diff --git a/packages/elastic_agent/1.3.1/changelog.yml b/packages/elastic_agent/1.3.1/changelog.yml deleted file mode 100755 index b859ec2b3a..0000000000 --- a/packages/elastic_agent/1.3.1/changelog.yml +++ /dev/null @@ -1,64 +0,0 @@ -# newer versions go on top -- version: "1.3.1" - changes: - - description: Fix missing ecs.version mapping - type: bugfix - link: | - https://github.com/elastic/integrations/pull/2844 -- version: "1.3.0" - changes: - - description: Update compatibility of package to be compatible with 8.0.x - type: enhancement - link: | - https://github.com/elastic/integrations/pull/2125 -- version: "1.2.2" - changes: - - description: Uniform with guidelines - type: enhancement - link: | - https://github.com/elastic/integrations/pull/2015 -- version: "1.2.1" - changes: - - description: Fix dashboard default filter - type: bugfix - link: https://github.com/elastic/integrations/pull/1547 -- version: "1.2.0" - changes: - - description: Update dashboard to CGroup CPU usage and events rates visualization and add Elastic Agent logo - type: enhancement - link: https://github.com/elastic/integrations/pull/1529 -- version: "1.1.1" - changes: - - description: Fix missing support for heartbeat metrics and logs - type: bugfix - link: https://github.com/elastic/integrations/pull/? -- version: "1.1.0" - changes: - - description: Add mappings for all metrics and logs shipped by Elastic Agent and its sub processes. - type: enhancement - link: https://github.com/elastic/integrations/pull/1298 -- version: "1.0.0" - changes: - - description: Make integration GA. - type: enhancement - link: https://github.com/elastic/integrations/pull/1431 -- version: "0.1.0" - changes: - - description: Update integration description - type: enhancement - link: https://github.com/elastic/integrations/pull/1364 -- version: "0.0.7" - changes: - - description: Fix typo in dashboard - type: bugfix # can be one of: enhancement, bugfix, breaking-change - link: https://github.com/elastic/integrations/pull/962 -- version: "0.0.6" - changes: - - description: Fix README, icons and add screenshot - type: bugfix # can be one of: enhancement, bugfix, breaking-change - link: https://github.com/elastic/integrations/pull/793 -- version: "0.0.5" - changes: - - description: initial release - type: enhancement # can be one of: enhancement, bugfix, breaking-change - link: https://github.com/elastic/integrations/pull/462 diff --git a/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/fields/base-fields.yml deleted file mode 100755 index accc7eb667..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/fields/base-fields.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. -- name: event.dataset - type: constant_keyword - description: Event dataset diff --git a/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/fields/ecs.yml deleted file mode 100755 index fcdde86458..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/fields/ecs.yml +++ /dev/null @@ -1,14 +0,0 @@ -- external: ecs - name: ecs.version -- name: log - title: Log - group: 2 - description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." - type: group - fields: - - name: level - level: core - type: keyword - ignore_above: 1024 - description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/fields/fields.yml deleted file mode 100755 index 24771ec504..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/fields/fields.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: message - type: text - title: Log Message -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/manifest.yml deleted file mode 100755 index c877433f7d..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/apm_server_logs/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.apm_server -type: logs -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/base-fields.yml deleted file mode 100755 index 0d1791ffed..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/base-fields.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/beat-fields.yml b/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/beat-fields.yml deleted file mode 100755 index 0c063d19ae..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/beat-fields.yml +++ /dev/null @@ -1,81 +0,0 @@ -- name: beat.type - descripion: Beat type. - type: keyword -- name: beat.stats - description: Beat stats - type: group - fields: - - name: libbeat - type: group - description: > - Fields common to all Beats - - fields: - - name: output - type: group - description: > - Output stats - - fields: - - name: events - type: group - description: > - Event counters - - fields: - - name: acked - type: long - description: > - Number of events acknowledged - - - name: active - type: long - description: > - Number of active events - - - name: batches - type: long - description: > - Number of event batches - - - name: dropped - type: long - description: > - Number of events dropped - - - name: duplicates - type: long - description: > - Number of events duplicated - - - name: failed - type: long - description: > - Number of events failed - - - name: toomany - type: long - description: > - Number of too many events - - - name: total - type: long - description: > - Total number of events - - - name: write - type: group - description: > - Write stats - - fields: - - name: bytes - type: long - description: > - Number of bytes written - - - name: errors - type: long - description: > - Number of write errors - diff --git a/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/ecs.yml deleted file mode 100755 index 32b642ce16..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/ecs.yml +++ /dev/null @@ -1,2 +0,0 @@ -- external: ecs - name: ecs.version diff --git a/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/fields.yml deleted file mode 100755 index a516126a23..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/fields/fields.yml +++ /dev/null @@ -1,419 +0,0 @@ -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 -- name: system.process - type: group - fields: - - name: cpu - type: group - fields: - - name: user.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in user space. - - name: total.value - type: long - metric_type: counter - description: | - The value of CPU usage since starting the process. - - name: system.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in kernel space. - - name: total.ticks - type: long - metric_type: counter - description: | - The total CPU time spent by the process. - - name: total.time.ms - type: date - description: | - The time when the process was started. - - name: user.time.ms - type: date - description: | - The time when the process was started. - - name: system.time.ms - type: date - description: | - The time when the process was started. - - name: memory - type: group - fields: - - name: size - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The total virtual memory the process has. On Windows this represents the Commit Charge (the total amount of memory that the memory manager has committed for a running process) value in bytes for this process. - - name: fd - type: group - fields: - - name: open - type: long - metric_type: gauge - description: The number of file descriptors open by the process. - - name: limit.soft - type: long - metric_type: gauge - description: | - The soft limit on the number of file descriptors opened by the process. The soft limit can be changed by the process at any time. - - name: limit.hard - type: long - metric_type: gauge - description: | - The hard limit on the number of file descriptors opened by the process. The hard limit can only be raised by root. - - name: cgroup - type: group - fields: - - name: id - type: keyword - description: | - The ID common to all cgroups associated with this task. If there isn't a common ID used by all cgroups this field will be absent. - - name: path - type: keyword - description: | - The path to the cgroup relative to the cgroup subsystem's mountpoint. If there isn't a common path used by all cgroups this field will be absent. - - name: cpu - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: cfs.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources should be reallocated. - - name: cfs.quota.us - type: long - unit: micros - description: | - Total amount of time in microseconds for which all tasks in a cgroup can run during one period (as defined by cfs.period.us). - - name: cfs.shares - type: long - description: | - An integer value that specifies a relative share of CPU time available to the tasks in a cgroup. The value specified in the cpu.shares file must be 2 or higher. - - name: rt.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources is reallocated. - - name: rt.runtime.us - type: long - unit: micros - description: | - Period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources. - - name: stats.periods - type: long - metric_type: counter - description: | - Number of period intervals (as specified in cpu.cfs.period.us) that have elapsed. - - name: stats.throttled.periods - type: long - metric_type: counter - description: | - Number of times tasks in a cgroup have been throttled (that is, not allowed to run because they have exhausted all of the available time as specified by their quota). - - name: stats.throttled.ns - type: long - metric_type: counter - unit: nanos - description: | - The total time duration (in nanoseconds) for which tasks in a cgroup have been throttled. - - name: cpuacct - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: total.ns - type: long - metric_type: counter - unit: nanos - description: | - Total CPU time in nanoseconds consumed by all tasks in the cgroup. - - name: stats.user.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user mode. - - name: stats.system.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user (kernel) mode. - - name: percpu - type: object - description: | - CPU time (in nanoseconds) consumed on each CPU by all tasks in this cgroup. - - name: memory - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: mem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage by processes in the cgroup (in bytes). - - name: mem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used by processes in the cgroup (in bytes). - - name: mem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of user memory in bytes (including file cache) that tasks in the cgroup are allowed to use. - - name: mem.failures - type: long - description: | - The number of times that the memory limit (mem.limit.bytes) was reached. - - name: memsw.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The sum of current memory usage plus swap space used by processes in the cgroup (in bytes). - - name: memsw.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory and swap space used by processes in the cgroup (in bytes). - - name: memsw.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount for the sum of memory and swap usage that tasks in the cgroup are allowed to use. - - name: memsw.failures - type: long - unit: byte - metric_type: gauge - description: | - The number of times that the memory plus swap space limit (memsw.limit.bytes) was reached. - - name: kmem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total kernel memory usage by processes in the cgroup (in bytes). - - name: kmem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum kernel memory used by processes in the cgroup (in bytes). - - name: kmem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of kernel memory that tasks in the cgroup are allowed to use. - - name: kmem.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem.limit.bytes) was reached. - - name: kmem_tcp.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage for TCP buffers in bytes. - - name: kmem_tcp.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used for TCP buffers by processes in the cgroup (in bytes). - - name: kmem_tcp.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory for TCP buffers that tasks in the cgroup are allowed to use. - - name: kmem_tcp.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem_tcp.limit.bytes) was reached. - - name: stats.active_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs (shmem), in bytes. - - name: stats.active_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: File-backed memory on active LRU list, in bytes. - - name: stats.cache.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: Page cache, including tmpfs (shmem), in bytes. - - name: stats.hierarchical_memory_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.hierarchical_memsw_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory plus swap limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.inactive_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on inactive LRU list, including tmpfs (shmem), in bytes - - name: stats.inactive_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - File-backed memory on inactive LRU list, in bytes. - - name: stats.mapped_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Size of memory-mapped mapped files, including tmpfs (shmem), in bytes. - - name: stats.page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a page fault. - - name: stats.major_page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a major fault. "Major" faults happen when the kernel actually has to read the data from disk. - - name: stats.pages_in - type: long - metric_type: counter - description: | - Number of pages paged into memory. This is a counter. - - name: stats.pages_out - type: long - metric_type: counter - description: | - Number of pages paged out of memory. This is a counter. - - name: stats.rss.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache (includes transparent hugepages), not including tmpfs (shmem), in bytes. - - name: stats.rss_huge.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Number of bytes of anonymous transparent hugepages. - - name: stats.swap.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Swap usage, in bytes. - - name: stats.unevictable.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory that cannot be reclaimed, in bytes. - - name: blkio - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystems mountpoint. - - name: total.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total number of bytes transferred to and from all block devices by processes in the cgroup. - - name: total.ios - type: long - metric_type: counter - description: | - Total number of I/O operations performed on all devices by processes in the cgroup as seen by the throttling policy. diff --git a/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/manifest.yml deleted file mode 100755 index 074a92bed2..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/apm_server_metrics/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.apm_server -type: metrics -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/fields/base-fields.yml deleted file mode 100755 index accc7eb667..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/fields/base-fields.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. -- name: event.dataset - type: constant_keyword - description: Event dataset diff --git a/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/fields/ecs.yml deleted file mode 100755 index fcdde86458..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/fields/ecs.yml +++ /dev/null @@ -1,14 +0,0 @@ -- external: ecs - name: ecs.version -- name: log - title: Log - group: 2 - description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." - type: group - fields: - - name: level - level: core - type: keyword - ignore_above: 1024 - description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/fields/fields.yml deleted file mode 100755 index 24771ec504..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/fields/fields.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: message - type: text - title: Log Message -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/manifest.yml deleted file mode 100755 index 6b9e304133..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/auditbeat_logs/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.auditbeat -type: logs -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/base-fields.yml deleted file mode 100755 index 0d1791ffed..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/base-fields.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/beat-fields.yml b/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/beat-fields.yml deleted file mode 100755 index 0c063d19ae..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/beat-fields.yml +++ /dev/null @@ -1,81 +0,0 @@ -- name: beat.type - descripion: Beat type. - type: keyword -- name: beat.stats - description: Beat stats - type: group - fields: - - name: libbeat - type: group - description: > - Fields common to all Beats - - fields: - - name: output - type: group - description: > - Output stats - - fields: - - name: events - type: group - description: > - Event counters - - fields: - - name: acked - type: long - description: > - Number of events acknowledged - - - name: active - type: long - description: > - Number of active events - - - name: batches - type: long - description: > - Number of event batches - - - name: dropped - type: long - description: > - Number of events dropped - - - name: duplicates - type: long - description: > - Number of events duplicated - - - name: failed - type: long - description: > - Number of events failed - - - name: toomany - type: long - description: > - Number of too many events - - - name: total - type: long - description: > - Total number of events - - - name: write - type: group - description: > - Write stats - - fields: - - name: bytes - type: long - description: > - Number of bytes written - - - name: errors - type: long - description: > - Number of write errors - diff --git a/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/ecs.yml deleted file mode 100755 index 32b642ce16..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/ecs.yml +++ /dev/null @@ -1,2 +0,0 @@ -- external: ecs - name: ecs.version diff --git a/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/fields.yml deleted file mode 100755 index a516126a23..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/fields/fields.yml +++ /dev/null @@ -1,419 +0,0 @@ -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 -- name: system.process - type: group - fields: - - name: cpu - type: group - fields: - - name: user.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in user space. - - name: total.value - type: long - metric_type: counter - description: | - The value of CPU usage since starting the process. - - name: system.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in kernel space. - - name: total.ticks - type: long - metric_type: counter - description: | - The total CPU time spent by the process. - - name: total.time.ms - type: date - description: | - The time when the process was started. - - name: user.time.ms - type: date - description: | - The time when the process was started. - - name: system.time.ms - type: date - description: | - The time when the process was started. - - name: memory - type: group - fields: - - name: size - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The total virtual memory the process has. On Windows this represents the Commit Charge (the total amount of memory that the memory manager has committed for a running process) value in bytes for this process. - - name: fd - type: group - fields: - - name: open - type: long - metric_type: gauge - description: The number of file descriptors open by the process. - - name: limit.soft - type: long - metric_type: gauge - description: | - The soft limit on the number of file descriptors opened by the process. The soft limit can be changed by the process at any time. - - name: limit.hard - type: long - metric_type: gauge - description: | - The hard limit on the number of file descriptors opened by the process. The hard limit can only be raised by root. - - name: cgroup - type: group - fields: - - name: id - type: keyword - description: | - The ID common to all cgroups associated with this task. If there isn't a common ID used by all cgroups this field will be absent. - - name: path - type: keyword - description: | - The path to the cgroup relative to the cgroup subsystem's mountpoint. If there isn't a common path used by all cgroups this field will be absent. - - name: cpu - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: cfs.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources should be reallocated. - - name: cfs.quota.us - type: long - unit: micros - description: | - Total amount of time in microseconds for which all tasks in a cgroup can run during one period (as defined by cfs.period.us). - - name: cfs.shares - type: long - description: | - An integer value that specifies a relative share of CPU time available to the tasks in a cgroup. The value specified in the cpu.shares file must be 2 or higher. - - name: rt.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources is reallocated. - - name: rt.runtime.us - type: long - unit: micros - description: | - Period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources. - - name: stats.periods - type: long - metric_type: counter - description: | - Number of period intervals (as specified in cpu.cfs.period.us) that have elapsed. - - name: stats.throttled.periods - type: long - metric_type: counter - description: | - Number of times tasks in a cgroup have been throttled (that is, not allowed to run because they have exhausted all of the available time as specified by their quota). - - name: stats.throttled.ns - type: long - metric_type: counter - unit: nanos - description: | - The total time duration (in nanoseconds) for which tasks in a cgroup have been throttled. - - name: cpuacct - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: total.ns - type: long - metric_type: counter - unit: nanos - description: | - Total CPU time in nanoseconds consumed by all tasks in the cgroup. - - name: stats.user.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user mode. - - name: stats.system.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user (kernel) mode. - - name: percpu - type: object - description: | - CPU time (in nanoseconds) consumed on each CPU by all tasks in this cgroup. - - name: memory - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: mem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage by processes in the cgroup (in bytes). - - name: mem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used by processes in the cgroup (in bytes). - - name: mem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of user memory in bytes (including file cache) that tasks in the cgroup are allowed to use. - - name: mem.failures - type: long - description: | - The number of times that the memory limit (mem.limit.bytes) was reached. - - name: memsw.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The sum of current memory usage plus swap space used by processes in the cgroup (in bytes). - - name: memsw.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory and swap space used by processes in the cgroup (in bytes). - - name: memsw.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount for the sum of memory and swap usage that tasks in the cgroup are allowed to use. - - name: memsw.failures - type: long - unit: byte - metric_type: gauge - description: | - The number of times that the memory plus swap space limit (memsw.limit.bytes) was reached. - - name: kmem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total kernel memory usage by processes in the cgroup (in bytes). - - name: kmem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum kernel memory used by processes in the cgroup (in bytes). - - name: kmem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of kernel memory that tasks in the cgroup are allowed to use. - - name: kmem.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem.limit.bytes) was reached. - - name: kmem_tcp.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage for TCP buffers in bytes. - - name: kmem_tcp.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used for TCP buffers by processes in the cgroup (in bytes). - - name: kmem_tcp.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory for TCP buffers that tasks in the cgroup are allowed to use. - - name: kmem_tcp.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem_tcp.limit.bytes) was reached. - - name: stats.active_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs (shmem), in bytes. - - name: stats.active_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: File-backed memory on active LRU list, in bytes. - - name: stats.cache.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: Page cache, including tmpfs (shmem), in bytes. - - name: stats.hierarchical_memory_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.hierarchical_memsw_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory plus swap limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.inactive_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on inactive LRU list, including tmpfs (shmem), in bytes - - name: stats.inactive_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - File-backed memory on inactive LRU list, in bytes. - - name: stats.mapped_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Size of memory-mapped mapped files, including tmpfs (shmem), in bytes. - - name: stats.page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a page fault. - - name: stats.major_page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a major fault. "Major" faults happen when the kernel actually has to read the data from disk. - - name: stats.pages_in - type: long - metric_type: counter - description: | - Number of pages paged into memory. This is a counter. - - name: stats.pages_out - type: long - metric_type: counter - description: | - Number of pages paged out of memory. This is a counter. - - name: stats.rss.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache (includes transparent hugepages), not including tmpfs (shmem), in bytes. - - name: stats.rss_huge.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Number of bytes of anonymous transparent hugepages. - - name: stats.swap.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Swap usage, in bytes. - - name: stats.unevictable.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory that cannot be reclaimed, in bytes. - - name: blkio - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystems mountpoint. - - name: total.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total number of bytes transferred to and from all block devices by processes in the cgroup. - - name: total.ios - type: long - metric_type: counter - description: | - Total number of I/O operations performed on all devices by processes in the cgroup as seen by the throttling policy. diff --git a/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/manifest.yml deleted file mode 100755 index 4d7bfdd55e..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/auditbeat_metrics/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent Auditbeat Metrics -dataset: elastic_agent.auditbeat -type: metrics -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/fields/base-fields.yml deleted file mode 100755 index accc7eb667..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/fields/base-fields.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. -- name: event.dataset - type: constant_keyword - description: Event dataset diff --git a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/fields/ecs.yml deleted file mode 100755 index fcdde86458..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/fields/ecs.yml +++ /dev/null @@ -1,14 +0,0 @@ -- external: ecs - name: ecs.version -- name: log - title: Log - group: 2 - description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." - type: group - fields: - - name: level - level: core - type: keyword - ignore_above: 1024 - description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/fields/fields.yml deleted file mode 100755 index 24771ec504..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/fields/fields.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: message - type: text - title: Log Message -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/manifest.yml deleted file mode 100755 index e44264fda0..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_logs/manifest.yml +++ /dev/null @@ -1,8 +0,0 @@ -title: Elastic Agent -# TODO: Why is this? -dataset: elastic_agent -type: logs -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/base-fields.yml deleted file mode 100755 index 0d1791ffed..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/base-fields.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/beat-fields.yml b/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/beat-fields.yml deleted file mode 100755 index 0c063d19ae..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/beat-fields.yml +++ /dev/null @@ -1,81 +0,0 @@ -- name: beat.type - descripion: Beat type. - type: keyword -- name: beat.stats - description: Beat stats - type: group - fields: - - name: libbeat - type: group - description: > - Fields common to all Beats - - fields: - - name: output - type: group - description: > - Output stats - - fields: - - name: events - type: group - description: > - Event counters - - fields: - - name: acked - type: long - description: > - Number of events acknowledged - - - name: active - type: long - description: > - Number of active events - - - name: batches - type: long - description: > - Number of event batches - - - name: dropped - type: long - description: > - Number of events dropped - - - name: duplicates - type: long - description: > - Number of events duplicated - - - name: failed - type: long - description: > - Number of events failed - - - name: toomany - type: long - description: > - Number of too many events - - - name: total - type: long - description: > - Total number of events - - - name: write - type: group - description: > - Write stats - - fields: - - name: bytes - type: long - description: > - Number of bytes written - - - name: errors - type: long - description: > - Number of write errors - diff --git a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/beat-stats-fields.yml b/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/beat-stats-fields.yml deleted file mode 100755 index 8fd2649426..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/beat-stats-fields.yml +++ /dev/null @@ -1,256 +0,0 @@ -- name: beat.stats - description: Beat stats - type: group - fields: - - name: beat - type: group - fields: - - name: name - type: keyword - - name: host - type: keyword - - name: type - type: keyword - - name: uuid - type: keyword - - name: version - type: keyword - - name: system - type: group - fields: - - name: cpu.cores - type: long - - name: load - type: group - fields: - - name: "1" - type: double - - name: "15" - type: double - - name: "5" - type: double - - name: norm - type: group - fields: - - name: "1" - type: double - - name: "15" - type: double - - name: "5" - type: double - - name: cpu - type: group - fields: - - name: system.ticks - type: long - - name: system.time.ms - type: long - - name: total.value - type: long - - name: total.ticks - type: long - - name: total.time.ms - type: long - - name: user.ticks - type: long - - name: user.time.ms - type: long - - name: info - type: group - fields: - - name: ephemeral_id - type: keyword - - name: uptime.ms - type: long - - name: cgroup - type: group - fields: - - name: cpu - type: group - fields: - - name: cfs.period.us - type: long - - name: cfs.quota.us - type: long - - name: id - type: keyword - - name: stats - type: group - fields: - - name: periods - type: long - - name: throttled.periods - type: long - - name: throttled.ns - type: long - - name: cpuacct.id - type: keyword - - name: cpuacct.total.ns - type: long - - name: memory - type: group - fields: - - name: id - type: keyword - - name: mem.limit.bytes - type: long - - name: mem.usage.bytes - type: long - - name: memstats - type: group - fields: - - name: gc_next - type: long - - name: memory.alloc - type: long - - name: memory.total - type: long - - name: rss - type: long - - name: handles - type: group - fields: - - name: open - type: long - - name: limit.hard - type: long - - name: limit.soft - type: long - - name: uptime.ms - type: long - description: > - Beat uptime - - - name: runtime.goroutines - type: long - description: > - Number of goroutines running in Beat - - - name: libbeat - type: group - description: > - Fields common to all Beats - - fields: - - name: pipeline - type: group - fields: - - name: clients - type: long - - name: queue.acked - type: long - - name: events - type: group - fields: - - name: active - type: long - - name: dropped - type: long - - name: failed - type: long - - name: filtered - type: long - - name: published - type: long - - name: retry - type: long - - name: total - type: long - - name: config - type: group - fields: - - name: running - type: short - - name: starts - type: short - - name: stops - type: short - - name: output - type: group - description: > - Output stats - - fields: - - name: type - type: keyword - description: > - Type of output - - - name: events - type: group - description: > - Event counters - - fields: - - name: acked - type: long - description: > - Number of events acknowledged - - - name: active - type: long - description: > - Number of active events - - - name: batches - type: long - description: > - Number of event batches - - - name: dropped - type: long - description: > - Number of events dropped - - - name: duplicates - type: long - description: > - Number of events duplicated - - - name: failed - type: long - description: > - Number of events failed - - - name: toomany - type: long - description: > - Number of too many events - - - name: total - type: long - description: > - Total number of events - - - name: read - type: group - description: > - Read stats - - fields: - - name: bytes - type: long - description: > - Number of bytes read - - - name: errors - type: long - description: > - Number of read errors - - - name: write - type: group - description: > - Write stats - - fields: - - name: bytes - type: long - description: > - Number of bytes written - - - name: errors - type: long - description: > - Number of write errors - diff --git a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/ecs.yml deleted file mode 100755 index 32b642ce16..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/ecs.yml +++ /dev/null @@ -1,2 +0,0 @@ -- external: ecs - name: ecs.version diff --git a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/fields.yml deleted file mode 100755 index a516126a23..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/fields/fields.yml +++ /dev/null @@ -1,419 +0,0 @@ -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 -- name: system.process - type: group - fields: - - name: cpu - type: group - fields: - - name: user.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in user space. - - name: total.value - type: long - metric_type: counter - description: | - The value of CPU usage since starting the process. - - name: system.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in kernel space. - - name: total.ticks - type: long - metric_type: counter - description: | - The total CPU time spent by the process. - - name: total.time.ms - type: date - description: | - The time when the process was started. - - name: user.time.ms - type: date - description: | - The time when the process was started. - - name: system.time.ms - type: date - description: | - The time when the process was started. - - name: memory - type: group - fields: - - name: size - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The total virtual memory the process has. On Windows this represents the Commit Charge (the total amount of memory that the memory manager has committed for a running process) value in bytes for this process. - - name: fd - type: group - fields: - - name: open - type: long - metric_type: gauge - description: The number of file descriptors open by the process. - - name: limit.soft - type: long - metric_type: gauge - description: | - The soft limit on the number of file descriptors opened by the process. The soft limit can be changed by the process at any time. - - name: limit.hard - type: long - metric_type: gauge - description: | - The hard limit on the number of file descriptors opened by the process. The hard limit can only be raised by root. - - name: cgroup - type: group - fields: - - name: id - type: keyword - description: | - The ID common to all cgroups associated with this task. If there isn't a common ID used by all cgroups this field will be absent. - - name: path - type: keyword - description: | - The path to the cgroup relative to the cgroup subsystem's mountpoint. If there isn't a common path used by all cgroups this field will be absent. - - name: cpu - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: cfs.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources should be reallocated. - - name: cfs.quota.us - type: long - unit: micros - description: | - Total amount of time in microseconds for which all tasks in a cgroup can run during one period (as defined by cfs.period.us). - - name: cfs.shares - type: long - description: | - An integer value that specifies a relative share of CPU time available to the tasks in a cgroup. The value specified in the cpu.shares file must be 2 or higher. - - name: rt.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources is reallocated. - - name: rt.runtime.us - type: long - unit: micros - description: | - Period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources. - - name: stats.periods - type: long - metric_type: counter - description: | - Number of period intervals (as specified in cpu.cfs.period.us) that have elapsed. - - name: stats.throttled.periods - type: long - metric_type: counter - description: | - Number of times tasks in a cgroup have been throttled (that is, not allowed to run because they have exhausted all of the available time as specified by their quota). - - name: stats.throttled.ns - type: long - metric_type: counter - unit: nanos - description: | - The total time duration (in nanoseconds) for which tasks in a cgroup have been throttled. - - name: cpuacct - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: total.ns - type: long - metric_type: counter - unit: nanos - description: | - Total CPU time in nanoseconds consumed by all tasks in the cgroup. - - name: stats.user.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user mode. - - name: stats.system.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user (kernel) mode. - - name: percpu - type: object - description: | - CPU time (in nanoseconds) consumed on each CPU by all tasks in this cgroup. - - name: memory - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: mem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage by processes in the cgroup (in bytes). - - name: mem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used by processes in the cgroup (in bytes). - - name: mem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of user memory in bytes (including file cache) that tasks in the cgroup are allowed to use. - - name: mem.failures - type: long - description: | - The number of times that the memory limit (mem.limit.bytes) was reached. - - name: memsw.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The sum of current memory usage plus swap space used by processes in the cgroup (in bytes). - - name: memsw.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory and swap space used by processes in the cgroup (in bytes). - - name: memsw.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount for the sum of memory and swap usage that tasks in the cgroup are allowed to use. - - name: memsw.failures - type: long - unit: byte - metric_type: gauge - description: | - The number of times that the memory plus swap space limit (memsw.limit.bytes) was reached. - - name: kmem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total kernel memory usage by processes in the cgroup (in bytes). - - name: kmem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum kernel memory used by processes in the cgroup (in bytes). - - name: kmem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of kernel memory that tasks in the cgroup are allowed to use. - - name: kmem.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem.limit.bytes) was reached. - - name: kmem_tcp.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage for TCP buffers in bytes. - - name: kmem_tcp.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used for TCP buffers by processes in the cgroup (in bytes). - - name: kmem_tcp.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory for TCP buffers that tasks in the cgroup are allowed to use. - - name: kmem_tcp.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem_tcp.limit.bytes) was reached. - - name: stats.active_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs (shmem), in bytes. - - name: stats.active_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: File-backed memory on active LRU list, in bytes. - - name: stats.cache.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: Page cache, including tmpfs (shmem), in bytes. - - name: stats.hierarchical_memory_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.hierarchical_memsw_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory plus swap limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.inactive_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on inactive LRU list, including tmpfs (shmem), in bytes - - name: stats.inactive_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - File-backed memory on inactive LRU list, in bytes. - - name: stats.mapped_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Size of memory-mapped mapped files, including tmpfs (shmem), in bytes. - - name: stats.page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a page fault. - - name: stats.major_page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a major fault. "Major" faults happen when the kernel actually has to read the data from disk. - - name: stats.pages_in - type: long - metric_type: counter - description: | - Number of pages paged into memory. This is a counter. - - name: stats.pages_out - type: long - metric_type: counter - description: | - Number of pages paged out of memory. This is a counter. - - name: stats.rss.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache (includes transparent hugepages), not including tmpfs (shmem), in bytes. - - name: stats.rss_huge.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Number of bytes of anonymous transparent hugepages. - - name: stats.swap.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Swap usage, in bytes. - - name: stats.unevictable.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory that cannot be reclaimed, in bytes. - - name: blkio - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystems mountpoint. - - name: total.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total number of bytes transferred to and from all block devices by processes in the cgroup. - - name: total.ios - type: long - metric_type: counter - description: | - Total number of I/O operations performed on all devices by processes in the cgroup as seen by the throttling policy. diff --git a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/manifest.yml deleted file mode 100755 index 47dac92261..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/elastic_agent_metrics/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.elastic_agent -type: metrics -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/base-fields.yml deleted file mode 100755 index 0d1791ffed..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/base-fields.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/beat-fields.yml b/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/beat-fields.yml deleted file mode 100755 index 0c063d19ae..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/beat-fields.yml +++ /dev/null @@ -1,81 +0,0 @@ -- name: beat.type - descripion: Beat type. - type: keyword -- name: beat.stats - description: Beat stats - type: group - fields: - - name: libbeat - type: group - description: > - Fields common to all Beats - - fields: - - name: output - type: group - description: > - Output stats - - fields: - - name: events - type: group - description: > - Event counters - - fields: - - name: acked - type: long - description: > - Number of events acknowledged - - - name: active - type: long - description: > - Number of active events - - - name: batches - type: long - description: > - Number of event batches - - - name: dropped - type: long - description: > - Number of events dropped - - - name: duplicates - type: long - description: > - Number of events duplicated - - - name: failed - type: long - description: > - Number of events failed - - - name: toomany - type: long - description: > - Number of too many events - - - name: total - type: long - description: > - Total number of events - - - name: write - type: group - description: > - Write stats - - fields: - - name: bytes - type: long - description: > - Number of bytes written - - - name: errors - type: long - description: > - Number of write errors - diff --git a/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/ecs.yml deleted file mode 100755 index 32b642ce16..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/ecs.yml +++ /dev/null @@ -1,2 +0,0 @@ -- external: ecs - name: ecs.version diff --git a/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/fields.yml deleted file mode 100755 index f151c61ee2..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/fields/fields.yml +++ /dev/null @@ -1,25 +0,0 @@ -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/manifest.yml deleted file mode 100755 index 303510eed3..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/endpoint_security_metrics/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.endpoint_security -type: metrics -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/fields/base-fields.yml deleted file mode 100755 index accc7eb667..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/fields/base-fields.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. -- name: event.dataset - type: constant_keyword - description: Event dataset diff --git a/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/fields/ecs.yml deleted file mode 100755 index fcdde86458..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/fields/ecs.yml +++ /dev/null @@ -1,14 +0,0 @@ -- external: ecs - name: ecs.version -- name: log - title: Log - group: 2 - description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." - type: group - fields: - - name: level - level: core - type: keyword - ignore_above: 1024 - description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/fields/fields.yml deleted file mode 100755 index 24771ec504..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/fields/fields.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: message - type: text - title: Log Message -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/manifest.yml deleted file mode 100755 index 661fb299d0..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/endpoint_sercurity_logs/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.endpoint_security -type: logs -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/fields/base-fields.yml deleted file mode 100755 index accc7eb667..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/fields/base-fields.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. -- name: event.dataset - type: constant_keyword - description: Event dataset diff --git a/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/fields/ecs.yml deleted file mode 100755 index fcdde86458..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/fields/ecs.yml +++ /dev/null @@ -1,14 +0,0 @@ -- external: ecs - name: ecs.version -- name: log - title: Log - group: 2 - description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." - type: group - fields: - - name: level - level: core - type: keyword - ignore_above: 1024 - description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/fields/fields.yml deleted file mode 100755 index 24771ec504..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/fields/fields.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: message - type: text - title: Log Message -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/manifest.yml deleted file mode 100755 index af606b034e..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/filebeat_logs/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.filebeat -type: logs -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/base-fields.yml deleted file mode 100755 index 0d1791ffed..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/base-fields.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/beat-fields.yml b/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/beat-fields.yml deleted file mode 100755 index 0c063d19ae..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/beat-fields.yml +++ /dev/null @@ -1,81 +0,0 @@ -- name: beat.type - descripion: Beat type. - type: keyword -- name: beat.stats - description: Beat stats - type: group - fields: - - name: libbeat - type: group - description: > - Fields common to all Beats - - fields: - - name: output - type: group - description: > - Output stats - - fields: - - name: events - type: group - description: > - Event counters - - fields: - - name: acked - type: long - description: > - Number of events acknowledged - - - name: active - type: long - description: > - Number of active events - - - name: batches - type: long - description: > - Number of event batches - - - name: dropped - type: long - description: > - Number of events dropped - - - name: duplicates - type: long - description: > - Number of events duplicated - - - name: failed - type: long - description: > - Number of events failed - - - name: toomany - type: long - description: > - Number of too many events - - - name: total - type: long - description: > - Total number of events - - - name: write - type: group - description: > - Write stats - - fields: - - name: bytes - type: long - description: > - Number of bytes written - - - name: errors - type: long - description: > - Number of write errors - diff --git a/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/ecs.yml deleted file mode 100755 index 32b642ce16..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/ecs.yml +++ /dev/null @@ -1,2 +0,0 @@ -- external: ecs - name: ecs.version diff --git a/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/fields.yml deleted file mode 100755 index a516126a23..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/fields/fields.yml +++ /dev/null @@ -1,419 +0,0 @@ -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 -- name: system.process - type: group - fields: - - name: cpu - type: group - fields: - - name: user.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in user space. - - name: total.value - type: long - metric_type: counter - description: | - The value of CPU usage since starting the process. - - name: system.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in kernel space. - - name: total.ticks - type: long - metric_type: counter - description: | - The total CPU time spent by the process. - - name: total.time.ms - type: date - description: | - The time when the process was started. - - name: user.time.ms - type: date - description: | - The time when the process was started. - - name: system.time.ms - type: date - description: | - The time when the process was started. - - name: memory - type: group - fields: - - name: size - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The total virtual memory the process has. On Windows this represents the Commit Charge (the total amount of memory that the memory manager has committed for a running process) value in bytes for this process. - - name: fd - type: group - fields: - - name: open - type: long - metric_type: gauge - description: The number of file descriptors open by the process. - - name: limit.soft - type: long - metric_type: gauge - description: | - The soft limit on the number of file descriptors opened by the process. The soft limit can be changed by the process at any time. - - name: limit.hard - type: long - metric_type: gauge - description: | - The hard limit on the number of file descriptors opened by the process. The hard limit can only be raised by root. - - name: cgroup - type: group - fields: - - name: id - type: keyword - description: | - The ID common to all cgroups associated with this task. If there isn't a common ID used by all cgroups this field will be absent. - - name: path - type: keyword - description: | - The path to the cgroup relative to the cgroup subsystem's mountpoint. If there isn't a common path used by all cgroups this field will be absent. - - name: cpu - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: cfs.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources should be reallocated. - - name: cfs.quota.us - type: long - unit: micros - description: | - Total amount of time in microseconds for which all tasks in a cgroup can run during one period (as defined by cfs.period.us). - - name: cfs.shares - type: long - description: | - An integer value that specifies a relative share of CPU time available to the tasks in a cgroup. The value specified in the cpu.shares file must be 2 or higher. - - name: rt.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources is reallocated. - - name: rt.runtime.us - type: long - unit: micros - description: | - Period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources. - - name: stats.periods - type: long - metric_type: counter - description: | - Number of period intervals (as specified in cpu.cfs.period.us) that have elapsed. - - name: stats.throttled.periods - type: long - metric_type: counter - description: | - Number of times tasks in a cgroup have been throttled (that is, not allowed to run because they have exhausted all of the available time as specified by their quota). - - name: stats.throttled.ns - type: long - metric_type: counter - unit: nanos - description: | - The total time duration (in nanoseconds) for which tasks in a cgroup have been throttled. - - name: cpuacct - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: total.ns - type: long - metric_type: counter - unit: nanos - description: | - Total CPU time in nanoseconds consumed by all tasks in the cgroup. - - name: stats.user.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user mode. - - name: stats.system.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user (kernel) mode. - - name: percpu - type: object - description: | - CPU time (in nanoseconds) consumed on each CPU by all tasks in this cgroup. - - name: memory - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: mem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage by processes in the cgroup (in bytes). - - name: mem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used by processes in the cgroup (in bytes). - - name: mem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of user memory in bytes (including file cache) that tasks in the cgroup are allowed to use. - - name: mem.failures - type: long - description: | - The number of times that the memory limit (mem.limit.bytes) was reached. - - name: memsw.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The sum of current memory usage plus swap space used by processes in the cgroup (in bytes). - - name: memsw.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory and swap space used by processes in the cgroup (in bytes). - - name: memsw.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount for the sum of memory and swap usage that tasks in the cgroup are allowed to use. - - name: memsw.failures - type: long - unit: byte - metric_type: gauge - description: | - The number of times that the memory plus swap space limit (memsw.limit.bytes) was reached. - - name: kmem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total kernel memory usage by processes in the cgroup (in bytes). - - name: kmem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum kernel memory used by processes in the cgroup (in bytes). - - name: kmem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of kernel memory that tasks in the cgroup are allowed to use. - - name: kmem.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem.limit.bytes) was reached. - - name: kmem_tcp.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage for TCP buffers in bytes. - - name: kmem_tcp.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used for TCP buffers by processes in the cgroup (in bytes). - - name: kmem_tcp.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory for TCP buffers that tasks in the cgroup are allowed to use. - - name: kmem_tcp.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem_tcp.limit.bytes) was reached. - - name: stats.active_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs (shmem), in bytes. - - name: stats.active_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: File-backed memory on active LRU list, in bytes. - - name: stats.cache.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: Page cache, including tmpfs (shmem), in bytes. - - name: stats.hierarchical_memory_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.hierarchical_memsw_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory plus swap limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.inactive_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on inactive LRU list, including tmpfs (shmem), in bytes - - name: stats.inactive_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - File-backed memory on inactive LRU list, in bytes. - - name: stats.mapped_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Size of memory-mapped mapped files, including tmpfs (shmem), in bytes. - - name: stats.page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a page fault. - - name: stats.major_page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a major fault. "Major" faults happen when the kernel actually has to read the data from disk. - - name: stats.pages_in - type: long - metric_type: counter - description: | - Number of pages paged into memory. This is a counter. - - name: stats.pages_out - type: long - metric_type: counter - description: | - Number of pages paged out of memory. This is a counter. - - name: stats.rss.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache (includes transparent hugepages), not including tmpfs (shmem), in bytes. - - name: stats.rss_huge.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Number of bytes of anonymous transparent hugepages. - - name: stats.swap.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Swap usage, in bytes. - - name: stats.unevictable.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory that cannot be reclaimed, in bytes. - - name: blkio - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystems mountpoint. - - name: total.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total number of bytes transferred to and from all block devices by processes in the cgroup. - - name: total.ios - type: long - metric_type: counter - description: | - Total number of I/O operations performed on all devices by processes in the cgroup as seen by the throttling policy. diff --git a/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/manifest.yml deleted file mode 100755 index d3d6251b7e..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/filebeat_metrics/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.filebeat -type: metrics -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/fields/base-fields.yml deleted file mode 100755 index accc7eb667..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/fields/base-fields.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. -- name: event.dataset - type: constant_keyword - description: Event dataset diff --git a/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/fields/ecs.yml deleted file mode 100755 index fcdde86458..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/fields/ecs.yml +++ /dev/null @@ -1,14 +0,0 @@ -- external: ecs - name: ecs.version -- name: log - title: Log - group: 2 - description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." - type: group - fields: - - name: level - level: core - type: keyword - ignore_above: 1024 - description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/fields/fields.yml deleted file mode 100755 index 24771ec504..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/fields/fields.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: message - type: text - title: Log Message -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/manifest.yml deleted file mode 100755 index 814aea7b29..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/fleet_server_logs/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.fleet_server -type: logs -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/base-fields.yml deleted file mode 100755 index 0d1791ffed..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/base-fields.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/beat-fields.yml b/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/beat-fields.yml deleted file mode 100755 index 0c063d19ae..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/beat-fields.yml +++ /dev/null @@ -1,81 +0,0 @@ -- name: beat.type - descripion: Beat type. - type: keyword -- name: beat.stats - description: Beat stats - type: group - fields: - - name: libbeat - type: group - description: > - Fields common to all Beats - - fields: - - name: output - type: group - description: > - Output stats - - fields: - - name: events - type: group - description: > - Event counters - - fields: - - name: acked - type: long - description: > - Number of events acknowledged - - - name: active - type: long - description: > - Number of active events - - - name: batches - type: long - description: > - Number of event batches - - - name: dropped - type: long - description: > - Number of events dropped - - - name: duplicates - type: long - description: > - Number of events duplicated - - - name: failed - type: long - description: > - Number of events failed - - - name: toomany - type: long - description: > - Number of too many events - - - name: total - type: long - description: > - Total number of events - - - name: write - type: group - description: > - Write stats - - fields: - - name: bytes - type: long - description: > - Number of bytes written - - - name: errors - type: long - description: > - Number of write errors - diff --git a/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/ecs.yml deleted file mode 100755 index 32b642ce16..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/ecs.yml +++ /dev/null @@ -1,2 +0,0 @@ -- external: ecs - name: ecs.version diff --git a/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/fields.yml deleted file mode 100755 index a516126a23..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/fields/fields.yml +++ /dev/null @@ -1,419 +0,0 @@ -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 -- name: system.process - type: group - fields: - - name: cpu - type: group - fields: - - name: user.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in user space. - - name: total.value - type: long - metric_type: counter - description: | - The value of CPU usage since starting the process. - - name: system.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in kernel space. - - name: total.ticks - type: long - metric_type: counter - description: | - The total CPU time spent by the process. - - name: total.time.ms - type: date - description: | - The time when the process was started. - - name: user.time.ms - type: date - description: | - The time when the process was started. - - name: system.time.ms - type: date - description: | - The time when the process was started. - - name: memory - type: group - fields: - - name: size - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The total virtual memory the process has. On Windows this represents the Commit Charge (the total amount of memory that the memory manager has committed for a running process) value in bytes for this process. - - name: fd - type: group - fields: - - name: open - type: long - metric_type: gauge - description: The number of file descriptors open by the process. - - name: limit.soft - type: long - metric_type: gauge - description: | - The soft limit on the number of file descriptors opened by the process. The soft limit can be changed by the process at any time. - - name: limit.hard - type: long - metric_type: gauge - description: | - The hard limit on the number of file descriptors opened by the process. The hard limit can only be raised by root. - - name: cgroup - type: group - fields: - - name: id - type: keyword - description: | - The ID common to all cgroups associated with this task. If there isn't a common ID used by all cgroups this field will be absent. - - name: path - type: keyword - description: | - The path to the cgroup relative to the cgroup subsystem's mountpoint. If there isn't a common path used by all cgroups this field will be absent. - - name: cpu - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: cfs.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources should be reallocated. - - name: cfs.quota.us - type: long - unit: micros - description: | - Total amount of time in microseconds for which all tasks in a cgroup can run during one period (as defined by cfs.period.us). - - name: cfs.shares - type: long - description: | - An integer value that specifies a relative share of CPU time available to the tasks in a cgroup. The value specified in the cpu.shares file must be 2 or higher. - - name: rt.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources is reallocated. - - name: rt.runtime.us - type: long - unit: micros - description: | - Period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources. - - name: stats.periods - type: long - metric_type: counter - description: | - Number of period intervals (as specified in cpu.cfs.period.us) that have elapsed. - - name: stats.throttled.periods - type: long - metric_type: counter - description: | - Number of times tasks in a cgroup have been throttled (that is, not allowed to run because they have exhausted all of the available time as specified by their quota). - - name: stats.throttled.ns - type: long - metric_type: counter - unit: nanos - description: | - The total time duration (in nanoseconds) for which tasks in a cgroup have been throttled. - - name: cpuacct - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: total.ns - type: long - metric_type: counter - unit: nanos - description: | - Total CPU time in nanoseconds consumed by all tasks in the cgroup. - - name: stats.user.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user mode. - - name: stats.system.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user (kernel) mode. - - name: percpu - type: object - description: | - CPU time (in nanoseconds) consumed on each CPU by all tasks in this cgroup. - - name: memory - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: mem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage by processes in the cgroup (in bytes). - - name: mem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used by processes in the cgroup (in bytes). - - name: mem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of user memory in bytes (including file cache) that tasks in the cgroup are allowed to use. - - name: mem.failures - type: long - description: | - The number of times that the memory limit (mem.limit.bytes) was reached. - - name: memsw.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The sum of current memory usage plus swap space used by processes in the cgroup (in bytes). - - name: memsw.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory and swap space used by processes in the cgroup (in bytes). - - name: memsw.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount for the sum of memory and swap usage that tasks in the cgroup are allowed to use. - - name: memsw.failures - type: long - unit: byte - metric_type: gauge - description: | - The number of times that the memory plus swap space limit (memsw.limit.bytes) was reached. - - name: kmem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total kernel memory usage by processes in the cgroup (in bytes). - - name: kmem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum kernel memory used by processes in the cgroup (in bytes). - - name: kmem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of kernel memory that tasks in the cgroup are allowed to use. - - name: kmem.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem.limit.bytes) was reached. - - name: kmem_tcp.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage for TCP buffers in bytes. - - name: kmem_tcp.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used for TCP buffers by processes in the cgroup (in bytes). - - name: kmem_tcp.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory for TCP buffers that tasks in the cgroup are allowed to use. - - name: kmem_tcp.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem_tcp.limit.bytes) was reached. - - name: stats.active_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs (shmem), in bytes. - - name: stats.active_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: File-backed memory on active LRU list, in bytes. - - name: stats.cache.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: Page cache, including tmpfs (shmem), in bytes. - - name: stats.hierarchical_memory_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.hierarchical_memsw_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory plus swap limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.inactive_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on inactive LRU list, including tmpfs (shmem), in bytes - - name: stats.inactive_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - File-backed memory on inactive LRU list, in bytes. - - name: stats.mapped_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Size of memory-mapped mapped files, including tmpfs (shmem), in bytes. - - name: stats.page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a page fault. - - name: stats.major_page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a major fault. "Major" faults happen when the kernel actually has to read the data from disk. - - name: stats.pages_in - type: long - metric_type: counter - description: | - Number of pages paged into memory. This is a counter. - - name: stats.pages_out - type: long - metric_type: counter - description: | - Number of pages paged out of memory. This is a counter. - - name: stats.rss.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache (includes transparent hugepages), not including tmpfs (shmem), in bytes. - - name: stats.rss_huge.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Number of bytes of anonymous transparent hugepages. - - name: stats.swap.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Swap usage, in bytes. - - name: stats.unevictable.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory that cannot be reclaimed, in bytes. - - name: blkio - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystems mountpoint. - - name: total.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total number of bytes transferred to and from all block devices by processes in the cgroup. - - name: total.ios - type: long - metric_type: counter - description: | - Total number of I/O operations performed on all devices by processes in the cgroup as seen by the throttling policy. diff --git a/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/manifest.yml deleted file mode 100755 index c0adf93736..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/fleet_server_metrics/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.fleet_server -type: metrics -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/fields/base-fields.yml deleted file mode 100755 index 0d1791ffed..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/fields/base-fields.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/fields/ecs.yml deleted file mode 100755 index fcdde86458..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/fields/ecs.yml +++ /dev/null @@ -1,14 +0,0 @@ -- external: ecs - name: ecs.version -- name: log - title: Log - group: 2 - description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." - type: group - fields: - - name: level - level: core - type: keyword - ignore_above: 1024 - description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/fields/fields.yml deleted file mode 100755 index 371ed822a5..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/fields/fields.yml +++ /dev/null @@ -1,31 +0,0 @@ -- name: message - type: text - title: Log Message -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 -- name: event.dataset - type: constant_keyword - description: Event dataset diff --git a/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/manifest.yml deleted file mode 100755 index dce6c178a3..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/heartbeat_logs/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.heartbeat -type: logs -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/base-fields.yml deleted file mode 100755 index 0d1791ffed..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/base-fields.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/beat-fields.yml b/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/beat-fields.yml deleted file mode 100755 index 0c063d19ae..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/beat-fields.yml +++ /dev/null @@ -1,81 +0,0 @@ -- name: beat.type - descripion: Beat type. - type: keyword -- name: beat.stats - description: Beat stats - type: group - fields: - - name: libbeat - type: group - description: > - Fields common to all Beats - - fields: - - name: output - type: group - description: > - Output stats - - fields: - - name: events - type: group - description: > - Event counters - - fields: - - name: acked - type: long - description: > - Number of events acknowledged - - - name: active - type: long - description: > - Number of active events - - - name: batches - type: long - description: > - Number of event batches - - - name: dropped - type: long - description: > - Number of events dropped - - - name: duplicates - type: long - description: > - Number of events duplicated - - - name: failed - type: long - description: > - Number of events failed - - - name: toomany - type: long - description: > - Number of too many events - - - name: total - type: long - description: > - Total number of events - - - name: write - type: group - description: > - Write stats - - fields: - - name: bytes - type: long - description: > - Number of bytes written - - - name: errors - type: long - description: > - Number of write errors - diff --git a/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/ecs.yml deleted file mode 100755 index 32b642ce16..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/ecs.yml +++ /dev/null @@ -1,2 +0,0 @@ -- external: ecs - name: ecs.version diff --git a/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/fields.yml deleted file mode 100755 index a516126a23..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/fields/fields.yml +++ /dev/null @@ -1,419 +0,0 @@ -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 -- name: system.process - type: group - fields: - - name: cpu - type: group - fields: - - name: user.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in user space. - - name: total.value - type: long - metric_type: counter - description: | - The value of CPU usage since starting the process. - - name: system.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in kernel space. - - name: total.ticks - type: long - metric_type: counter - description: | - The total CPU time spent by the process. - - name: total.time.ms - type: date - description: | - The time when the process was started. - - name: user.time.ms - type: date - description: | - The time when the process was started. - - name: system.time.ms - type: date - description: | - The time when the process was started. - - name: memory - type: group - fields: - - name: size - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The total virtual memory the process has. On Windows this represents the Commit Charge (the total amount of memory that the memory manager has committed for a running process) value in bytes for this process. - - name: fd - type: group - fields: - - name: open - type: long - metric_type: gauge - description: The number of file descriptors open by the process. - - name: limit.soft - type: long - metric_type: gauge - description: | - The soft limit on the number of file descriptors opened by the process. The soft limit can be changed by the process at any time. - - name: limit.hard - type: long - metric_type: gauge - description: | - The hard limit on the number of file descriptors opened by the process. The hard limit can only be raised by root. - - name: cgroup - type: group - fields: - - name: id - type: keyword - description: | - The ID common to all cgroups associated with this task. If there isn't a common ID used by all cgroups this field will be absent. - - name: path - type: keyword - description: | - The path to the cgroup relative to the cgroup subsystem's mountpoint. If there isn't a common path used by all cgroups this field will be absent. - - name: cpu - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: cfs.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources should be reallocated. - - name: cfs.quota.us - type: long - unit: micros - description: | - Total amount of time in microseconds for which all tasks in a cgroup can run during one period (as defined by cfs.period.us). - - name: cfs.shares - type: long - description: | - An integer value that specifies a relative share of CPU time available to the tasks in a cgroup. The value specified in the cpu.shares file must be 2 or higher. - - name: rt.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources is reallocated. - - name: rt.runtime.us - type: long - unit: micros - description: | - Period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources. - - name: stats.periods - type: long - metric_type: counter - description: | - Number of period intervals (as specified in cpu.cfs.period.us) that have elapsed. - - name: stats.throttled.periods - type: long - metric_type: counter - description: | - Number of times tasks in a cgroup have been throttled (that is, not allowed to run because they have exhausted all of the available time as specified by their quota). - - name: stats.throttled.ns - type: long - metric_type: counter - unit: nanos - description: | - The total time duration (in nanoseconds) for which tasks in a cgroup have been throttled. - - name: cpuacct - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: total.ns - type: long - metric_type: counter - unit: nanos - description: | - Total CPU time in nanoseconds consumed by all tasks in the cgroup. - - name: stats.user.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user mode. - - name: stats.system.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user (kernel) mode. - - name: percpu - type: object - description: | - CPU time (in nanoseconds) consumed on each CPU by all tasks in this cgroup. - - name: memory - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: mem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage by processes in the cgroup (in bytes). - - name: mem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used by processes in the cgroup (in bytes). - - name: mem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of user memory in bytes (including file cache) that tasks in the cgroup are allowed to use. - - name: mem.failures - type: long - description: | - The number of times that the memory limit (mem.limit.bytes) was reached. - - name: memsw.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The sum of current memory usage plus swap space used by processes in the cgroup (in bytes). - - name: memsw.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory and swap space used by processes in the cgroup (in bytes). - - name: memsw.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount for the sum of memory and swap usage that tasks in the cgroup are allowed to use. - - name: memsw.failures - type: long - unit: byte - metric_type: gauge - description: | - The number of times that the memory plus swap space limit (memsw.limit.bytes) was reached. - - name: kmem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total kernel memory usage by processes in the cgroup (in bytes). - - name: kmem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum kernel memory used by processes in the cgroup (in bytes). - - name: kmem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of kernel memory that tasks in the cgroup are allowed to use. - - name: kmem.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem.limit.bytes) was reached. - - name: kmem_tcp.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage for TCP buffers in bytes. - - name: kmem_tcp.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used for TCP buffers by processes in the cgroup (in bytes). - - name: kmem_tcp.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory for TCP buffers that tasks in the cgroup are allowed to use. - - name: kmem_tcp.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem_tcp.limit.bytes) was reached. - - name: stats.active_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs (shmem), in bytes. - - name: stats.active_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: File-backed memory on active LRU list, in bytes. - - name: stats.cache.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: Page cache, including tmpfs (shmem), in bytes. - - name: stats.hierarchical_memory_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.hierarchical_memsw_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory plus swap limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.inactive_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on inactive LRU list, including tmpfs (shmem), in bytes - - name: stats.inactive_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - File-backed memory on inactive LRU list, in bytes. - - name: stats.mapped_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Size of memory-mapped mapped files, including tmpfs (shmem), in bytes. - - name: stats.page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a page fault. - - name: stats.major_page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a major fault. "Major" faults happen when the kernel actually has to read the data from disk. - - name: stats.pages_in - type: long - metric_type: counter - description: | - Number of pages paged into memory. This is a counter. - - name: stats.pages_out - type: long - metric_type: counter - description: | - Number of pages paged out of memory. This is a counter. - - name: stats.rss.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache (includes transparent hugepages), not including tmpfs (shmem), in bytes. - - name: stats.rss_huge.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Number of bytes of anonymous transparent hugepages. - - name: stats.swap.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Swap usage, in bytes. - - name: stats.unevictable.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory that cannot be reclaimed, in bytes. - - name: blkio - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystems mountpoint. - - name: total.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total number of bytes transferred to and from all block devices by processes in the cgroup. - - name: total.ios - type: long - metric_type: counter - description: | - Total number of I/O operations performed on all devices by processes in the cgroup as seen by the throttling policy. diff --git a/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/manifest.yml deleted file mode 100755 index 012bf45927..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/heartbeat_metrics/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.heartbeat -type: metrics -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/fields/base-fields.yml deleted file mode 100755 index accc7eb667..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/fields/base-fields.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. -- name: event.dataset - type: constant_keyword - description: Event dataset diff --git a/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/fields/ecs.yml deleted file mode 100755 index fcdde86458..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/fields/ecs.yml +++ /dev/null @@ -1,14 +0,0 @@ -- external: ecs - name: ecs.version -- name: log - title: Log - group: 2 - description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." - type: group - fields: - - name: level - level: core - type: keyword - ignore_above: 1024 - description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/fields/fields.yml deleted file mode 100755 index 24771ec504..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/fields/fields.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: message - type: text - title: Log Message -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/manifest.yml deleted file mode 100755 index eef19a83be..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/metricbeat_logs/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.metricbeat -type: logs -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/base-fields.yml deleted file mode 100755 index 0d1791ffed..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/base-fields.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/beat-fields.yml b/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/beat-fields.yml deleted file mode 100755 index 0c063d19ae..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/beat-fields.yml +++ /dev/null @@ -1,81 +0,0 @@ -- name: beat.type - descripion: Beat type. - type: keyword -- name: beat.stats - description: Beat stats - type: group - fields: - - name: libbeat - type: group - description: > - Fields common to all Beats - - fields: - - name: output - type: group - description: > - Output stats - - fields: - - name: events - type: group - description: > - Event counters - - fields: - - name: acked - type: long - description: > - Number of events acknowledged - - - name: active - type: long - description: > - Number of active events - - - name: batches - type: long - description: > - Number of event batches - - - name: dropped - type: long - description: > - Number of events dropped - - - name: duplicates - type: long - description: > - Number of events duplicated - - - name: failed - type: long - description: > - Number of events failed - - - name: toomany - type: long - description: > - Number of too many events - - - name: total - type: long - description: > - Total number of events - - - name: write - type: group - description: > - Write stats - - fields: - - name: bytes - type: long - description: > - Number of bytes written - - - name: errors - type: long - description: > - Number of write errors - diff --git a/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/ecs.yml deleted file mode 100755 index 32b642ce16..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/ecs.yml +++ /dev/null @@ -1,2 +0,0 @@ -- external: ecs - name: ecs.version diff --git a/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/fields.yml deleted file mode 100755 index a516126a23..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/fields/fields.yml +++ /dev/null @@ -1,419 +0,0 @@ -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 -- name: system.process - type: group - fields: - - name: cpu - type: group - fields: - - name: user.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in user space. - - name: total.value - type: long - metric_type: counter - description: | - The value of CPU usage since starting the process. - - name: system.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in kernel space. - - name: total.ticks - type: long - metric_type: counter - description: | - The total CPU time spent by the process. - - name: total.time.ms - type: date - description: | - The time when the process was started. - - name: user.time.ms - type: date - description: | - The time when the process was started. - - name: system.time.ms - type: date - description: | - The time when the process was started. - - name: memory - type: group - fields: - - name: size - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The total virtual memory the process has. On Windows this represents the Commit Charge (the total amount of memory that the memory manager has committed for a running process) value in bytes for this process. - - name: fd - type: group - fields: - - name: open - type: long - metric_type: gauge - description: The number of file descriptors open by the process. - - name: limit.soft - type: long - metric_type: gauge - description: | - The soft limit on the number of file descriptors opened by the process. The soft limit can be changed by the process at any time. - - name: limit.hard - type: long - metric_type: gauge - description: | - The hard limit on the number of file descriptors opened by the process. The hard limit can only be raised by root. - - name: cgroup - type: group - fields: - - name: id - type: keyword - description: | - The ID common to all cgroups associated with this task. If there isn't a common ID used by all cgroups this field will be absent. - - name: path - type: keyword - description: | - The path to the cgroup relative to the cgroup subsystem's mountpoint. If there isn't a common path used by all cgroups this field will be absent. - - name: cpu - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: cfs.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources should be reallocated. - - name: cfs.quota.us - type: long - unit: micros - description: | - Total amount of time in microseconds for which all tasks in a cgroup can run during one period (as defined by cfs.period.us). - - name: cfs.shares - type: long - description: | - An integer value that specifies a relative share of CPU time available to the tasks in a cgroup. The value specified in the cpu.shares file must be 2 or higher. - - name: rt.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources is reallocated. - - name: rt.runtime.us - type: long - unit: micros - description: | - Period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources. - - name: stats.periods - type: long - metric_type: counter - description: | - Number of period intervals (as specified in cpu.cfs.period.us) that have elapsed. - - name: stats.throttled.periods - type: long - metric_type: counter - description: | - Number of times tasks in a cgroup have been throttled (that is, not allowed to run because they have exhausted all of the available time as specified by their quota). - - name: stats.throttled.ns - type: long - metric_type: counter - unit: nanos - description: | - The total time duration (in nanoseconds) for which tasks in a cgroup have been throttled. - - name: cpuacct - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: total.ns - type: long - metric_type: counter - unit: nanos - description: | - Total CPU time in nanoseconds consumed by all tasks in the cgroup. - - name: stats.user.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user mode. - - name: stats.system.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user (kernel) mode. - - name: percpu - type: object - description: | - CPU time (in nanoseconds) consumed on each CPU by all tasks in this cgroup. - - name: memory - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: mem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage by processes in the cgroup (in bytes). - - name: mem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used by processes in the cgroup (in bytes). - - name: mem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of user memory in bytes (including file cache) that tasks in the cgroup are allowed to use. - - name: mem.failures - type: long - description: | - The number of times that the memory limit (mem.limit.bytes) was reached. - - name: memsw.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The sum of current memory usage plus swap space used by processes in the cgroup (in bytes). - - name: memsw.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory and swap space used by processes in the cgroup (in bytes). - - name: memsw.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount for the sum of memory and swap usage that tasks in the cgroup are allowed to use. - - name: memsw.failures - type: long - unit: byte - metric_type: gauge - description: | - The number of times that the memory plus swap space limit (memsw.limit.bytes) was reached. - - name: kmem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total kernel memory usage by processes in the cgroup (in bytes). - - name: kmem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum kernel memory used by processes in the cgroup (in bytes). - - name: kmem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of kernel memory that tasks in the cgroup are allowed to use. - - name: kmem.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem.limit.bytes) was reached. - - name: kmem_tcp.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage for TCP buffers in bytes. - - name: kmem_tcp.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used for TCP buffers by processes in the cgroup (in bytes). - - name: kmem_tcp.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory for TCP buffers that tasks in the cgroup are allowed to use. - - name: kmem_tcp.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem_tcp.limit.bytes) was reached. - - name: stats.active_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs (shmem), in bytes. - - name: stats.active_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: File-backed memory on active LRU list, in bytes. - - name: stats.cache.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: Page cache, including tmpfs (shmem), in bytes. - - name: stats.hierarchical_memory_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.hierarchical_memsw_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory plus swap limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.inactive_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on inactive LRU list, including tmpfs (shmem), in bytes - - name: stats.inactive_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - File-backed memory on inactive LRU list, in bytes. - - name: stats.mapped_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Size of memory-mapped mapped files, including tmpfs (shmem), in bytes. - - name: stats.page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a page fault. - - name: stats.major_page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a major fault. "Major" faults happen when the kernel actually has to read the data from disk. - - name: stats.pages_in - type: long - metric_type: counter - description: | - Number of pages paged into memory. This is a counter. - - name: stats.pages_out - type: long - metric_type: counter - description: | - Number of pages paged out of memory. This is a counter. - - name: stats.rss.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache (includes transparent hugepages), not including tmpfs (shmem), in bytes. - - name: stats.rss_huge.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Number of bytes of anonymous transparent hugepages. - - name: stats.swap.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Swap usage, in bytes. - - name: stats.unevictable.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory that cannot be reclaimed, in bytes. - - name: blkio - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystems mountpoint. - - name: total.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total number of bytes transferred to and from all block devices by processes in the cgroup. - - name: total.ios - type: long - metric_type: counter - description: | - Total number of I/O operations performed on all devices by processes in the cgroup as seen by the throttling policy. diff --git a/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/manifest.yml deleted file mode 100755 index 54f1bd0754..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/metricbeat_metrics/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.metricbeat -type: metrics -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/fields/base-fields.yml deleted file mode 100755 index accc7eb667..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/fields/base-fields.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. -- name: event.dataset - type: constant_keyword - description: Event dataset diff --git a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/fields/ecs.yml deleted file mode 100755 index fcdde86458..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/fields/ecs.yml +++ /dev/null @@ -1,14 +0,0 @@ -- external: ecs - name: ecs.version -- name: log - title: Log - group: 2 - description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." - type: group - fields: - - name: level - level: core - type: keyword - ignore_above: 1024 - description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/fields/fields.yml deleted file mode 100755 index 24771ec504..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/fields/fields.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: message - type: text - title: Log Message -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/manifest.yml deleted file mode 100755 index a32c631ce7..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_logs/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.osquerybeat -type: logs -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/base-fields.yml deleted file mode 100755 index 0d1791ffed..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/base-fields.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/beat-fields.yml b/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/beat-fields.yml deleted file mode 100755 index 0c063d19ae..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/beat-fields.yml +++ /dev/null @@ -1,81 +0,0 @@ -- name: beat.type - descripion: Beat type. - type: keyword -- name: beat.stats - description: Beat stats - type: group - fields: - - name: libbeat - type: group - description: > - Fields common to all Beats - - fields: - - name: output - type: group - description: > - Output stats - - fields: - - name: events - type: group - description: > - Event counters - - fields: - - name: acked - type: long - description: > - Number of events acknowledged - - - name: active - type: long - description: > - Number of active events - - - name: batches - type: long - description: > - Number of event batches - - - name: dropped - type: long - description: > - Number of events dropped - - - name: duplicates - type: long - description: > - Number of events duplicated - - - name: failed - type: long - description: > - Number of events failed - - - name: toomany - type: long - description: > - Number of too many events - - - name: total - type: long - description: > - Total number of events - - - name: write - type: group - description: > - Write stats - - fields: - - name: bytes - type: long - description: > - Number of bytes written - - - name: errors - type: long - description: > - Number of write errors - diff --git a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/ecs.yml deleted file mode 100755 index 32b642ce16..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/ecs.yml +++ /dev/null @@ -1,2 +0,0 @@ -- external: ecs - name: ecs.version diff --git a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/fields.yml deleted file mode 100755 index a516126a23..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/fields/fields.yml +++ /dev/null @@ -1,419 +0,0 @@ -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 -- name: system.process - type: group - fields: - - name: cpu - type: group - fields: - - name: user.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in user space. - - name: total.value - type: long - metric_type: counter - description: | - The value of CPU usage since starting the process. - - name: system.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in kernel space. - - name: total.ticks - type: long - metric_type: counter - description: | - The total CPU time spent by the process. - - name: total.time.ms - type: date - description: | - The time when the process was started. - - name: user.time.ms - type: date - description: | - The time when the process was started. - - name: system.time.ms - type: date - description: | - The time when the process was started. - - name: memory - type: group - fields: - - name: size - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The total virtual memory the process has. On Windows this represents the Commit Charge (the total amount of memory that the memory manager has committed for a running process) value in bytes for this process. - - name: fd - type: group - fields: - - name: open - type: long - metric_type: gauge - description: The number of file descriptors open by the process. - - name: limit.soft - type: long - metric_type: gauge - description: | - The soft limit on the number of file descriptors opened by the process. The soft limit can be changed by the process at any time. - - name: limit.hard - type: long - metric_type: gauge - description: | - The hard limit on the number of file descriptors opened by the process. The hard limit can only be raised by root. - - name: cgroup - type: group - fields: - - name: id - type: keyword - description: | - The ID common to all cgroups associated with this task. If there isn't a common ID used by all cgroups this field will be absent. - - name: path - type: keyword - description: | - The path to the cgroup relative to the cgroup subsystem's mountpoint. If there isn't a common path used by all cgroups this field will be absent. - - name: cpu - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: cfs.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources should be reallocated. - - name: cfs.quota.us - type: long - unit: micros - description: | - Total amount of time in microseconds for which all tasks in a cgroup can run during one period (as defined by cfs.period.us). - - name: cfs.shares - type: long - description: | - An integer value that specifies a relative share of CPU time available to the tasks in a cgroup. The value specified in the cpu.shares file must be 2 or higher. - - name: rt.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources is reallocated. - - name: rt.runtime.us - type: long - unit: micros - description: | - Period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources. - - name: stats.periods - type: long - metric_type: counter - description: | - Number of period intervals (as specified in cpu.cfs.period.us) that have elapsed. - - name: stats.throttled.periods - type: long - metric_type: counter - description: | - Number of times tasks in a cgroup have been throttled (that is, not allowed to run because they have exhausted all of the available time as specified by their quota). - - name: stats.throttled.ns - type: long - metric_type: counter - unit: nanos - description: | - The total time duration (in nanoseconds) for which tasks in a cgroup have been throttled. - - name: cpuacct - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: total.ns - type: long - metric_type: counter - unit: nanos - description: | - Total CPU time in nanoseconds consumed by all tasks in the cgroup. - - name: stats.user.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user mode. - - name: stats.system.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user (kernel) mode. - - name: percpu - type: object - description: | - CPU time (in nanoseconds) consumed on each CPU by all tasks in this cgroup. - - name: memory - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: mem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage by processes in the cgroup (in bytes). - - name: mem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used by processes in the cgroup (in bytes). - - name: mem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of user memory in bytes (including file cache) that tasks in the cgroup are allowed to use. - - name: mem.failures - type: long - description: | - The number of times that the memory limit (mem.limit.bytes) was reached. - - name: memsw.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The sum of current memory usage plus swap space used by processes in the cgroup (in bytes). - - name: memsw.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory and swap space used by processes in the cgroup (in bytes). - - name: memsw.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount for the sum of memory and swap usage that tasks in the cgroup are allowed to use. - - name: memsw.failures - type: long - unit: byte - metric_type: gauge - description: | - The number of times that the memory plus swap space limit (memsw.limit.bytes) was reached. - - name: kmem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total kernel memory usage by processes in the cgroup (in bytes). - - name: kmem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum kernel memory used by processes in the cgroup (in bytes). - - name: kmem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of kernel memory that tasks in the cgroup are allowed to use. - - name: kmem.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem.limit.bytes) was reached. - - name: kmem_tcp.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage for TCP buffers in bytes. - - name: kmem_tcp.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used for TCP buffers by processes in the cgroup (in bytes). - - name: kmem_tcp.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory for TCP buffers that tasks in the cgroup are allowed to use. - - name: kmem_tcp.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem_tcp.limit.bytes) was reached. - - name: stats.active_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs (shmem), in bytes. - - name: stats.active_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: File-backed memory on active LRU list, in bytes. - - name: stats.cache.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: Page cache, including tmpfs (shmem), in bytes. - - name: stats.hierarchical_memory_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.hierarchical_memsw_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory plus swap limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.inactive_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on inactive LRU list, including tmpfs (shmem), in bytes - - name: stats.inactive_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - File-backed memory on inactive LRU list, in bytes. - - name: stats.mapped_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Size of memory-mapped mapped files, including tmpfs (shmem), in bytes. - - name: stats.page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a page fault. - - name: stats.major_page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a major fault. "Major" faults happen when the kernel actually has to read the data from disk. - - name: stats.pages_in - type: long - metric_type: counter - description: | - Number of pages paged into memory. This is a counter. - - name: stats.pages_out - type: long - metric_type: counter - description: | - Number of pages paged out of memory. This is a counter. - - name: stats.rss.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache (includes transparent hugepages), not including tmpfs (shmem), in bytes. - - name: stats.rss_huge.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Number of bytes of anonymous transparent hugepages. - - name: stats.swap.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Swap usage, in bytes. - - name: stats.unevictable.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory that cannot be reclaimed, in bytes. - - name: blkio - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystems mountpoint. - - name: total.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total number of bytes transferred to and from all block devices by processes in the cgroup. - - name: total.ios - type: long - metric_type: counter - description: | - Total number of I/O operations performed on all devices by processes in the cgroup as seen by the throttling policy. diff --git a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/manifest.yml deleted file mode 100755 index c9fa19ace3..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/osquerybeat_metrics/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.osquerybeat -type: metrics -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/fields/base-fields.yml deleted file mode 100755 index 0d1791ffed..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/fields/base-fields.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/fields/ecs.yml deleted file mode 100755 index fcdde86458..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/fields/ecs.yml +++ /dev/null @@ -1,14 +0,0 @@ -- external: ecs - name: ecs.version -- name: log - title: Log - group: 2 - description: "Details about the event's logging mechanism or logging transport.\nThe log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`.\nThe details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields." - type: group - fields: - - name: level - level: core - type: keyword - ignore_above: 1024 - description: "Original log level of the log event.\nIf the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity).\nSome examples are `warn`, `err`, `i`, `informational`." - example: error diff --git a/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/fields/fields.yml deleted file mode 100755 index 24771ec504..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/fields/fields.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: message - type: text - title: Log Message -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 diff --git a/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/manifest.yml deleted file mode 100755 index b3168bebfe..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/packetbeat_logs/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.packetbeat -type: logs -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/agent.yml b/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/agent.yml deleted file mode 100755 index 79a7a39864..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/agent.yml +++ /dev/null @@ -1,180 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: "Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on." - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: "The cloud account or organization id used to identify different entities in a multi-tenant environment.\nExamples: AWS account id, Google Cloud ORG Id, or other unique identifier." - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: "Container fields are used for meta information about the specific container that is the source of information.\nThese fields help correlate data based containers from any runtime." - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: "A host is defined as a general computing instance.\nECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes." - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: "Name of the domain of which the host is a member.\nFor example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider." - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: "Hostname of the host.\nIt normally contains what the `hostname` command returns on the host machine." - - name: id - level: core - type: keyword - ignore_above: 1024 - description: "Unique host id.\nAs hostname is not always unique, use values that are meaningful in your environment.\nExample: The current usage of `beat.name`." - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: "Name of the host.\nIt can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use." - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: "Type of host.\nFor Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment." - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - diff --git a/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/base-fields.yml b/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/base-fields.yml deleted file mode 100755 index 0d1791ffed..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/base-fields.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/beat-fields.yml b/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/beat-fields.yml deleted file mode 100755 index 0c063d19ae..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/beat-fields.yml +++ /dev/null @@ -1,81 +0,0 @@ -- name: beat.type - descripion: Beat type. - type: keyword -- name: beat.stats - description: Beat stats - type: group - fields: - - name: libbeat - type: group - description: > - Fields common to all Beats - - fields: - - name: output - type: group - description: > - Output stats - - fields: - - name: events - type: group - description: > - Event counters - - fields: - - name: acked - type: long - description: > - Number of events acknowledged - - - name: active - type: long - description: > - Number of active events - - - name: batches - type: long - description: > - Number of event batches - - - name: dropped - type: long - description: > - Number of events dropped - - - name: duplicates - type: long - description: > - Number of events duplicated - - - name: failed - type: long - description: > - Number of events failed - - - name: toomany - type: long - description: > - Number of too many events - - - name: total - type: long - description: > - Total number of events - - - name: write - type: group - description: > - Write stats - - fields: - - name: bytes - type: long - description: > - Number of bytes written - - - name: errors - type: long - description: > - Number of write errors - diff --git a/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/ecs.yml b/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/ecs.yml deleted file mode 100755 index 32b642ce16..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/ecs.yml +++ /dev/null @@ -1,2 +0,0 @@ -- external: ecs - name: ecs.version diff --git a/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/fields.yml b/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/fields.yml deleted file mode 100755 index a516126a23..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/fields/fields.yml +++ /dev/null @@ -1,419 +0,0 @@ -- name: elastic_agent - title: Elastic Agent - description: Fields related to the Elastic Agents - type: group - fields: - - name: id - type: keyword - ignore_above: 1024 - description: Elastic Agent id. - - name: process - level: extended - type: keyword - ignore_above: 1024 - description: Process run by the Elastic Agent. - example: metricbeat - - name: snapshot - level: extended - type: boolean - description: Is the agent running from a snapshot build - - name: version - level: extended - type: keyword - ignore_above: 1024 - description: Elastic agent version. - example: 7.11.0 -- name: system.process - type: group - fields: - - name: cpu - type: group - fields: - - name: user.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in user space. - - name: total.value - type: long - metric_type: counter - description: | - The value of CPU usage since starting the process. - - name: system.ticks - type: long - metric_type: counter - description: | - The amount of CPU time the process spent in kernel space. - - name: total.ticks - type: long - metric_type: counter - description: | - The total CPU time spent by the process. - - name: total.time.ms - type: date - description: | - The time when the process was started. - - name: user.time.ms - type: date - description: | - The time when the process was started. - - name: system.time.ms - type: date - description: | - The time when the process was started. - - name: memory - type: group - fields: - - name: size - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The total virtual memory the process has. On Windows this represents the Commit Charge (the total amount of memory that the memory manager has committed for a running process) value in bytes for this process. - - name: fd - type: group - fields: - - name: open - type: long - metric_type: gauge - description: The number of file descriptors open by the process. - - name: limit.soft - type: long - metric_type: gauge - description: | - The soft limit on the number of file descriptors opened by the process. The soft limit can be changed by the process at any time. - - name: limit.hard - type: long - metric_type: gauge - description: | - The hard limit on the number of file descriptors opened by the process. The hard limit can only be raised by root. - - name: cgroup - type: group - fields: - - name: id - type: keyword - description: | - The ID common to all cgroups associated with this task. If there isn't a common ID used by all cgroups this field will be absent. - - name: path - type: keyword - description: | - The path to the cgroup relative to the cgroup subsystem's mountpoint. If there isn't a common path used by all cgroups this field will be absent. - - name: cpu - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: cfs.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources should be reallocated. - - name: cfs.quota.us - type: long - unit: micros - description: | - Total amount of time in microseconds for which all tasks in a cgroup can run during one period (as defined by cfs.period.us). - - name: cfs.shares - type: long - description: | - An integer value that specifies a relative share of CPU time available to the tasks in a cgroup. The value specified in the cpu.shares file must be 2 or higher. - - name: rt.period.us - type: long - unit: micros - description: | - Period of time in microseconds for how regularly a cgroup's access to CPU resources is reallocated. - - name: rt.runtime.us - type: long - unit: micros - description: | - Period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources. - - name: stats.periods - type: long - metric_type: counter - description: | - Number of period intervals (as specified in cpu.cfs.period.us) that have elapsed. - - name: stats.throttled.periods - type: long - metric_type: counter - description: | - Number of times tasks in a cgroup have been throttled (that is, not allowed to run because they have exhausted all of the available time as specified by their quota). - - name: stats.throttled.ns - type: long - metric_type: counter - unit: nanos - description: | - The total time duration (in nanoseconds) for which tasks in a cgroup have been throttled. - - name: cpuacct - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: total.ns - type: long - metric_type: counter - unit: nanos - description: | - Total CPU time in nanoseconds consumed by all tasks in the cgroup. - - name: stats.user.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user mode. - - name: stats.system.ns - type: long - metric_type: counter - unit: nanos - description: CPU time consumed by tasks in user (kernel) mode. - - name: percpu - type: object - description: | - CPU time (in nanoseconds) consumed on each CPU by all tasks in this cgroup. - - name: memory - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystem's mountpoint. - - name: mem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage by processes in the cgroup (in bytes). - - name: mem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used by processes in the cgroup (in bytes). - - name: mem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of user memory in bytes (including file cache) that tasks in the cgroup are allowed to use. - - name: mem.failures - type: long - description: | - The number of times that the memory limit (mem.limit.bytes) was reached. - - name: memsw.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The sum of current memory usage plus swap space used by processes in the cgroup (in bytes). - - name: memsw.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory and swap space used by processes in the cgroup (in bytes). - - name: memsw.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount for the sum of memory and swap usage that tasks in the cgroup are allowed to use. - - name: memsw.failures - type: long - unit: byte - metric_type: gauge - description: | - The number of times that the memory plus swap space limit (memsw.limit.bytes) was reached. - - name: kmem.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total kernel memory usage by processes in the cgroup (in bytes). - - name: kmem.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum kernel memory used by processes in the cgroup (in bytes). - - name: kmem.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of kernel memory that tasks in the cgroup are allowed to use. - - name: kmem.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem.limit.bytes) was reached. - - name: kmem_tcp.usage.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total memory usage for TCP buffers in bytes. - - name: kmem_tcp.usage.max.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum memory used for TCP buffers by processes in the cgroup (in bytes). - - name: kmem_tcp.limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - The maximum amount of memory for TCP buffers that tasks in the cgroup are allowed to use. - - name: kmem_tcp.failures - type: long - metric_type: counter - description: | - The number of times that the memory limit (kmem_tcp.limit.bytes) was reached. - - name: stats.active_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs (shmem), in bytes. - - name: stats.active_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: File-backed memory on active LRU list, in bytes. - - name: stats.cache.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: Page cache, including tmpfs (shmem), in bytes. - - name: stats.hierarchical_memory_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.hierarchical_memsw_limit.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory plus swap limit for the hierarchy that contains the memory cgroup, in bytes. - - name: stats.inactive_anon.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache on inactive LRU list, including tmpfs (shmem), in bytes - - name: stats.inactive_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - File-backed memory on inactive LRU list, in bytes. - - name: stats.mapped_file.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Size of memory-mapped mapped files, including tmpfs (shmem), in bytes. - - name: stats.page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a page fault. - - name: stats.major_page_faults - type: long - metric_type: counter - description: | - Number of times that a process in the cgroup triggered a major fault. "Major" faults happen when the kernel actually has to read the data from disk. - - name: stats.pages_in - type: long - metric_type: counter - description: | - Number of pages paged into memory. This is a counter. - - name: stats.pages_out - type: long - metric_type: counter - description: | - Number of pages paged out of memory. This is a counter. - - name: stats.rss.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Anonymous and swap cache (includes transparent hugepages), not including tmpfs (shmem), in bytes. - - name: stats.rss_huge.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Number of bytes of anonymous transparent hugepages. - - name: stats.swap.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Swap usage, in bytes. - - name: stats.unevictable.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Memory that cannot be reclaimed, in bytes. - - name: blkio - type: group - fields: - - name: id - type: keyword - description: ID of the cgroup. - - name: path - type: keyword - description: | - Path to the cgroup relative to the cgroup subsystems mountpoint. - - name: total.bytes - type: long - format: bytes - unit: byte - metric_type: gauge - description: | - Total number of bytes transferred to and from all block devices by processes in the cgroup. - - name: total.ios - type: long - metric_type: counter - description: | - Total number of I/O operations performed on all devices by processes in the cgroup as seen by the throttling policy. diff --git a/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/manifest.yml b/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/manifest.yml deleted file mode 100755 index 5e9feeebc1..0000000000 --- a/packages/elastic_agent/1.3.1/data_stream/packetbeat_metrics/manifest.yml +++ /dev/null @@ -1,7 +0,0 @@ -title: Elastic Agent -dataset: elastic_agent.packetbeat -type: metrics -elasticsearch: - index_template: - mappings: - dynamic: false diff --git a/packages/elastic_agent/1.3.1/docs/README.md b/packages/elastic_agent/1.3.1/docs/README.md deleted file mode 100755 index b3437704e6..0000000000 --- a/packages/elastic_agent/1.3.1/docs/README.md +++ /dev/null @@ -1,127 +0,0 @@ -# Elastic Agent Integration - -This integration provides observability for Elastic Agent metrics. It provides a dashboard to visualize the status of your agents so you can troubleshoot problems and determine when to add capacity. - -You can enable or disable agent monitoring in the agent policy settings. - -## Metrics - -### Core - -**Exported fields** - -| Field | Description | Type | -| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------- | -| @timestamp | Event timestamp. | date | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | -| cloud.image.id | Image ID for the cloud instance. | keyword | -| cloud.instance.id | Instance ID of the host machine. | keyword | -| cloud.instance.name | Instance name of the host machine. | keyword | -| cloud.machine.type | Machine type of the host machine. | keyword | -| cloud.project.id | Name of the project in Google Cloud. | keyword | -| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | -| container.id | Unique container id. | keyword | -| container.image.name | Name of the image the container was built on. | keyword | -| container.labels | Image labels. | object | -| container.name | Container name. | keyword | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| host.architecture | Operating system architecture. | keyword | -| host.containerized | If the host is a container. | boolean | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | -| host.ip | Host ip address. | ip | -| host.mac | Host mac address. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | -| host.os.build | OS build information. | keyword | -| host.os.codename | OS codename, if any. | keyword | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | -| host.os.full | Operating system name, including the version or code name. | keyword | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | -| host.os.name | Operating system name, without the version. | keyword | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.version | Operating system version as a raw string. | keyword | -| host.type | Type of host. | keyword | -| elastic_agent.id | | Elastic agent id. | -| elastic_agent.process | | Elastic agent process (elastic-agent, metricbeat, ...). | -| elastic_agent.version | | Elastic version as a raw string. | - -### Process - -The Elastic Agent `process` dataset provides process statistics about Elastic Agent processes. One document is -provided for each process. - -| Field | Description | Type | -| ------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| system.process.cpu.system.ticks | The amount of CPU time the process spent in kernel space. | long | -| system.process.cpu.system.time.me | The time when the process was started. | date | -| system.process.cpu.total.ticks | The total CPU time spent by the process. | long | -| system.process.cpu.total.value | The value of CPU usage since starting the process. | long | -| system.process.cpu.total.time.me | The time when the process was started. | date | -| system.process.cpu.user.ticks | The amount of CPU time the process spent in user space. | long | -| system.process.cpu.user.time.me | The time when the process was started. | date | -| system.process.env | The environment variables used to start the process. The data is available on FreeBSD, Linux, and OS X. | object | -| system.process.fd.limit.soft | The soft limit on the number of file descriptors opened by the process. The soft limit can be changed by the process at any time. | long | -| system.process.fd.open | The number of file descriptors open by the process. | long | -| system.process.memory.size | The total virtual memory the process has. On Windows this represents the Commit Charge (the total amount of memory that the memory manager has committed for a running process) value in bytes for this process. | long | -| system.process.cgroup.blkio.id | ID of the cgroup. | keyword | -| system.process.cgroup.blkio.path | Path to the cgroup relative to the cgroup subsystems mountpoint. | keyword | -| system.process.cgroup.blkio.total.bytes | Total number of bytes transferred to and from all block devices by processes in the cgroup. | long | -| system.process.cgroup.blkio.total.ios | Total number of I/O operations performed on all devices by processes in the cgroup as seen by the throttling policy. | long | -| system.process.cgroup.cpu.cfs.period.us | Period of time in microseconds for how regularly a cgroup's access to CPU resources should be reallocated. | long | -| system.process.cgroup.cpu.cfs.quota.us | Total amount of time in microseconds for which all tasks in a cgroup can run during one period (as defined by cfs.period.us). | long | -| system.process.cgroup.cpu.cfs.shares | An integer value that specifies a relative share of CPU time available to the tasks in a cgroup. The value specified in the cpu.shares file must be 2 or higher. | long | -| system.process.cgroup.cpu.id | ID of the cgroup. | keyword | -| system.process.cgroup.cpu.path | Path to the cgroup relative to the cgroup subsystem's mountpoint. | keyword | -| system.process.cgroup.cpu.rt.period.us | Period of time in microseconds for how regularly a cgroup's access to CPU resources is reallocated. | long | -| system.process.cgroup.cpu.rt.runtime.us | Period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources. | long | -| system.process.cgroup.cpu.stats.periods | Number of period intervals (as specified in cpu.cfs.period.us) that have elapsed. | long | -| system.process.cgroup.cpu.stats.throttled.ns | The total time duration (in nanoseconds) for which tasks in a cgroup have been throttled. | long | -| system.process.cgroup.cpu.stats.throttled.periods | Number of times tasks in a cgroup have been throttled (that is, not allowed to run because they have exhausted all of the available time as specified by their quota). | long | -| system.process.cgroup.cpuacct.id | ID of the cgroup. | keyword | -| system.process.cgroup.cpuacct.path | Path to the cgroup relative to the cgroup subsystem's mountpoint. | keyword | -| system.process.cgroup.cpuacct.percpu | CPU time (in nanoseconds) consumed on each CPU by all tasks in this cgroup. | object | -| system.process.cgroup.cpuacct.stats.system.ns | CPU time consumed by tasks in user (kernel) mode. | long | -| system.process.cgroup.cpuacct.stats.user.ns | CPU time consumed by tasks in user mode. | long | -| system.process.cgroup.cpuacct.total.ns | Total CPU time in nanoseconds consumed by all tasks in the cgroup. | long | -| system.process.cgroup.id | The ID common to all cgroups associated with this task. If there isn't a common ID used by all cgroups this field will be absent. | keyword | -| system.process.cgroup.memory.id | ID of the cgroup. | keyword | -| system.process.cgroup.memory.kmem.failures | The number of times that the memory limit (kmem.limit.bytes) was reached. | long | -| system.process.cgroup.memory.kmem.limit.bytes | The maximum amount of kernel memory that tasks in the cgroup are allowed to use. | long | -| system.process.cgroup.memory.kmem.usage.bytes | Total kernel memory usage by processes in the cgroup (in bytes). | long | -| system.process.cgroup.memory.kmem.usage.max.bytes | The maximum kernel memory used by processes in the cgroup (in bytes). | long | -| system.process.cgroup.memory.kmem_tcp.failures | The number of times that the memory limit (kmem_tcp.limit.bytes) was reached. | long | -| system.process.cgroup.memory.kmem_tcp.limit.bytes | The maximum amount of memory for TCP buffers that tasks in the cgroup are allowed to use. | long | -| system.process.cgroup.memory.kmem_tcp.usage.bytes | Total memory usage for TCP buffers in bytes. | long | -| system.process.cgroup.memory.kmem_tcp.usage.max.bytes | The maximum memory used for TCP buffers by processes in the cgroup (in bytes). | long | -| system.process.cgroup.memory.mem.failures | The number of times that the memory limit (mem.limit.bytes) was reached. | long | -| system.process.cgroup.memory.mem.limit.bytes | The maximum amount of user memory in bytes (including file cache) that tasks in the cgroup are allowed to use. | long | -| system.process.cgroup.memory.mem.usage.bytes | Total memory usage by processes in the cgroup (in bytes). | long | -| system.process.cgroup.memory.mem.usage.max.bytes | The maximum memory used by processes in the cgroup (in bytes). | long | -| system.process.cgroup.memory.memsw.failures | The number of times that the memory plus swap space limit (memsw.limit.bytes) was reached. | long | -| system.process.cgroup.memory.memsw.limit.bytes | The maximum amount for the sum of memory and swap usage that tasks in the cgroup are allowed to use. | long | -| system.process.cgroup.memory.memsw.usage.bytes | The sum of current memory usage plus swap space used by processes in the cgroup (in bytes). | long | -| system.process.cgroup.memory.memsw.usage.max.bytes | The maximum amount of memory and swap space used by processes in the cgroup (in bytes). | long | -| system.process.cgroup.memory.path | Path to the cgroup relative to the cgroup subsystem's mountpoint. | keyword | -| system.process.cgroup.memory.stats.active_anon.bytes | Anonymous and swap cache on active least-recently-used (LRU) list, including tmpfs (shmem), in bytes. | long | -| system.process.cgroup.memory.stats.active_file.bytes | File-backed memory on active LRU list, in bytes. | long | -| system.process.cgroup.memory.stats.cache.bytes | Page cache, including tmpfs (shmem), in bytes. | long | -| system.process.cgroup.memory.stats.hierarchical_memory_limit.bytes | Memory limit for the hierarchy that contains the memory cgroup, in bytes. | long | -| system.process.cgroup.memory.stats.hierarchical_memsw_limit.bytes | Memory plus swap limit for the hierarchy that contains the memory cgroup, in bytes. | long | -| system.process.cgroup.memory.stats.inactive_anon.bytes | Anonymous and swap cache on inactive LRU list, including tmpfs (shmem), in bytes | long | -| system.process.cgroup.memory.stats.inactive_file.bytes | File-backed memory on inactive LRU list, in bytes. | long | -| system.process.cgroup.memory.stats.major_page_faults | Number of times that a process in the cgroup triggered a major fault. "Major" faults happen when the kernel actually has to read the data from disk. | long | -| system.process.cgroup.memory.stats.mapped_file.bytes | Size of memory-mapped mapped files, including tmpfs (shmem), in bytes. | long | -| system.process.cgroup.memory.stats.page_faults | Number of times that a process in the cgroup triggered a page fault. | long | -| system.process.cgroup.memory.stats.pages_in | Number of pages paged into memory. This is a counter. | long | -| system.process.cgroup.memory.stats.pages_out | Number of pages paged out of memory. This is a counter. | long | -| system.process.cgroup.memory.stats.rss.bytes | Anonymous and swap cache (includes transparent hugepages), not including tmpfs (shmem), in bytes. | long | -| system.process.cgroup.memory.stats.rss_huge.bytes | Number of bytes of anonymous transparent hugepages. | long | -| system.process.cgroup.memory.stats.swap.bytes | Swap usage, in bytes. | long | -| system.process.cgroup.memory.stats.unevictable.bytes | Memory that cannot be reclaimed, in bytes. | long | -| system.process.cgroup.path | The path to the cgroup relative to the cgroup subsystem's mountpoint. If there isn't a common path used by all cgroups this field will be absent. | keyword | - diff --git a/packages/elastic_agent/1.3.1/img/elastic_agent_metrics.png b/packages/elastic_agent/1.3.1/img/elastic_agent_metrics.png deleted file mode 100755 index c1898d82cb..0000000000 Binary files a/packages/elastic_agent/1.3.1/img/elastic_agent_metrics.png and /dev/null differ diff --git a/packages/elastic_agent/1.3.1/img/logo_elastic_agent.svg b/packages/elastic_agent/1.3.1/img/logo_elastic_agent.svg deleted file mode 100755 index 6597f90154..0000000000 --- a/packages/elastic_agent/1.3.1/img/logo_elastic_agent.svg +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/packages/elastic_agent/1.3.1/kibana/dashboard/elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395.json b/packages/elastic_agent/1.3.1/kibana/dashboard/elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395.json deleted file mode 100755 index 6f84737477..0000000000 --- a/packages/elastic_agent/1.3.1/kibana/dashboard/elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "Elastic Agent metrics dashboard", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}" - }, - "optionsJSON": "{\"hidePanelTitles\":false,\"syncColors\":true,\"useMargins\":true}", - "panelsJSON": "[{\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"host.name\",\"id\":\"1628695092511\",\"indexPatternRefName\":\"control_8e715e81-4077-4e7d-9c67-af1d1c98af00_0_index_pattern\",\"label\":\"Host name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":false,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"\",\"type\":\"input_control_vis\",\"uiState\":{}}},\"gridData\":{\"h\":6,\"i\":\"8e715e81-4077-4e7d-9c67-af1d1c98af00\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"8e715e81-4077-4e7d-9c67-af1d1c98af00\",\"title\":\"Host name\",\"type\":\"visualization\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":9,\"i\":\"aff03363-b1bf-4d47-9325-3dff44b5e758\",\"w\":24,\"x\":0,\"y\":6},\"panelIndex\":\"aff03363-b1bf-4d47-9325-3dff44b5e758\",\"panelRefName\":\"panel_aff03363-b1bf-4d47-9325-3dff44b5e758\",\"type\":\"visualization\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":9,\"i\":\"5f518ab9-9366-40e5-837b-1b5080d29da3\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"5f518ab9-9366-40e5-837b-1b5080d29da3\",\"panelRefName\":\"panel_5f518ab9-9366-40e5-837b-1b5080d29da3\",\"type\":\"visualization\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":9,\"i\":\"8597b0ac-485c-4749-a2d9-7b8263429ee0\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"8597b0ac-485c-4749-a2d9-7b8263429ee0\",\"panelRefName\":\"panel_8597b0ac-485c-4749-a2d9-7b8263429ee0\",\"title\":\"[Elastic Agent] CGroup Memory usage \",\"type\":\"visualization\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":9,\"i\":\"9ce78b52-e345-4cfd-b2ad-9819e55aaa7a\",\"w\":24,\"x\":0,\"y\":24},\"panelIndex\":\"9ce78b52-e345-4cfd-b2ad-9819e55aaa7a\",\"panelRefName\":\"panel_9ce78b52-e345-4cfd-b2ad-9819e55aaa7a\",\"type\":\"visualization\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":9,\"i\":\"e58a6da2-e479-4895-a61b-74c3b673c4d9\",\"w\":24,\"x\":0,\"y\":33},\"panelIndex\":\"e58a6da2-e479-4895-a61b-74c3b673c4d9\",\"panelRefName\":\"panel_e58a6da2-e479-4895-a61b-74c3b673c4d9\",\"type\":\"lens\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":9,\"i\":\"89fea7c1-0908-4710-8b65-1f727f5cab24\",\"w\":24,\"x\":24,\"y\":33},\"panelIndex\":\"89fea7c1-0908-4710-8b65-1f727f5cab24\",\"panelRefName\":\"panel_89fea7c1-0908-4710-8b65-1f727f5cab24\",\"type\":\"lens\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":9,\"i\":\"b26d8fac-812f-44bf-ad83-acee853b0476\",\"w\":24,\"x\":0,\"y\":42},\"panelIndex\":\"b26d8fac-812f-44bf-ad83-acee853b0476\",\"panelRefName\":\"panel_b26d8fac-812f-44bf-ad83-acee853b0476\",\"title\":\"[Elastic Agent] Errors in writing the response from the output\",\"type\":\"lens\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":9,\"i\":\"6e45d7b4-8857-448f-8f26-1a63a49d3a78\",\"w\":24,\"x\":24,\"y\":24},\"panelIndex\":\"6e45d7b4-8857-448f-8f26-1a63a49d3a78\",\"panelRefName\":\"panel_6e45d7b4-8857-448f-8f26-1a63a49d3a78\",\"type\":\"lens\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":9,\"i\":\"39247b7d-eb88-4015-b11f-a1105b9fae71\",\"w\":24,\"x\":24,\"y\":6},\"panelIndex\":\"39247b7d-eb88-4015-b11f-a1105b9fae71\",\"panelRefName\":\"panel_39247b7d-eb88-4015-b11f-a1105b9fae71\",\"type\":\"visualization\",\"version\":\"7.15.0-SNAPSHOT\"}]", - "timeRestore": false, - "title": "[Elastic Agent] Agent metrics", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395", - "migrationVersion": { - "dashboard": "7.14.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "8e715e81-4077-4e7d-9c67-af1d1c98af00:control_8e715e81-4077-4e7d-9c67-af1d1c98af00_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "elastic_agent-a11c250a-865f-4eb2-9441-882d229313be", - "name": "aff03363-b1bf-4d47-9325-3dff44b5e758:panel_aff03363-b1bf-4d47-9325-3dff44b5e758", - "type": "visualization" - }, - { - "id": "elastic_agent-93a8a11d-b2da-4ef3-81dc-c7040560ffde", - "name": "5f518ab9-9366-40e5-837b-1b5080d29da3:panel_5f518ab9-9366-40e5-837b-1b5080d29da3", - "type": "visualization" - }, - { - "id": "elastic_agent-69219f50-febc-11eb-9a5b-19cc90b68e55", - "name": "8597b0ac-485c-4749-a2d9-7b8263429ee0:panel_8597b0ac-485c-4749-a2d9-7b8263429ee0", - "type": "visualization" - }, - { - "id": "elastic_agent-47d87552-8421-4cfc-bc5d-4a7205f5b007", - "name": "9ce78b52-e345-4cfd-b2ad-9819e55aaa7a:panel_9ce78b52-e345-4cfd-b2ad-9819e55aaa7a", - "type": "visualization" - }, - { - "id": "elastic_agent-27798780-0037-11ec-af6c-1740f74b2d73", - "name": "e58a6da2-e479-4895-a61b-74c3b673c4d9:panel_e58a6da2-e479-4895-a61b-74c3b673c4d9", - "type": "lens" - }, - { - "id": "elastic_agent-409f5d70-0037-11ec-af6c-1740f74b2d73", - "name": "89fea7c1-0908-4710-8b65-1f727f5cab24:panel_89fea7c1-0908-4710-8b65-1f727f5cab24", - "type": "lens" - }, - { - "id": "elastic_agent-58677820-0037-11ec-af6c-1740f74b2d73", - "name": "b26d8fac-812f-44bf-ad83-acee853b0476:panel_b26d8fac-812f-44bf-ad83-acee853b0476", - "type": "lens" - }, - { - "id": "elastic_agent-6e88c0a0-0037-11ec-af6c-1740f74b2d73", - "name": "6e45d7b4-8857-448f-8f26-1a63a49d3a78:panel_6e45d7b4-8857-448f-8f26-1a63a49d3a78", - "type": "lens" - }, - { - "id": "elastic_agent-819241d0-0037-11ec-af6c-1740f74b2d73", - "name": "39247b7d-eb88-4015-b11f-a1105b9fae71:panel_39247b7d-eb88-4015-b11f-a1105b9fae71", - "type": "visualization" - } - ], - "type": "dashboard" -} \ No newline at end of file diff --git a/packages/elastic_agent/1.3.1/kibana/lens/elastic_agent-27798780-0037-11ec-af6c-1740f74b2d73.json b/packages/elastic_agent/1.3.1/kibana/lens/elastic_agent-27798780-0037-11ec-af6c-1740f74b2d73.json deleted file mode 100755 index 529d672255..0000000000 --- a/packages/elastic_agent/1.3.1/kibana/lens/elastic_agent-27798780-0037-11ec-af6c-1740f74b2d73.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "Total events processed by the output (including retries). (From beat.stats.libbeat.output.events.total)", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ad65be36-0be3-4937-8f41-ec9e48adfce6": { - "columnOrder": [ - "2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a", - "49cd060d-6f21-4d81-ad6b-1c8462c97353", - "e201a210-6e89-4d72-9d9c-a00b036fb0eb", - "f5cbe487-2a43-425b-9cd1-40283e5e596c" - ], - "columns": { - "2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of beat.type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "beat.type" - }, - "49cd060d-6f21-4d81-ad6b-1c8462c97353": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "e201a210-6e89-4d72-9d9c-a00b036fb0eb": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "data_stream.dataset : \"elastic_agent.*\" " - }, - "isBucketed": false, - "label": "Events Rate /s", - "operationType": "counter_rate", - "references": [ - "f5cbe487-2a43-425b-9cd1-40283e5e596c" - ], - "scale": "ratio", - "timeScale": "s" - }, - "f5cbe487-2a43-425b-9cd1-40283e5e596c": { - "dataType": "number", - "isBucketed": false, - "label": "Maximum of beat.stats.libbeat.output.events.total", - "operationType": "max", - "scale": "ratio", - "sourceField": "beat.stats.libbeat.output.events.total" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e201a210-6e89-4d72-9d9c-a00b036fb0eb" - ], - "layerId": "ad65be36-0be3-4937-8f41-ec9e48adfce6", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a", - "xAccessor": "49cd060d-6f21-4d81-ad6b-1c8462c97353" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "[Elastic Agent] Total events rate /s", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.15.0", - "id": "elastic_agent-27798780-0037-11ec-af6c-1740f74b2d73", - "migrationVersion": { - "lens": "7.14.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/elastic_agent/1.3.1/kibana/lens/elastic_agent-409f5d70-0037-11ec-af6c-1740f74b2d73.json b/packages/elastic_agent/1.3.1/kibana/lens/elastic_agent-409f5d70-0037-11ec-af6c-1740f74b2d73.json deleted file mode 100755 index 6b8e975c90..0000000000 --- a/packages/elastic_agent/1.3.1/kibana/lens/elastic_agent-409f5d70-0037-11ec-af6c-1740f74b2d73.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "attributes": { - "description": "Events acknowledged by the output (includes events dropped by the output). (From beat.stats.libbeat.output.events.acked)", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ad65be36-0be3-4937-8f41-ec9e48adfce6": { - "columnOrder": [ - "2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a", - "49cd060d-6f21-4d81-ad6b-1c8462c97353", - "e201a210-6e89-4d72-9d9c-a00b036fb0eb", - "f5cbe487-2a43-425b-9cd1-40283e5e596c" - ], - "columns": { - "2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of beat.type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "beat.type" - }, - "49cd060d-6f21-4d81-ad6b-1c8462c97353": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "e201a210-6e89-4d72-9d9c-a00b036fb0eb": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "data_stream.dataset : \"elastic_agent.*\" " - }, - "isBucketed": false, - "label": "Events Rate /s", - "operationType": "counter_rate", - "references": [ - "f5cbe487-2a43-425b-9cd1-40283e5e596c" - ], - "scale": "ratio", - "timeScale": "s" - }, - "f5cbe487-2a43-425b-9cd1-40283e5e596c": { - "dataType": "number", - "isBucketed": false, - "label": "Maximum of beat.stats.libbeat.output.events.acked", - "operationType": "max", - "scale": "ratio", - "sourceField": "beat.stats.libbeat.output.events.acked" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e201a210-6e89-4d72-9d9c-a00b036fb0eb" - ], - "layerId": "ad65be36-0be3-4937-8f41-ec9e48adfce6", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a", - "xAccessor": "49cd060d-6f21-4d81-ad6b-1c8462c97353" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "[Elastic Agent] Events acknowledged rate /s", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.15.0", - "id": "elastic_agent-409f5d70-0037-11ec-af6c-1740f74b2d73", - "migrationVersion": { - "lens": "7.14.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/elastic_agent/1.3.1/kibana/lens/elastic_agent-58677820-0037-11ec-af6c-1740f74b2d73.json b/packages/elastic_agent/1.3.1/kibana/lens/elastic_agent-58677820-0037-11ec-af6c-1740f74b2d73.json deleted file mode 100755 index 979fa555b3..0000000000 --- a/packages/elastic_agent/1.3.1/kibana/lens/elastic_agent-58677820-0037-11ec-af6c-1740f74b2d73.json +++ /dev/null @@ -1,151 +0,0 @@ -{ - "attributes": { - "description": "Errors in writing the response from the output. (From beat.stats.libbeat.output.write.errors)", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ad65be36-0be3-4937-8f41-ec9e48adfce6": { - "columnOrder": [ - "cb2f461c-587a-4f6a-8ad4-e4b0f61c9541", - "49cd060d-6f21-4d81-ad6b-1c8462c97353", - "e201a210-6e89-4d72-9d9c-a00b036fb0eb", - "f5cbe487-2a43-425b-9cd1-40283e5e596c" - ], - "columns": { - "49cd060d-6f21-4d81-ad6b-1c8462c97353": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "cb2f461c-587a-4f6a-8ad4-e4b0f61c9541": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Beat types", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "beat.type" - }, - "e201a210-6e89-4d72-9d9c-a00b036fb0eb": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "data_stream.dataset : \"elastic_agent.*\" " - }, - "isBucketed": false, - "label": "Output Errors", - "operationType": "counter_rate", - "references": [ - "f5cbe487-2a43-425b-9cd1-40283e5e596c" - ], - "scale": "ratio", - "timeScale": "s" - }, - "f5cbe487-2a43-425b-9cd1-40283e5e596c": { - "dataType": "number", - "isBucketed": false, - "label": "Maximum of beat.stats.libbeat.output.write.errors", - "operationType": "max", - "scale": "ratio", - "sourceField": "beat.stats.libbeat.output.write.errors" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e201a210-6e89-4d72-9d9c-a00b036fb0eb" - ], - "layerId": "ad65be36-0be3-4937-8f41-ec9e48adfce6", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "cb2f461c-587a-4f6a-8ad4-e4b0f61c9541", - "xAccessor": "49cd060d-6f21-4d81-ad6b-1c8462c97353" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "[Elastic Agent] Output write errors", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.15.0", - "id": "elastic_agent-58677820-0037-11ec-af6c-1740f74b2d73", - "migrationVersion": { - "lens": "7.14.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/elastic_agent/1.3.1/kibana/lens/elastic_agent-6e88c0a0-0037-11ec-af6c-1740f74b2d73.json b/packages/elastic_agent/1.3.1/kibana/lens/elastic_agent-6e88c0a0-0037-11ec-af6c-1740f74b2d73.json deleted file mode 100755 index 8ede7d9782..0000000000 --- a/packages/elastic_agent/1.3.1/kibana/lens/elastic_agent-6e88c0a0-0037-11ec-af6c-1740f74b2d73.json +++ /dev/null @@ -1,158 +0,0 @@ -{ - "attributes": { - "description": "Bytes written to the output (consists of size of network headers and compressed payload)", - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "47363713-6910-43c5-9f85-328b9ee18f0d": { - "columnOrder": [ - "009f999d-bdb4-4b3f-a031-06d2a7173a57", - "754d7a35-095e-4905-ad7d-23d89edaf74f", - "c601246c-06f3-4f94-9d2a-a950eb4d499e", - "672c59a5-1ad7-4f2b-89a5-cb3920d94e4b" - ], - "columns": { - "009f999d-bdb4-4b3f-a031-06d2a7173a57": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of beat.type", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "beat.type" - }, - "672c59a5-1ad7-4f2b-89a5-cb3920d94e4b": { - "dataType": "number", - "isBucketed": false, - "label": "Maximum of beat.stats.libbeat.output.write.bytes", - "operationType": "max", - "scale": "ratio", - "sourceField": "beat.stats.libbeat.output.write.bytes" - }, - "754d7a35-095e-4905-ad7d-23d89edaf74f": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "c601246c-06f3-4f94-9d2a-a950eb4d499e": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "data_stream.dataset : \"elastic_agent.*\" " - }, - "isBucketed": false, - "label": "Bytes sent/s", - "operationType": "counter_rate", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - } - }, - "references": [ - "672c59a5-1ad7-4f2b-89a5-cb3920d94e4b" - ], - "scale": "ratio", - "timeScale": "s" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "c601246c-06f3-4f94-9d2a-a950eb4d499e" - ], - "layerId": "47363713-6910-43c5-9f85-328b9ee18f0d", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "009f999d-bdb4-4b3f-a031-06d2a7173a57", - "xAccessor": "754d7a35-095e-4905-ad7d-23d89edaf74f" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "[Elastic Agent] Output write throughput", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.15.0", - "id": "elastic_agent-6e88c0a0-0037-11ec-af6c-1740f74b2d73", - "migrationVersion": { - "lens": "7.14.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-47363713-6910-43c5-9f85-328b9ee18f0d", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-47d87552-8421-4cfc-bc5d-4a7205f5b007.json b/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-47d87552-8421-4cfc-bc5d-4a7205f5b007.json deleted file mode 100755 index 7791f67e3b..0000000000 --- a/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-47d87552-8421-4cfc-bc5d-4a7205f5b007.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "attributes": { - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}" - }, - "title": "[Elastic Agent] Open Handles", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.elastic_agent\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Open Handles\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.fd.open\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"elastic_agent.process\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"[Elastic Agent] Open Handles\",\"type\":\"metrics\"}" - }, - "coreMigrationVersion": "7.15.0", - "id": "elastic_agent-47d87552-8421-4cfc-bc5d-4a7205f5b007", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-69219f50-febc-11eb-9a5b-19cc90b68e55.json b/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-69219f50-febc-11eb-9a5b-19cc90b68e55.json deleted file mode 100755 index fe69a92a3e..0000000000 --- a/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-69219f50-febc-11eb-9a5b-19cc90b68e55.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}" - }, - "title": "[Elastic Agent] Memory usage (copy)", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.5\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.elastic_agent\\\" \"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"CGroup Memory usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.cgroup.memory.mem.usage.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"override_index_pattern\":0,\"point_size\":1,\"separate_axis\":0,\"series_index_pattern\":\"metrics-*\",\"split_color_mode\":\"kibana\",\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"elastic_agent.process\",\"type\":\"timeseries\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(211,96,134,1)\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.elastic_agent\\\" \"},\"formatter\":\"bytes\",\"id\":\"0a454d00-febd-11eb-9943-cf1fa8e46928\",\"label\":\"Container memory limit\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.cgroup.memory.mem.limit.bytes\",\"id\":\"0a454d01-febd-11eb-9943-cf1fa8e46928\",\"type\":\"max\"},{\"id\":\"53b0dac0-febf-11eb-9943-cf1fa8e46928\",\"script\":\"if (params.memory_limit \\u003c 999999999999999999L) {\\n return params.memory_limit;\\n}\\n\",\"type\":\"calculation\",\"variables\":[{\"field\":\"0a454d01-febd-11eb-9943-cf1fa8e46928\",\"id\":\"7426ca80-febf-11eb-9943-cf1fa8e46928\",\"name\":\"memory_limit\"}]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_index_pattern\":\"\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"[Elastic Agent] Memory usage (copy)\",\"type\":\"metrics\"}" - }, - "coreMigrationVersion": "7.15.0", - "id": "elastic_agent-69219f50-febc-11eb-9a5b-19cc90b68e55", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-819241d0-0037-11ec-af6c-1740f74b2d73.json b/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-819241d0-0037-11ec-af6c-1740f74b2d73.json deleted file mode 100755 index d3c2e1af61..0000000000 --- a/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-819241d0-0037-11ec-af6c-1740f74b2d73.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}" - }, - "title": "[Elastic Agent] CGroup CPU Usage", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"f0383b91-4a09-4b03-a013-f5938add6bfa\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.elastic_agent\\\" \"},\"formatter\":\"number\",\"id\":\"a35c4256-5cee-4b6a-ae21-bdd0f0f6d4a2\",\"label\":\"Cgroup CPU usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.cgroup.cpuacct.total.ns\",\"id\":\"458710e3-e78d-4ebf-b9c7-3b1ca8bfc55a\",\"type\":\"max\"},{\"field\":\"system.process.cgroup.cpu.cfs.quota.us\",\"id\":\"5a08b810-fc31-11eb-9d3e-9d72967e3395\",\"type\":\"min\"},{\"field\":\"458710e3-e78d-4ebf-b9c7-3b1ca8bfc55a\",\"id\":\"391dc9f0-fc32-11eb-9d3e-9d72967e3395\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"90f31960-fc31-11eb-9d3e-9d72967e3395\",\"id\":\"4661f000-fc32-11eb-9d3e-9d72967e3395\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"system.process.cgroup.cpu.stats.periods\",\"id\":\"90f31960-fc31-11eb-9d3e-9d72967e3395\",\"type\":\"max\"},{\"id\":\"5c737680-fc31-11eb-9d3e-9d72967e3395\",\"script\":\"\\n if (params.deltaUsageDerivNormalizedValue \\u003e 0 \\u0026\\u0026 params.periodsDerivNormalizedValue \\u003e0 \\u0026\\u0026 params.quota \\u003e 0) {\\n // if throttling is configured\\n double factor = params.deltaUsageDerivNormalizedValue / (params.periodsDerivNormalizedValue * params.quota * 1000); \\n\\n return factor * 100; \\n }\\n\\n return null;\",\"type\":\"calculation\",\"variables\":[{\"field\":\"391dc9f0-fc32-11eb-9d3e-9d72967e3395\",\"id\":\"60300950-fc31-11eb-9d3e-9d72967e3395\",\"name\":\"deltaUsageDerivNormalizedValue\"},{\"field\":\"4661f000-fc32-11eb-9d3e-9d72967e3395\",\"id\":\"d6060d50-fc31-11eb-9d3e-9d72967e3395\",\"name\":\"periodsDerivNormalizedValue\"},{\"field\":\"5a08b810-fc31-11eb-9d3e-9d72967e3395\",\"id\":\"e3368450-fc31-11eb-9d3e-9d72967e3395\",\"name\":\"quota\"}]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"elastic_agent.process\",\"type\":\"timeseries\",\"value_template\":\"{{value}}%\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"use_kibana_indexes\":true},\"title\":\"[Elastic Agent] CGroup CPU Usage\",\"type\":\"metrics\"}" - }, - "coreMigrationVersion": "7.15.0", - "id": "elastic_agent-819241d0-0037-11ec-af6c-1740f74b2d73", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "metrics_0_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-93a8a11d-b2da-4ef3-81dc-c7040560ffde.json b/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-93a8a11d-b2da-4ef3-81dc-c7040560ffde.json deleted file mode 100755 index 05a94eed6b..0000000000 --- a/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-93a8a11d-b2da-4ef3-81dc-c7040560ffde.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}" - }, - "title": "[Elastic Agent] Memory usage", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.5\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.elastic_agent\\\" \"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Memory usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.memory.size\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"elastic_agent.process\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"[Elastic Agent] Memory usage\",\"type\":\"metrics\"}" - }, - "coreMigrationVersion": "7.15.0", - "id": "elastic_agent-93a8a11d-b2da-4ef3-81dc-c7040560ffde", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-a11c250a-865f-4eb2-9441-882d229313be.json b/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-a11c250a-865f-4eb2-9441-882d229313be.json deleted file mode 100755 index 16feebb654..0000000000 --- a/packages/elastic_agent/1.3.1/kibana/visualization/elastic_agent-a11c250a-865f-4eb2-9441-882d229313be.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}" - }, - "title": "[Elastic Agent] CPU Usage", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.elastic_agent\\\" \"},\"formatter\":\"percent\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"CPU usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.cpu.total.value\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"},{\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"id\":\"42fea6f0-3da7-11eb-a63c-0f13e40aab83\",\"type\":\"derivative\",\"unit\":\"\"},{\"id\":\"48fd6190-3da7-11eb-a63c-0f13e40aab83\",\"script\":\"if (params.cpu_total \\u003e 0) {\\n return params.cpu_total / params._interval \\n}\\n\\n\",\"type\":\"calculation\",\"variables\":[{\"field\":\"42fea6f0-3da7-11eb-a63c-0f13e40aab83\",\"id\":\"4b81c280-3da7-11eb-a63c-0f13e40aab83\",\"name\":\"cpu_total\"}]}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"elastic_agent.process\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"[Elastic Agent] CPU Usage\",\"type\":\"metrics\"}" - }, - "coreMigrationVersion": "7.15.0", - "id": "elastic_agent-a11c250a-865f-4eb2-9441-882d229313be", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/elastic_agent/1.3.1/manifest.yml b/packages/elastic_agent/1.3.1/manifest.yml deleted file mode 100755 index fbbcc00ea9..0000000000 --- a/packages/elastic_agent/1.3.1/manifest.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: elastic_agent -title: Elastic Agent -version: 1.3.1 -release: ga -description: Collect logs and metrics from Elastic Agents. -type: integration -format_version: 1.0.0 -license: basic -categories: ["elastic_stack"] -conditions: - kibana.version: "^7.16.0 || ^8.0.0" -owner: - github: elastic/elastic-agent-control-plane -icons: - - src: /img/logo_elastic_agent.svg - title: logo Elastic Agent - size: 64x64 - type: image/svg+xml -screenshots: - - src: /img/elastic_agent_metrics.png - title: Elastic Agent metrics - size: 3000x1500 - type: image/png