Standardize additional cloud metadata (#816)

Author: graphaelli

CHANGELOG.next.md

@@ -22,6 +22,7 @@ Thanks, you're awesome :-) -->
 
 * Add architecture and imphash for PE field set. (#763)
 * Added `agent.build.*` for extended agent version information. (#764)
+* Added more account and project cloud metadata. (#816)
 
 #### Improvements
 

code/go/ecs/cloud.go

@@ -489,6 +489,21 @@ example: `666777888999`
 
 // ===============================================================
 
+| cloud.account.name
+| The cloud account name or alias used to identify different entities in a multi-tenant environment.
+
+Examples: AWS account name, Google Cloud ORG display name.
+
+type: keyword
+
+
+
+example: `elastic-dev`
+
+| extended
+
+// ===============================================================
+
 | cloud.availability_zone
 | Availability zone in which this host is running.
 
@@ -541,6 +556,36 @@ example: `t2.medium`
 
 // ===============================================================
 
+| cloud.project.id
+| The cloud project identifier.
+
+Examples: Google Cloud Project id, Azure Project id.
+
+type: keyword
+
+
+
+example: `my-project`
+
+| extended
+
+// ===============================================================
+
+| cloud.project.name
+| The cloud project name.
+
+Examples: Google Cloud Project name, Azure Project name.
+
+type: keyword
+
+
+
+example: `my project`
+
+| extended
+
+// ===============================================================
+
 | cloud.provider
 | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.
 

docs/field-details.asciidoc

@@ -400,6 +400,16 @@
 
         Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.'
       example: 666777888999
+    - name: account.name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'The cloud account name or alias used to identify different entities
+        in a multi-tenant environment.
+
+        Examples: AWS account name, Google Cloud ORG display name.'
+      example: elastic-dev
+      default_field: false
     - name: availability_zone
       level: extended
       type: keyword
@@ -423,6 +433,24 @@
       ignore_above: 1024
       description: Machine type of the host machine.
       example: t2.medium
+    - name: project.id
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'The cloud project identifier.
+
+        Examples: Google Cloud Project id, Azure Project id.'
+      example: my-project
+      default_field: false
+    - name: project.name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'The cloud project name.
+
+        Examples: Google Cloud Project name, Azure Project name.'
+      example: my project
+      default_field: false
     - name: provider
       level: extended
       type: keyword

generated/beats/fields.ecs.yml

@@ -43,10 +43,13 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 1.6.0-dev,true,client,client.user.name,keyword,core,,albert,Short name or login of the user.
 1.6.0-dev,true,client,client.user.name.text,text,core,,albert,Short name or login of the user.
 1.6.0-dev,true,cloud,cloud.account.id,keyword,extended,,666777888999,The cloud account or organization id.
+1.6.0-dev,true,cloud,cloud.account.name,keyword,extended,,elastic-dev,The cloud account name.
 1.6.0-dev,true,cloud,cloud.availability_zone,keyword,extended,,us-east-1c,Availability zone in which this host is running.
 1.6.0-dev,true,cloud,cloud.instance.id,keyword,extended,,i-1234567890abcdef0,Instance ID of the host machine.
 1.6.0-dev,true,cloud,cloud.instance.name,keyword,extended,,,Instance name of the host machine.
 1.6.0-dev,true,cloud,cloud.machine.type,keyword,extended,,t2.medium,Machine type of the host machine.
+1.6.0-dev,true,cloud,cloud.project.id,keyword,extended,,my-project,The cloud project id.
+1.6.0-dev,true,cloud,cloud.project.name,keyword,extended,,my project,The cloud project name.
 1.6.0-dev,true,cloud,cloud.provider,keyword,extended,,aws,Name of the cloud provider.
 1.6.0-dev,true,cloud,cloud.region,keyword,extended,,us-east-1,Region in which this host is running.
 1.6.0-dev,true,container,container.id,keyword,core,,,Unique container id.

generated/csv/fields.csv

@@ -499,6 +499,20 @@ cloud.account.id:
   normalize: []
   short: The cloud account or organization id.
   type: keyword
+cloud.account.name:
+  dashed_name: cloud-account-name
+  description: 'The cloud account name or alias used to identify different entities
+    in a multi-tenant environment.
+
+    Examples: AWS account name, Google Cloud ORG display name.'
+  example: elastic-dev
+  flat_name: cloud.account.name
+  ignore_above: 1024
+  level: extended
+  name: account.name
+  normalize: []
+  short: The cloud account name.
+  type: keyword
 cloud.availability_zone:
   dashed_name: cloud-availability-zone
   description: Availability zone in which this host is running.
@@ -542,6 +556,32 @@ cloud.machine.type:
   normalize: []
   short: Machine type of the host machine.
   type: keyword
+cloud.project.id:
+  dashed_name: cloud-project-id
+  description: 'The cloud project identifier.
+
+    Examples: Google Cloud Project id, Azure Project id.'
+  example: my-project
+  flat_name: cloud.project.id
+  ignore_above: 1024
+  level: extended
+  name: project.id
+  normalize: []
+  short: The cloud project id.
+  type: keyword
+cloud.project.name:
+  dashed_name: cloud-project-name
+  description: 'The cloud project name.
+
+    Examples: Google Cloud Project name, Azure Project name.'
+  example: my project
+  flat_name: cloud.project.name
+  ignore_above: 1024
+  level: extended
+  name: project.name
+  normalize: []
+  short: The cloud project name.
+  type: keyword
 cloud.provider:
   dashed_name: cloud-provider
   description: Name of the cloud provider. Example values are aws, azure, gcp, or

generated/ecs/ecs_flat.yml

@@ -653,6 +653,20 @@ cloud:
       normalize: []
       short: The cloud account or organization id.
       type: keyword
+    account.name:
+      dashed_name: cloud-account-name
+      description: 'The cloud account name or alias used to identify different entities
+        in a multi-tenant environment.
+
+        Examples: AWS account name, Google Cloud ORG display name.'
+      example: elastic-dev
+      flat_name: cloud.account.name
+      ignore_above: 1024
+      level: extended
+      name: account.name
+      normalize: []
+      short: The cloud account name.
+      type: keyword
     availability_zone:
       dashed_name: cloud-availability-zone
       description: Availability zone in which this host is running.
@@ -696,6 +710,32 @@ cloud:
       normalize: []
       short: Machine type of the host machine.
       type: keyword
+    project.id:
+      dashed_name: cloud-project-id
+      description: 'The cloud project identifier.
+
+        Examples: Google Cloud Project id, Azure Project id.'
+      example: my-project
+      flat_name: cloud.project.id
+      ignore_above: 1024
+      level: extended
+      name: project.id
+      normalize: []
+      short: The cloud project id.
+      type: keyword
+    project.name:
+      dashed_name: cloud-project-name
+      description: 'The cloud project name.
+
+        Examples: Google Cloud Project name, Azure Project name.'
+      example: my project
+      flat_name: cloud.project.name
+      ignore_above: 1024
+      level: extended
+      name: project.name
+      normalize: []
+      short: The cloud project name.
+      type: keyword
     provider:
       dashed_name: cloud-provider
       description: Name of the cloud provider. Example values are aws, azure, gcp,

generated/ecs/ecs_nested.yml

@@ -220,6 +220,10 @@
                 "id": {
                   "ignore_above": 1024,
                   "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
                 }
               }
             },
@@ -247,6 +251,18 @@
                 }
               }
             },
+            "project": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
+                "name": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            },
             "provider": {
               "ignore_above": 1024,
               "type": "keyword"

generated/elasticsearch/6/template.json

@@ -219,6 +219,10 @@
               "id": {
                 "ignore_above": 1024,
                 "type": "keyword"
+              },
+              "name": {
+                "ignore_above": 1024,
+                "type": "keyword"
               }
             }
           },
@@ -246,6 +250,18 @@
               }
             }
           },
+          "project": {
+            "properties": {
+              "id": {
+                "ignore_above": 1024,
+                "type": "keyword"
+              },
+              "name": {
+                "ignore_above": 1024,
+                "type": "keyword"
+              }
+            }
+          },
           "provider": {
             "ignore_above": 1024,
             "type": "keyword"

generated/elasticsearch/7/template.json

@@ -68,3 +68,34 @@
 
         Examples: AWS account id, Google Cloud ORG Id, or other unique
         identifier.
+
+    - name: account.name
+      level: extended
+      type: keyword
+      example: elastic-dev
+      short: The cloud account name.
+      description: >
+        The cloud account name or alias used to identify different entities in
+        a multi-tenant environment.
+
+        Examples: AWS account name, Google Cloud ORG display name.
+
+    - name: project.id
+      level: extended
+      type: keyword
+      example: my-project
+      short: The cloud project id.
+      description: >
+        The cloud project identifier.
+
+        Examples: Google Cloud Project id, Azure Project id.
+
+    - name: project.name
+      level: extended
+      type: keyword
+      example: my project
+      short: The cloud project name.
+      description: >
+        The cloud project name.
+
+        Examples: Google Cloud Project name, Azure Project name.