type: group + description: > + Fields from the MySQL log files. + fields: + - name: thread_id + type: long + description: > + The connection or thread ID for the query. + - name: error + type: group + description: > + Contains fields from the MySQL error logs. + fields: + - name: thread_id + type: alias + path: mysql.thread_id + migration: true + - name: level + type: alias + path: log.level + migration: true + - name: message + type: alias + path: message + migration: true diff --git a/dev/packages/beats/mysql-0.0.1/dataset/slowlog/fields/fields.yml b/dev/packages/beats/mysql-0.0.1/dataset/slowlog/fields/fields.yml new file mode 100644 index 000000000..313e6eea4 --- /dev/null +++ b/dev/packages/beats/mysql-0.0.1/dataset/slowlog/fields/fields.yml @@ -0,0 +1,225 @@ +- key: mysql + title: "MySQL" + description: > + Module for parsing the MySQL log files. + short_config: true + fields: + - name: mysql + type: group + description: > + Fields from the MySQL log files. + fields: + - name: thread_id + type: long + description: > + The connection or thread ID for the query. + - name: slowlog + type: group + description: > + Contains fields from the MySQL slow logs. + fields: + - name: lock_time.sec + type: float + description: > + The amount of time the query waited for the lock to be available. The + value is in seconds, as a floating point number. + - name: rows_sent + type: long + description: > + The number of rows returned by the query. + - name: rows_examined + type: long + description: > + The number of rows scanned by the query. + - name: rows_affected + type: long + description: > + The number of rows modified by the query. + - name: bytes_sent + type: long + format: bytes + description: > + The number of bytes sent to client. + - name: bytes_received + type: long + format: bytes + description: > + The number of bytes received from client. + - name: query + description: > + The slow query. + - name: id + type: alias + path: mysql.thread_id + migration: true + - name: schema + type: keyword + description: > + The schema where the slow query was executed. + - name: current_user + type: keyword + description: > + Current authenticated user, used to determine access privileges. Can differ from the value for user. + - name: last_errno + type: keyword + description: > + Last SQL error seen. + - name: killed + type: keyword + description: > + Code of the reason if the query was killed. + + - name: query_cache_hit + type: boolean + description: > + Whether the query cache was hit. + - name: tmp_table + type: boolean + description: > + Whether a temporary table was used to resolve the query. + - name: tmp_table_on_disk + type: boolean + description: > + Whether the query needed temporary tables on disk. + - name: tmp_tables + type: long + description: > + Number of temporary tables created for this query + - name: tmp_disk_tables + type: long + description: > + Number of temporary tables created on disk for this query. + - name: tmp_table_sizes + type: long + format: bytes + description: + Size of temporary tables created for this query. + - name: filesort + type: boolean + description: > + Whether filesort optimization was used. + - name: filesort_on_disk + type: boolean + description: > + Whether filesort optimization was used and it needed temporary tables on disk. + - name: priority_queue + type: boolean + description: > + Whether a priority queue was used for filesort. + - name: full_scan + type: boolean + description: > + Whether a full table scan was needed for the slow query. + - name: full_join + type: boolean + description: > + Whether a full join was needed for the slow query (no indexes were used for joins). + - name: merge_passes + type: long + description: > + Number of merge passes executed for the query. + - name: sort_merge_passes + type: long + description: > + Number of merge passes that the sort algorithm has had to do. + - name: sort_range_count + type: long + description: > + Number of sorts that were done using ranges. + - name: sort_rows + type: long + description: > + Number of sorted rows. + - name: sort_scan_count + type: long + description: > + Number of sorts that were done by scanning the table. + - name: log_slow_rate_type + type: keyword + description: > + Type of slow log rate limit, it can be `session` if the rate limit + is applied per session, or `query` if it applies per query. + - name: log_slow_rate_limit + type: keyword + description: > + Slow log rate limit, a value of 100 means that one in a hundred queries + or sessions are being logged. + - name: read_first + type: long + description: > + The number of times the first entry in an index was read. + - name: read_last + type: long + description: > + The number of times the last key in an index was read. + - name: read_key + type: long + description: > + The number of requests to read a row based on a key. + - name: read_next + type: long + description: > + The number of requests to read the next row in key order. + - name: read_prev + type: long + description: > + The number of requests to read the previous row in key order. + - name: read_rnd + type: long + description: > + The number of requests to read a row based on a fixed position. + - name: read_rnd_next + type: long + description: > + The number of requests to read the next row in the data file. + + # https://www.percona.com/doc/percona-server/5.7/diagnostics/slow_extended.html + - name: innodb + type: group + description: > + Contains fields relative to InnoDB engine + fields: + - name: trx_id + type: keyword + description: > + Transaction ID + - name: io_r_ops + type: long + description: > + Number of page read operations. + - name: io_r_bytes + type: long + format: bytes + description: > + Bytes read during page read operations. + - name: io_r_wait.sec + type: long + description: > + How long it took to read all needed data from storage. + - name: rec_lock_wait.sec + type: long + description: > + How long the query waited for locks. + - name: queue_wait.sec + type: long + description: > + How long the query waited to enter the InnoDB queue and to be executed once + in the queue. + - name: pages_distinct + type: long + description: > + Approximated count of pages accessed to execute the query. + + - name: user + type: alias + path: user.name + migration: true + - name: host + type: alias + path: source.domain + migration: true + - name: ip + type: alias + path: source.ip + migration: true + diff --git a/dev/packages/beats/nats-0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/nats-0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 000000000..eb4ab468f --- /dev/null +++ b/dev/packages/beats/nats-0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,64 @@ +- key: nats + title: "nats" + description: > + Module for parsing NATS log files. + release: beta + fields: + - name: nats + type: group + description: > + Fields from NATS logs. + fields: + - name: log + type: group + description: > + Nats log files + release: beta + fields: + - name: client + type: group + description: > + Fields from NATS logs client. + fields: + - name: id + type: integer + description: > + The id of the client + - name: msg + type: group + description: > + Fields from NATS logs message. + fields: + - name: bytes + type: long + format: bytes + description: > + Size of the payload in bytes + - name: type + type: keyword + description: > + The protocol message type + - name: subject + type: keyword + description: > + Subject name this message was received on + - name: sid + type: integer + description: > + The unique alphanumeric subscription ID of the subject + - name: reply_to + type: keyword + description: > + The inbox subject on which the publisher is listening for responses + - name: max_messages + type: integer + description: > + An optional number of messages to wait for before automatically unsubscribing + - name: error.message + type: text + description: > + Details about the error occurred + - name: queue_group + type: text + description: > + The queue group which subscriber will join diff --git a/dev/packages/beats/nginx-0.0.1/dataset/access/fields/fields.yml b/dev/packages/beats/nginx-0.0.1/dataset/access/fields/fields.yml new file mode 100644 index 000000000..a4c670e84 --- /dev/null +++ b/dev/packages/beats/nginx-0.0.1/dataset/access/fields/fields.yml @@ -0,0 +1,107 @@ +- key: nginx + title: "Nginx" + description: > + Module for parsing the Nginx log files. + short_config: true + fields: + - name: nginx + type: group + description: > + Fields from the Nginx log files. + fields: + - name: access + type: group + description: > + Contains fields for the Nginx access logs. + fields: + - name: remote_ip_list + type: array + description: > + An array of remote IP addresses. It is a list because it is common to include, besides the client + IP address, IP addresses from headers like `X-Forwarded-For`. + Real source IP is restored to `source.ip`. + + - name: body_sent.bytes + type: alias + path: http.response.body.bytes + migration: true + - name: user_name + type: alias + path: user.name + migration: true + - name: method + type: alias + path: http.request.method + migration: true + - name: url + type: alias + path: url.original + migration: true + - name: http_version + type: alias + path: http.version + migration: true + - name: response_code + type: alias + path: http.response.status_code + migration: true + - name: referrer + type: alias + path: http.request.referrer + migration: true + - name: agent + type: alias + path: user_agent.original + migration: true + + - name: user_agent + type: group + fields: + - name: device + type: alias + path: user_agent.device.name + migration: true + - name: name + type: alias + path: user_agent.name + migration: true + - name: os + type: alias + path: user_agent.os.full_name + migration: true + - name: os_name + type: alias + path: user_agent.os.name + migration: true + - name: original + type: alias + path: user_agent.original + migration: true + + - name: geoip + type: group + fields: + - name: continent_name + type: alias + path: source.geo.continent_name + migration: true + - name: country_iso_code + type: alias + path: source.geo.country_iso_code + migration: true + - name: location + type: alias + path: source.geo.location + migration: true + - name: region_name + type: alias + path: source.geo.region_name + migration: true + - name: city_name + type: alias + path: source.geo.city_name + migration: true + - name: region_iso_code + type: alias + path: source.geo.region_iso_code + migration: true diff --git a/dev/packages/beats/nginx-0.0.1/dataset/error/fields/fields.yml b/dev/packages/beats/nginx-0.0.1/dataset/error/fields/fields.yml new file mode 100644 index 000000000..f8e47b551 --- /dev/null +++ b/dev/packages/beats/nginx-0.0.1/dataset/error/fields/fields.yml @@ -0,0 +1,37 @@ +- key: nginx + title: "Nginx" + description: > + Module for parsing the Nginx log files. + short_config: true + fields: + - name: nginx + type: group + description: > + Fields from the Nginx log files. + fields: + - name: error + type: group + description: > + Contains fields for the Nginx error logs. + fields: + - name: connection_id + type: long + description: > + Connection identifier. + + - name: level + type: alias + path: log.level + migration: true + - name: pid + type: alias + path: process.pid + migration: true + - name: tid + type: alias + path: process.thread.id + migration: true + - name: message + type: alias + path: message + migration: true diff --git a/dev/packages/beats/nginx-0.0.1/dataset/ingress_controller/fields/fields.yml b/dev/packages/beats/nginx-0.0.1/dataset/ingress_controller/fields/fields.yml new file mode 100644 index 000000000..b675f17c1 --- /dev/null +++ b/dev/packages/beats/nginx-0.0.1/dataset/ingress_controller/fields/fields.yml @@ -0,0 +1,153 @@ +- key: nginx + title: "Nginx" + description: > + Module for parsing the Nginx log files. + short_config: true + fields: + - name: nginx + type: group + description: > + Fields from the Nginx log files. + fields: + - name: ingress_controller + type: group + description: > + Contains fields for the Ingress Nginx controller access logs. + fields: + - name: remote_ip_list + type: array + description: > + An array of remote IP addresses. It is a list because it is common to include, besides the client + IP address, IP addresses from headers like `X-Forwarded-For`. + Real source IP is restored to `source.ip`. + + # ingress-controller specific fields + - name: http.request.length + type: long + format: bytes + description: > + The request length (including request line, header, and request body) + - name: http.request.time + type: double + format: duration + description: > + Time elapsed since the first bytes were read from the client + - name: upstream.name + type: text + description: > + The name of the upstream. + - name: upstream.alternative_name + type: text + description: > + The name of the alternative upstream. + - name: upstream.response.length + type: long + format: bytes + description: > + The length of the response obtained from the upstream server + - name: upstream.response.time + type: double + format: duration + description: > + The time spent on receiving the response from the upstream server as seconds with millisecond resolution + - name: upstream.response.status_code + type: long + description: > + The status code of the response obtained from the upstream server + - name: http.request.id + type: text + description: > + The randomly generated ID of the request + - name: upstream.ip + type: ip + description: > + The IP address of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas. + - name: upstream.port + type: long + description: > + The port of the upstream server. + + - name: body_sent.bytes + type: alias + path: http.response.body.bytes + migration: true + - name: user_name + type: alias + path: user.name + migration: true + - name: method + type: alias + path: http.request.method + migration: true + - name: url + type: alias + path: url.original + migration: true + - name: http_version + type: alias + path: http.version + migration: true + - name: response_code + type: alias + path: http.response.status_code + migration: true + - name: referrer + type: alias + path: http.request.referrer + migration: true + - name: agent + type: alias + path: user_agent.original + migration: true + + - name: user_agent + type: group + fields: + - name: device + type: alias + path: user_agent.device.name + migration: true + - name: name + type: alias + path: user_agent.name + migration: true + - name: os + type: alias + path: user_agent.os.full_name + migration: true + - name: os_name + type: alias + path: user_agent.os.name + migration: true + - name: original + type: alias + path: user_agent.original + migration: true + + - name: geoip + type: group + fields: + - name: continent_name + type: alias + path: source.geo.continent_name + migration: true + - name: country_iso_code + type: alias + path: source.geo.country_iso_code + migration: true + - name: location + type: alias + path: source.geo.location + migration: true + - name: region_name + type: alias + path: source.geo.region_name + migration: true + - name: city_name + type: alias + path: source.geo.city_name + migration: true + - name: region_iso_code + type: alias + path: source.geo.region_iso_code + migration: true diff --git a/dev/packages/beats/postgresql-0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/postgresql-0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 000000000..b99a919e8 --- /dev/null +++ b/dev/packages/beats/postgresql-0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,66 @@ +- key: postgresql + title: "PostgreSQL" + description: > + Module for parsing the PostgreSQL log files. + short_config: true + fields: + - name: postgresql + type: group + description: > + Fields from PostgreSQL logs. + fields: + - name: log + type: group + description: > + Fields from the PostgreSQL log files. + fields: + - name: timestamp + deprecated: 7.3.0 + description: > + The timestamp from the log line. + - name: core_id + type: long + description: > + Core id + - name: database + example: "mydb" + description: > + Name of database + - name: query + example: "SELECT * FROM users;" + description: > + Query statement. + - name: query_step + example: "parse" + description: > + Statement step when using extended query protocol (one of statement, parse, bind or execute) + - name: query_name + example: "pdo_stmt_00000001" + description: > + Name given to a query when using extended query protocol. If it is "", or not present, + this field is ignored. + + - name: error.code + type: long + description: Error code returned by Postgres (if any) + + - name: timezone + type: alias + path: event.timezone + migration: true + - name: thread_id + type: alias + path: process.pid + migration: true + - name: user + type: alias + path: user.name + migration: true + - name: level + type: alias + path: log.level + migration: true + - name: message + type: alias + path: message + migration: true diff --git a/dev/packages/beats/rabbitmq-0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/rabbitmq-0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 000000000..05df3e759 --- /dev/null +++ b/dev/packages/beats/rabbitmq-0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,18 @@ +- key: rabbitmq + title: "RabbitMQ" + description: > + RabbitMQ Module + fields: + - name: rabbitmq + type: group + description: > + fields: + - name: log + type: group + description: > + RabbitMQ log files + fields: + - name: pid + type: keyword + description: The Erlang process id + example: <0.222.0> diff --git a/dev/packages/beats/redis-0.0.1/dataset/log/fields/fields.yml b/dev/packages/beats/redis-0.0.1/dataset/log/fields/fields.yml new file mode 100644 index 000000000..a6aefd994 --- /dev/null +++ b/dev/packages/beats/redis-0.0.1/dataset/log/fields/fields.yml @@ -0,0 +1,32 @@ +- key: redis + title: "Redis" + description: > + Redis Module + fields: + - name: redis + type: group + description: > + fields: + - name: log + type: group + description: > + Redis log files + fields: + - name: role + type: keyword + description: > + The role of the Redis instance. Can be one of `master`, `slave`, `child` (for RDF/AOF writing child), + or `sentinel`. + + - name: pid + type: alias + path: process.pid + migration: true + - name: level + type: alias + path: log.level + migration: true + - name: message + type: alias + path: message + migration: true diff --git a/dev/packages/beats/redis-0.0.1/dataset/slowlog/fields/fields.yml b/dev/packages/beats/redis-0.0.1/dataset/slowlog/fields/fields.yml new file mode 100644 index 000000000..72680ccc4 --- /dev/null +++ b/dev/packages/beats/redis-0.0.1/dataset/slowlog/fields/fields.yml @@ -0,0 +1,34 @@ +- key: redis + title: "Redis" + description: > + Redis Module + fields: + - name: redis + type: group + description: > + fields: + - name: slowlog + type: group + description: > + Slow logs are retrieved from Redis via a network connection. + fields: + - name: cmd + type: keyword + description: > + The command executed. + - name: duration.us + type: long + description: > + How long it took to execute the command in microseconds. + - name: id + type: long + description: > + The ID of the query. + - name: key + type: keyword + description: > + The key on which the command was executed. + - name: args + type: keyword + description: > + The arguments with which the command was called. diff --git a/dev/packages/beats/system-0.0.1/dataset/auth/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/auth/fields/fields.yml new file mode 100644 index 000000000..cac5cd8fa --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/auth/fields/fields.yml @@ -0,0 +1,158 @@ +- key: system + title: "System" + description: > + Module for parsing system log files. + short_config: true + fields: + - name: system + type: group + description: > + Fields from the system log files. + fields: + - name: auth + type: group + description: > + Fields from the Linux authorization logs. + fields: + - name: timestamp + type: alias + path: '@timestamp' + migration: true + - name: hostname + type: alias + path: host.hostname + migration: true + - name: program + type: alias + path: process.name + migration: true + - name: pid + type: alias + path: process.pid + migration: true + - name: message + type: alias + path: message + migration: true + - name: user + type: alias + path: user.name + migration: true + + - name: ssh + type: group + fields: + - name: method + description: > + The SSH authentication method. Can be one of "password" or "publickey". + - name: signature + description: > + The signature of the client public key. + - name: dropped_ip + type: ip + description: > + The client IP from SSH connections that are open and immediately dropped. + + - name: event + example: Accepted + description: > + The SSH event as found in the logs (Accepted, Invalid, Failed, etc.) + + - name: ip + type: alias + path: source.ip + migration: true + - name: port + type: alias + path: source.port + migration: true + + - name: geoip + type: group + fields: + - name: continent_name + type: alias + path: source.geo.continent_name + migration: true + - name: country_iso_code + type: alias + path: source.geo.country_iso_code + migration: true + - name: location + type: alias + path: source.geo.location + migration: true + - name: region_name + type: alias + path: source.geo.region_name + migration: true + - name: city_name + type: alias + path: source.geo.city_name + migration: true + - name: region_iso_code + type: alias + path: source.geo.region_iso_code + migration: true + + - name: sudo + type: group + description: > + Fields specific to events created by the `sudo` command. + fields: + - name: error + example: user NOT in sudoers + description: > + The error message in case the sudo command failed. + - name: tty + description: > + The TTY where the sudo command is executed. + - name: pwd + description: > + The current directory where the sudo command is executed. + - name: user + example: root + description: > + The target user to which the sudo command is switching. + - name: command + description: > + The command executed via sudo. + + - name: useradd + type: group + description: > + Fields specific to events created by the `useradd` command. + fields: + - name: home + description: + The home folder for the new user. + - name: shell + description: + The default shell for the new user. + + - name: name + type: alias + path: user.name + migration: true + - name: uid + type: alias + path: user.id + migration: true + - name: gid + type: alias + path: group.id + migration: true + + - name: groupadd + type: group + description: > + Fields specific to events created by the `groupadd` command. + fields: + - name: name + type: alias + path: group.name + migration: true + - name: gid + type: alias + path: group.id + migration: true diff --git a/dev/packages/beats/system-0.0.1/dataset/syslog/fields/fields.yml b/dev/packages/beats/system-0.0.1/dataset/syslog/fields/fields.yml new file mode 100644 index 000000000..f7e9b6c1e --- /dev/null +++ b/dev/packages/beats/system-0.0.1/dataset/syslog/fields/fields.yml @@ -0,0 +1,36 @@ +- key: system + title: "System" + description: > + Module for parsing system log files. + short_config: true + fields: + - name: system + type: group + description: > + Fields from the system log files. + fields: + - name: syslog + type: group + description: > + Contains fields from the syslog system logs. + fields: + - name: timestamp + type: alias + path: '@timestamp' + migration: true + - name: hostname + type: alias + path: host.hostname + migration: true + - name: program + type: alias + path: process.name + migration: true + - name: pid + type: alias + path: process.pid + migration: true + - name: message + type: alias + path: message + migration: true diff --git a/dev/packages/beats/traefik-0.0.1/dataset/access/fields/fields.yml b/dev/packages/beats/traefik-0.0.1/dataset/access/fields/fields.yml new file mode 100644 index 000000000..765473a41 --- /dev/null +++ b/dev/packages/beats/traefik-0.0.1/dataset/access/fields/fields.yml @@ -0,0 +1,110 @@ +- key: traefik + title: "Traefik" + description: > + Module for parsing the Traefik log files. + fields: + - name: traefik + type: group + description: > + Fields from the Traefik log files. + fields: + - name: access + type: group + description: > + Contains fields for the Traefik access logs. + fields: + - name: user_identifier + type: keyword + description: > + Is the RFC 1413 identity of the client + - name: request_count + type: long + description: > + The number of requests + - name: frontend_name + type: keyword + description: > + The name of the frontend used + - name: backend_url + type: keyword + description: + The url of the backend where request is forwarded + + - name: body_sent.bytes + type: alias + path: http.response.body.bytes + migration: true + - name: remote_ip + type: alias + path: source.address + migration: true + - name: user_name + type: alias + path: user.name + migration: true + - name: method + type: alias + path: http.request.method + migration: true + - name: url + type: alias + path: url.original + migration: true + - name: http_version + type: alias + path: http.version + migration: true + - name: response_code + type: alias + path: http.response.status_code + migration: true + - name: referrer + type: alias + path: http.request.referrer + migration: true + - name: agent + type: alias + path: user_agent.original + migration: true + + - name: user_agent + type: group + fields: + - name: device + type: alias + path: user_agent.device.name + - name: name + type: alias + path: user_agent.name + - name: os + type: alias + path: user_agent.os.full_name + - name: os_name + type: alias + path: user_agent.os.name + - name: original + type: alias + path: user_agent.original + + - name: geoip + type: group + fields: + - name: continent_name + type: alias + path: source.geo.continent_name + - name: country_iso_code + type: alias + path: source.geo.country_iso_code + - name: location + type: alias + path: source.geo.location + - name: region_name + type: alias + path: source.geo.region_name + - name: city_name + type: alias + path: source.geo.city_name + - name: region_iso_code + type: alias + path: source.geo.region_iso_code + From cdddbd58fe90585a8ae6e0e876e4eed1905db81a Mon Sep 17 00:00:00 2001 From: Marcin Tojek Date: Thu, 5 Mar 2020 18:36:54 +0100 Subject: [PATCH 6/6] Fix: formatting --- dev/import-beats/datasets.go | 4 ++-- dev/import-beats/packages.go | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dev/import-beats/datasets.go b/dev/import-beats/datasets.go index 0c3066752..0fbe19b0f 100644 --- a/dev/import-beats/datasets.go +++ b/dev/import-beats/datasets.go @@ -40,11 +40,11 @@ func createDatasets(modulePath string) (map[string]datasetContent, error) { _, err := os.Stat(path.Join(modulePath, datasetName, "_meta")) if os.IsNotExist(err) { - log.Printf("\tSkipped '%s' - not a valid dataset\n", datasetName) + log.Printf("\t%s: not a valid dataset, skipped", datasetName) continue } - log.Printf("\tFound dataset '%s'\n", datasetName) + log.Printf("\t%s: dataset found", datasetName) content := datasetContent{} fieldsFiles, err := loadDatasetFields(modulePath, datasetName) diff --git a/dev/import-beats/packages.go b/dev/import-beats/packages.go index 0b162cbd6..eba38422a 100644 --- a/dev/import-beats/packages.go +++ b/dev/import-beats/packages.go @@ -72,9 +72,9 @@ func (r *packageRepository) createPackagesFromSource(beatsDir, beatName, package } moduleName := moduleDir.Name() - log.Printf("Found module '%s:%s'\n", beatName, moduleName) + log.Printf("%s %s: module found\n", beatName, moduleName) if _, ok := ignoredModules[moduleName]; ok { - log.Printf("Ignoring '%s:%s'\n", beatName, moduleName) + log.Printf("%s %s: module skipped\n", beatName, moduleName) continue } @@ -104,7 +104,7 @@ func (r *packageRepository) save(outputDir string) error { for packageName, content := range r.packages { manifest := content.manifest - log.Printf("Writing package data '%s' (version: %s)\n", packageName, manifest.Version) + log.Printf("%s-%s write package content\n", packageName, manifest.Version) packagePath := filepath.Join(outputDir, packageName+"-"+manifest.Version) err := os.MkdirAll(packagePath, 0755) @@ -138,7 +138,7 @@ func (r *packageRepository) save(outputDir string) error { } for fieldsFileName, fieldsFile := range dataset.fields.files { - log.Printf("\tWriting file '%s' for dataset '%s'\n", fieldsFileName, datasetName) + log.Printf("\t%s: write '%s' file\n", datasetName, fieldsFileName) fieldsFilePath := filepath.Join(datasetFieldsPath, fieldsFileName) err = ioutil.WriteFile(fieldsFilePath, fieldsFile, 0644)