Introduce aliases for 7.x fields in 6.x (#9283)

This introduces for aliases for fields which will exist in 7.x and a 1-1 mapping is possible. Having this fields already around makes sure we do not use them otherwise.

auditbeat/docs/fields.asciidoc

@@ -12,6 +12,7 @@ This file is generated! See _meta/fields.yml and scripts/generate_field_docs.py
 This document describes the fields that are exported by Auditbeat. They are
 grouped in the following categories:
 
+* <<exported-fields-alias>>
 * <<exported-fields-auditd>>
 * <<exported-fields-beat>>
 * <<exported-fields-cloud>>
@@ -22,6 +23,121 @@ grouped in the following categories:
 * <<exported-fields-kubernetes-processor>>
 
 --
+[[exported-fields-alias]]
+== Alias fields
+
+Alias fields for compatibility with 7.x.
+
+
+
+*`host.hostname`*::
++
+--
+type: alias
+
+alias to: beat.hostname
+
+--
+
+*`event.timezone`*::
++
+--
+type: alias
+
+alias to: beat.timezone
+
+--
+
+*`cloud.provider`*::
++
+--
+type: alias
+
+alias to: meta.cloud.provider
+
+--
+
+*`cloud.instance.id`*::
++
+--
+type: alias
+
+alias to: meta.cloud.instance_id
+
+--
+
+*`cloud.instance.name`*::
++
+--
+type: alias
+
+alias to: meta.cloud.instance_name
+
+--
+
+*`cloud.machine.type`*::
++
+--
+type: alias
+
+alias to: meta.cloud.machine_type
+
+--
+
+*`cloud.availability_zone`*::
++
+--
+type: alias
+
+alias to: meta.cloud.availability_zone
+
+--
+
+*`cloud.project.id`*::
++
+--
+type: alias
+
+alias to: meta.cloud.project_id
+
+--
+
+*`cloud.region`*::
++
+--
+type: alias
+
+alias to: meta.cloud.region
+
+--
+
+*`container.id`*::
++
+--
+type: alias
+
+alias to: docker.container.id
+
+--
+
+*`container.name`*::
++
+--
+type: alias
+
+alias to: docker.container.name
+
+--
+
+*`container.image.name`*::
++
+--
+type: alias
+
+alias to: docker.container.image
+
+--
+
 [[exported-fields-auditd]]
 == Auditd fields
 

dev-tools/ecs-migration.yml

@@ -0,0 +1,72 @@
+# The ECS migration file contains the information about all the Beats fields which are migrated to ECS in 7.0.
+# The goal of the file is to potentially have scripts on top of this information to convert visualisations and templates
+# based on this information in an automated way and to keep track of all changes which were applied.
+#
+# The format of the file is as following:
+#
+# - from: source-field-in-6.x
+#   to: target-filed-in-ECS
+#   # Alias field is useful for fields where many-1 mapping from new to old are needed
+#   alias: true-if-alias-is-required-in-7
+#   # Alias6 field is useful for fields where there is a 1-1 mapping from old to new. If absent, defaults to false.
+#   alias6: true-if-alias-is-required-in-6
+#   # Copy to is useful for fields where multiple fields map to the same ECS field
+#   copy_to: true-if-field-should-be-copied-to-target-in-6x
+
+# Beat fields
+
+- from: beat.hostname
+  to: host.hostname
+  alias6: true
+  alias: true
+
+- from: beat.timezone
+  to: event.timezone
+  alias6: true
+  alias: true
+
+# Cloud processor fields
+- to: cloud.provider
+  from: meta.cloud.provider
+  alias6: true
+- to: cloud.instance.id
+  from: meta.cloud.instance_id
+  alias6: true
+- to: cloud.instance.name
+  from: meta.cloud.instance_name
+  alias6: true
+- to: cloud.machine.type
+  from: meta.cloud.machine_type
+  alias6: true
+- to: cloud.availability_zone
+  from: meta.cloud.availability_zone
+  alias6: true
+- to: cloud.project.id
+  from: meta.cloud.project_id
+  alias6: true
+- to: cloud.region
+  from: meta.cloud.region
+  alias6: true
+
+# Docker processor fields
+- to: container.name
+  from: docker.container.name
+  alias6: true
+
+- to: container.image.name
+  from: docker.container.image
+  alias6: true
+
+- to: container.id
+  from: docker.container.id
+  alias6: true
+
+# Filebeat fields
+- to: event.module
+  from: fileset.module
+  index: filebeat
+
+# Metricbeat fields
+- to: event.module
+  from: metricset.module
+  index: metricbeat

filebeat/_meta/fields.common.yml

@@ -370,3 +370,8 @@
           type: long
           description: File size in bytes (field is only added when `type` is
             `file`).
+
+    # Alias compatibility fields
+    - name: event.module
+      type: alias
+      path: fileset.module

filebeat/docs/fields.asciidoc

@@ -12,6 +12,7 @@ This file is generated! See _meta/fields.yml and scripts/generate_field_docs.py
 This document describes the fields that are exported by Filebeat. They are
 grouped in the following categories:
 
+* <<exported-fields-alias>>
 * <<exported-fields-apache2>>
 * <<exported-fields-auditd>>
 * <<exported-fields-beat>>
@@ -37,6 +38,121 @@ grouped in the following categories:
 * <<exported-fields-traefik>>
 
 --
+[[exported-fields-alias]]
+== Alias fields
+
+Alias fields for compatibility with 7.x.
+
+
+
+*`host.hostname`*::
++
+--
+type: alias
+
+alias to: beat.hostname
+
+--
+
+*`event.timezone`*::
++
+--
+type: alias
+
+alias to: beat.timezone
+
+--
+
+*`cloud.provider`*::
++
+--
+type: alias
+
+alias to: meta.cloud.provider
+
+--
+
+*`cloud.instance.id`*::
++
+--
+type: alias
+
+alias to: meta.cloud.instance_id
+
+--
+
+*`cloud.instance.name`*::
++
+--
+type: alias
+
+alias to: meta.cloud.instance_name
+
+--
+
+*`cloud.machine.type`*::
++
+--
+type: alias
+
+alias to: meta.cloud.machine_type
+
+--
+
+*`cloud.availability_zone`*::
++
+--
+type: alias
+
+alias to: meta.cloud.availability_zone
+
+--
+
+*`cloud.project.id`*::
++
+--
+type: alias
+
+alias to: meta.cloud.project_id
+
+--
+
+*`cloud.region`*::
++
+--
+type: alias
+
+alias to: meta.cloud.region
+
+--
+
+*`container.id`*::
++
+--
+type: alias
+
+alias to: docker.container.id
+
+--
+
+*`container.name`*::
++
+--
+type: alias
+
+alias to: docker.container.name
+
+--
+
+*`container.image.name`*::
++
+--
+type: alias
+
+alias to: docker.container.image
+
+--
+
 [[exported-fields-apache2]]
 == Apache2 fields
 
@@ -3557,6 +3673,15 @@ File size in bytes (field is only added when `type` is `file`).
 
 --
 
+*`event.module`*::
++
+--
+type: alias
+
+alias to: fileset.module
+
+--
+
 [[exported-fields-logstash]]
 == logstash fields